Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


Port Scanning 101

Author – Natalia Wadden

Matrix Reloaded, Bourne Ultimatium and a brief glimpse in Girl with the Dragon Tattoo – these are just a few movies which feature a port scanning technique called nmap.
Before we go to far, let’s define nmap.  It sounds glamorous, it must be, it is featured in at least 3 major Hollywood films.  Nmap aka Network Mapper is a security scanner that is used to detect hosts and services on a computer network – in short it can determine which ports are open, what the operating system (OS) and version is, services that are offered, and what firewalls are used – basically it can create a map of the computer network and hosts.

Nmap is portable, it can be used across multiple platforms, Windows, Mac and Linux, but it is most commonly used in Linux.  For this article, I will be using Kali Linux, it’s easy and many tools are already built into the OS.  My mentor described ports as windows in a building, which means that nmap is looking for the open windows aka ports.  So let’s dive in and scan our test machine and see if we can find any open ports.

Address: <http://www.adeptus-mechanicus.com/codex/contrib/nw-ps101/nw-ps101.php>

Published by natalia, on December 3rd, 2015 at 4:08 am. Filled under: GeneralNo Comments

Penetration Testing Showcase – DEICE-S1.140

Author – Raluca Blidaru

Are penetration testing phases different from the ones of a malicious attack? The answer is no. Both malicious attackers and penetration testers go through the same stages or phases in their attacks/tests:

1. Gathering Information phase. During this stage, as much as possible data on the target is collected (e.g. the target IP address range, domain name registration records, mail server records, etc.), to design the blueprint of the target.
2. Scanning phase. The target is scanned for entry points such as wireless access points, lnternet gateways, available systems, running services, vulnerability lists, and port listening. Other tests would check if default user IDs, passwords, and guest passwords have been disabled or changed and no remote login is allowed.
3. Gaining Access phase. Based on the vulnerabilities which were identified during scanning, attempts are made to access the system. To accomplish this task, one could use automated exploit tools, or legitimate information obtained from social engineering.
4. Maintaining Access phase. Once access has been acquired, attempts are made to escalate the privileges to root/admin and then to upload a piece of code (also named “backdoor”) on the target so that access to the target is maintained independent from the authorized entry points into the system/network. This will allow to connect to the target anytime.
5. Covering Tracks phase. This phase is same important as the previous ones, as leaving a mark can show how elevated access to protected resources can be obtained and this information can be later on maliciously be used by others with access to the system. This phase involves restoring the system to normal pretest configurations, which includes removing files, cleaning logs, registry entries, deleting the uploaded backdoor, etc.

Address: <http://www.adeptus-mechanicus.com/codex/contrib/rb-deice1140/rb-deice1140.php>

Published by raluca, on November 23rd, 2015 at 4:31 am. Filled under: GeneralNo Comments

Ashley Madison – some stats

Yes, the Ashley Madison dump happened. Yes, it has been verified (assuming you did not download one of the scam ones). No, I am not sharing it. The passwords hashes use bcrypt, so cracking them is not easy. But I did find some of the details around emails and people interesting. Now I have to say, ALM did not do any email validation so any email given could be false. Also what people write about themselves to look good is not always… the unvarnished truth. So keep that in mind and lets take a quick look:

UK Government (top 10):

3 blackpool.gov.uk
3 hants.gov.uk
3 hmrc.gsi.gov.uk
3 lambeth.gov.uk
3 lancashire.gov.uk
4 barnsley.gov.uk
4 leeds.gov.uk
5 hantsfire.gov.uk
5 hmps.gsi.gov.uk
7 london-fire.gov.uk

Read more…?

Published by erich, on August 19th, 2015 at 7:35 pm. Filled under: GeneralNo Comments

Security Quiz App

Security Quiz App
Author: Leo Ni

I have long thought there has to be a better way to educate people, something that is entertaining, but still informative. After I lot of reading I thought maybe a application that asked information security centric questions? With technologies available now I could create something that is cross-platform. Also if it was created well, it would be something that is scalable and can be adapted quickly to different scenarios and needs.

Link to article – Security Quiz App

Published by leo, on August 18th, 2015 at 3:11 am. Filled under: GeneralNo Comments

Symmetric encryption and guessing attacks

Author – Raluca Blidaru

In this posting I will be speaking through examples about a certain type of (in)security around the symmetric encryption: guessing attacks. Let’s start by defining the terms and the issue.

What is “symmetric encryption”? When the same password/passphrase is used for both encryption and decryption, then a method that is known as symmetric encryption, or symmetric-key encryption, is used. Symmetric algorithms, such as AES, 3DES, or BLOWFISH, are implemented to scramble the data and make it encrypted, or vice-versa, to make it readable after being encrypted. Passwords are used to generate the actual key that is further used to encrypt/decrypt the data.

Address: <http://www.adeptus-mechanicus.com/codex/rbsmenc/rbsmenc.php>

Published by raluca, on May 9th, 2015 at 10:40 pm. Filled under: GeneralNo Comments

Linkcat – A Brahmastra for security professionals

A few days back my mentor asked me to read a book “Stealing the network”. When I started, it first appeared as I am in some fantasy world. I was wondering should I take a step further see if everything written there is true? What if every command that is given there actually works as they say. With that excitement I couldn’t wait a minute longer, I did a small experiment that was used as a real hack in one of the chapters of the book.

Address: <http://www.adeptus-mechanicus.com/codex/hclnk/hclnk.php>

Published by harshal, on April 10th, 2015 at 3:19 am. Filled under: GeneralNo Comments

Ubuntu VM as Test Lab Gateway

I thought of writing this tutorial because I spent alot of time trying to get this thing to work. But when all other methods failed I tried with the basics and it worked like a charm. So what are we doing today? Well the set up that I have is simple:
Internet → External Firewall → Internal Firewall/Router → VMWare Esxi → A lot of vm machines 🙂

What was my objective? To have a separate network of VM’s that will not mess with my LAN
How to achieve? Actually there are various different ways. The ones I tried are as follows:

  1. DDWRT as a VM Appliance
  2. pfSense as a VM Appliance
  3. Any other router with x86 image as an appliance
  4. I chose Ubuntu 14.04 [✓]

Address: <http://www.adeptus-mechanicus.com/codex/hcvmu/hcvmu.php>

Published by harshal, on April 6th, 2015 at 1:49 am. Filled under: GeneralNo Comments

Marrying old technology with new technology! Use of your USB FM Transmitter

A few days back I wanted to listen to my music collection in my kitchen and it seemed like it was impossible. The music collection hosted on my music server in basement, the boombox in kitchen had everything but bluetooth, I stopped using cd’s long back and the other music player that I have that has bluetooth seemed like a pain first pairing the device with my phone and then getting it to play.
So my problem was how to play something and make it available in every room. Eureka! so what I did is I bought this $50 FM transmitter from Hi-Fast. It’s an amazing piece of hardware as it is very powerful in terms of transmitting FM signal.

Address: <http://www.adeptus-mechanicus.com/codex/hcmpd/hcmpd.php>

 

Published by harshal, on March 9th, 2015 at 12:27 am. Filled under: GeneralNo Comments

Hashdumps and Password – Update

13-May-2014: Lots of updates – (a) most importantly, I want to thank @Losthash (from losthash.com),  @OxAlien, @m3g9tr0n, Mr “emkei.cz“, and @wpacrack 🙂 for much appreciated help and contributions, (b) extra analysis reports, (c) added “TomSawyer“, “OpSea“, “Slyck“, “Aha“, “Forbes“, (d) started adding in “what’s left” files and (e) split the pastebin hashes off since that grows almost daily and (f) and lots of progress.
14-May-2014: Up to and including this update, I have been using hashcat and CPU cracking. Thanks to Leo I am now able to use oclhashcat with some R9 GPU’s. So I am reworking my workflow a bit and making much better progress on the salted hashes.
Address : <http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php>

Published by erich, on May 15th, 2014 at 3:32 am. Filled under: GeneralNo Comments

DNS Tunneling with Iodine

I have had the privilege of travelling around the world a bit (for work, but still) and I have seen many “public” internet setups that require registration and/or payment. Some of these I have no problem with, but I have found a lot that try to get you on with false advertising or refund offers that go nowhere. And sometimes, for various reasons, it may not be a good idea to register. For those times, you may still be able to connect and one way of doing that is tunnelling data through DNS packets. This is where “iodine” comes in, it is used as both server and client. Because in this type of setup you do need your own server to connect to and then outwards from there. Lets take a look..
Address : <http://www.adeptus-mechanicus.com/codex/dnstun/dnstun.php>

Published by erich, on September 16th, 2013 at 12:08 am. Filled under: GeneralNo Comments