Tuesday, March 22, 2011

hardening linux - ubuntu distro

Reconfiguring shared memory
Load your favorite text editor, open the file "/etc/fstab" and add the following line of code:
· tmpfs /dev/shm tmpfs defaults,ro 0 0

Disabling SSH root login
Load your favorite text editor, open the file "/etc/ssh/sshd_config" and add change the following line of code:
· PermitRootLogin yes to PermitRootLogin no

Limiting access to the "su" program (this is done by default in Ubuntu)
*****MAKE SURE YOU ARE PART OF THE ADMIN GROUP****
Open the terminal by clicking "Applications" selecting "Accessories" and choosing "Terminal." From there enter the commands:
· sudo chown root:admin /bin/su sudo
· chmod 04750 /bin/su

System/Server Hardening Checklist

Here is the larger recommended list (although most are not necessary unless your looking at a server or lab environments).

1. Disk Partitions and Mounting

1. Separate /home, /tmp, /var/tmp from /root partitions (If only if the machine has frequent access from general user except administrator).
2. Change mount options in /etc/fstab to limit user access on appropriate filesystems.
· Using noexec instead prevents execution of binaries on a file system

This is not good if you have programs to be executed Data partitions are good for this. Its used often for partitions serving Apache.

· Using nosuid will prevent the setuid bit from having effect.

SUID stands for Set User ID. This means that if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application. That means in case I have an application whose owner is ' root ' and it has its SUID bit set, then when I run this application as a normal user, that application would still run as root. Since the SUID bit tells Linux that the the User ID root is set for this application and whenever this application executes it must execute as if root was executing it (since root owns this file). Disabling this for a drive prevents this operation.

· The nodev option prevents use of device files on the filesystem.

This option would be recommended for CDs and NTFS file systems generally speaking. But it can have options to lock down a system preventing breaching by simply creating hda1 or sda1 devices that are writable by all.

2. Physical Security
Typically used in lab environments or where a server in not in a completely secured location.

1. Configure BIOS.
· Disable booting from CDs/DVDs, floppies, and external devices.
· Set BIOS password to protect the settings.
2. Set a password for the GRUB bootloader.
· Generate a password hash using the command / /usr/sbin/grub-md5-crypt. Add the hash to the first line of /boot/grub/menu.lst as follows:
password --md5 passwordhash
· Remove rescue-mode boot section from /boot/grub/menu.lst

3. Keep Software Up to Date
Upgrade through the Ubuntu Repository Network to apply upgrade automatically. Security updates should be applied as soon as possible.
Create the file apt.cron, make it executable, place it in /etc/cron.daily or /etc/cron.weekly, and ensure that it reads as follows:

#!/bin/sh
/usr/bin/apt-get update

This can have a side effect of breaking some dependencies.

4. Detecting listening network ports & Closing open ports and services
Detecting listening network ports
For a list of network ports that are open you can use the following commands:

# netstat -tulp or lsof -i -n | egrep 'COMMAND|LISTEN|UDP' or just a port scanner (nmap) 9

Closing open ports and services
To get a list of running services you can execute the following command: sysv-rc-conf --list | grep on
To disable a running service you can execute the command: sysv-rc-conf service name off
and then you should stop this service from running by executing: /etc/init.d/service stop.

5. Disable SUID and SGID Binaries
To find SUID and SGID files on the system, use the following command:

# find / \( -perm -4000 -o -perm -2000 \) –print

SUID or SGID bits safely disabled (using chmod -s filename) unless required for other program.

6. Configure and Use TCP Wrapper
Configure the TCP Wrapper library to protect network daemons that support its use by adding appropriate rules to /etc/hosts.allow and /etc/hosts.deny.

NOTE: tcp wrappers only works for services that inetd starts. Sendmail, apache, and named do not use inetd, and so they are not protected via tcp wrappers.

7. Configure and Use AppArmor
AppArmor is installed and loaded by default in Hardy. Some packages will install their own enforcing profiles. Active profiles for LAM Server:
· usr.sbin.mysqld
· usr.sbin.apache2
All activity will be logged by auditd and saved to /var/log/audit/audit.log

Some excellent advice on this is available in the stickies threads here.


8. Rdate or NTP (To keep your server date up to date)
Create the file /etc/cron.d/rdate with the following line:
15 * * * * root /usr/sbin/rdate -s content

for NTP
Create the file /etc/cron.d/ntp with the following line:
15 * * * * root /usr/sbin/ntpdate server

9. Configure or Disable SSH
- Disable it when not required.
- If SSH is required, ensure the SSH configuration includes the following lines:

· PermitRootLogin no
· Protocol 2

- If possible, limit SSH access to a subset of users. Create a group called sshusers and only add the users that need remote access. Then, add the following line to /etc/ssh/sshd_config:

· AllowGroups sshusers

Edit /etc/group find sshusers and add allowed users.

10. Disable IPv6
- Disable it when not required.
Edit the following line from /etc/modprobe.d/aliases:

· Find the line: alias net-pf-10 ipv6
· Edit this to: alias net-pf-10 off ipv6
· Save the file and reboot

11. Disable Compile ·
Add compiler group: /usr/sbin/groupadd compiler
· Move to correct directory: cd /usr/bin
· Make most common compilers part of the compiler group

chgrp compiler *cc*
chgrp compiler *++*
chgrp compiler ld
chgrp compiler as

· Set access on mysqlaccess

chgrp root mysqlaccess

· Set permissions

chmod 750 *cc*
chmod 750 *++*
chmod 750 ld
chmod 750 as
chmod 755 mysqlaccess

· To add users to the group, modify /etc/group and change compiler:123: to compiler:123:username1,username2 ('123' will be different on your installation)

12. Root Notification
Edit .bashrc under /root to get notified by email when someone logs in as root and add the following:
echo 'ALERT - Root Shell Access (Server Name) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" admin@myhost.com

13. Securing History
chattr +a .bash_history (append)
chattr +I .bash_history
Get your users know that their history is being locked and they will have to agree before they use your services.

14. Using Welcome Message
Edit /etc/motd and put the following banner to be displayed:

WARNING !!!
This computer system including all related equipment, network devices (specifically including Internet access), are provided only for authorized use.
Unauthorized use may subject you to criminal prosecution. By accessing this system, you have agreed to the term and condition of use and your actions will be monitored and recorded. □

15. Chmod dangerous files
chmod 700 /bin/ping
chmod 700 /usr/bin/who
chmod 700 /usr/bin/w
chmod 700 /usr/bin/locate
chmod 700 /usr/bin/whereis
chmod 700 /sbin/ifconfig
chmod 700 /bin/nano
chmod 700 /usr/bin/vi
chmod 700 /usr/bin/which
chmod 700 /usr/bin/gcc
chmod 700 /usr/bin/make
chmod 700 /usr/bin/apt-get
chmod 700 /usr/bin/aptitude

16. Specify TTY Devices Root is allowed
vi /etc/securetty
Leave only two connections:
tty1
tty2

17. Choose a secure password
This is generally a good tip, this fix however applies to people using pam to authenticate to LDAP or AD.

vi /etc/pam.d/common-password
change the detail from this:
password requisite pam_unix.so nullok obscure md5
to
password requisite pam_unix.so nullok obscure md5 min=8
Change min=8 with your company password policy length.

18. Checking for Rootkits
Install it from Ubuntu Repository:
# apt-get install chkrootkit
You can run it with the following command: ./chkrootkit
Now we are going to add it to contrab to schedule daily automatic scans in the system:
vi /etc/cron.daily/chkrootkit.sh and type
#!/bin/bash
# Enter the directory where the rootkit is installed
cd /root/chkrootkit/
# Enter your email address where you want to receive the report
./chkrootkit | mail -s "Daily chkrootkit from Server Name" admin@myhost.com

Now change the file permissions so we can run it: chmod 755 /etc/cron.daily/chkrootkit.sh
To give it a try you can run the chkrootkit.sh file manually from /etc/cron.daily directory and you should receive a report to the email account you provided.

19. Hardening your Kernel (sysctl.conf)
Instead of doing this manually use a pre hardened kernel like selinux.

20. Disable unnecessary PHP variables
Edit /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini

Turn off these variables:

allow_call_time_pass_reference = Off
magic_quotes_gpc = Off
register_long_arrays = Off
register_argc_argv = Off
allow_url_fopen = Off
expose_php = Off
disable_functions = symlink,shell_exec,proc_close,
proc_open,dl,passthru,
escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,
apache_get_modules,apache_get_version,
apache_getenv,apache_note,apache_setenv,virtual, phpinfo

21. Apache Hardening
- Edit /etc/apache2/apache.conf

- Turn off these variables:
TraceEnable off
- (Disable apache root access)
[directory\]
Order deny,allow
Deny from all
[/directory]

- Enable Module ( /etc/apache2/mods-enable/ ):

alias, auth_basic, authn_file, authz_default, authz_groupfile, authz_host, authz_user, autoindex, dir, env, mime, mod-security2, negotiation, php5, rewrite, setenvif, ssl, unique_id

- Edit /etc/php.ini

Find disable functions and edit as below:
disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source

Hardened Kernel Variables ( /etc/sysctl.conf )

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

#Prevent SYN attack
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2

# Disables IP source routing
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.eth0.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.lo.log_martians = 1
net.ipv4.conf.eth0.log_martians = 1

# Disables IP source routing
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.eth0.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Modify system limits for Ensim WEBppliance
fs.file-max = 65000

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack ( Need to turn on for traffic to internet)
#net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Set maximum amount of memory allocated to shm to 256MB
kernel.shmmax = 268435456

# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

# Increase the maximum memory used to reassemble IP fragments
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 57344

::resource:: http://ubuntuforums.org/showthread.php?t=1002167 -

Friday, September 18, 2009

Faster Backup Under Linux Just using LiveCD

There are a lot of tools to make a full image of your hard drive and save it to an external storage or in a remote host, but the true is we can create a image of our hard drive just with a linux live CD and the dd command.

BACKUP

1. Just boot with a linux live CD, if you lack of a CD-ROM Drive, then you can create a USB bootable stick with a linux image and boot from it.
2. Mount you external storage, for instance mount -t ext3 /dev/sdb1 /media/images. NOTE: just the destination drive have to be mounted, not the source drive.
3. Once you are running the Linux OS, if you found that your hard drive is /dev/sda for instance, then run:
#dd if=/dev/sda of=/media/images/disksda.img
#cd /media/images/
#bzip2 disksda.img
<- if you want to compress it.
Now if you want is to create a image just from a partition then change the if=/dev/sda by if=/dev/sdaX, where X is the number of the partition, for instance:
#dd if=/dev/sda1 of=/media/images/disksda1.img
#cd /media/images
#bzip2 disksda1.img

Sometimes we want to move this image directly to other remote host with linux and ssh running on it and a user called "user", the we can do this:
#dd if=/dev/sda of=/dev/stdout bs=1M | bzip2 | ssh user@IPofRemoteHost "cat - > disksda.img.bz2"
this read the /dev/sda hard drive, the send this data to the standar output and compress it in the RAM, take the standart ouptut compressed and using the ssh write it in the remote host in a file called disksda.img.bz2

RESTORE,

1. Just boot with a linux live CD, if you lack of a CD-ROM Drive, thenyou can create a USB bootable stick with a linux image and boot from it.
2. Mount you external storage, for instance mount -t ext3 /dev/sdb1 /media/images. NOTE: just the source drive have to be mounted, not the destination drive.
3. Once you are running the Linux OS, found your hard drive name and restore on it, for instance /dev/sda.

to restore from the remote host do this:
#ssh user@remotehost "cat - > disksda.img.bz2" | bzip2 -dc | dd if=/dev/stdin of=/dev/sda bs=1M
to restore from the external storage:
#dd if=/media/images/disksda.img of=/dev/sda
or to restore the partiton image doing:
#dd if=/media/images/disksda1.img of=/dev/sda1
remember to uncommpress the bzip2 file first if it is compressed.

Sometimes the first hard drive is called /dev/sda, sometimes /dev/hda thats why you have to check how the linux call your hard drive.
To clone a hard drive into a second one, just us of=/dev/sdb or whatever the name of the second drive is, without mount any drive.
Partition table is created, MBR is created, but the external drive in size have to be equal or bigger than the drive to be copied.
If you have a question about it, please first read this:
LinuxQuestion.org, dd for backups.


Reference:
Backup HOWTO
My delusional dream
linuxquestions.org

Saturday, March 7, 2009

altDrag work with Window/

Linux-style window dragging in Windows with AltDrag

kalau dah terbiasa ngan Linux... well you guys really want things also work in window.. Some feature I really terbiasa with linux when i'm going back to windows environment... I really find it difficult to move around the active window... SO here you could use alt and mouse 1 to dragging and move around the active window anywhere in that particular window.. it's a small bits size of software..

Read more and get the download here,

http://code.google.com/p/altdrag/

Here the latest news about it.. it's still new so it's kind of buggy.. but so far, it haven't broke my heart.

http://altdrag.googlecode.com/svn/wiki/feed.xml

Monday, March 10, 2008

HITBSecConf 2008

HITBSecConf 2008 Dubai

Even security conference aku sik pat pegi.. sekda sponser mok spon.. bila cita pasal tok semua takut, macam threatening ajak.. anyway this information bagus pakei sidak semua understand apa kejadah benda tok..

Registration dah close dah...
14th – 15th April 2008 event
Date:
Item: 5-Tracks Hands-On Technical Training Sessions
Time: 9am to 5pm
16th – 17th April 2008
Date:
Item: Security Conference and Exhibition
Time: 9am to 5pm
16th – 17th April 2008
Date:
Item: Capture The Flag and Zone-H Hacking Challenge
Time: 9am to 5pm
Venue: Sheraton Dubai Creek
Dubai,
U.A.E.

Sepa patut hadir : Anyone who is responsible for the security and privacy of information should attend including: CEO, CIOs, CTOs, VPs of Technology and Network Systems, Directors of IT, Directors of Technology, Systems Architects, Network Administrators, Network Security Officers, ISOs, Financial Managers, System Developers, Network Security Specialists, Security Consultants, Risk Managers, and System Administrators.

p/s tambahan.. dan orang yang minat wakakaka... ops.. sory no wakaka agik la.. :-)

Speakers nok datang molah speak or lecture or bla bla or merapu...

1. Adrian ‘pagvac’ Pastor (Senior Security Researcher)
2. Alessio ‘mayhem’ Pennasillico (Security Evangelist, Alba S.T. s.r.l.)
3. Alexander Kornbrust (Founder, Red Database Security GmbH)
4. Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)
5. Cesar Cerrudo (Founder, ArgenISS)
6. David Houlton (Independent Network Security Researcher)
7. Dino Covotsos (Managing Director, Telspace Systems)
8. Domingo Montanaro (Manager of Research & Development, Scanit Middle East)
9. Ero Carrera (Reverse Engineering Automation Researcher, zynamics GmbH)
10. Fetri Miftach (Principal Consultant, PT. Bellua Asia Pacific)
11. Jamie Butler (Coauthor of Rootkits: Subverting the Windows Kernel)
12. Marc Weber Tobias (Investigative Attorney and Security Specialist)
13. Michael Thumann (Chief Security Officer, ERNW GmbH)
14. Petko D. Petkov [pdp] (The Architect)
15. Raoul Chiesa (Board of Directors Member @Mediaservice.net, ISECOM Group & TSTF)
16. Rodrigo Rubira Branco (Lead Security Researcher, Scanit Middle East)
17. Shreeraj Shah (Director, BlueInfy)
18. Skyper (ex-Phrack Magazine Editor in Chief / Member, THC)

TECHNICAL TRAINING TRACK 1:
ADVANCE WEB APPLICATION & SERVICES HACKING
Trainer: Shreeraj Shah, Director, BlueInfy

TECHNICAL TRAINING TRACK 2:
WIRELESS & BLUETOOTH SECURITY
Trainer: Dino Covotsos, Director, Telspace Systems

Introduction to Wireless Hacking
Wireless Protocols and Architecture
Network Mapping and Wardriving
Methodology for securing wireless networks
Wireless hacking tools and attacks
Defending against wireless hacking
Introduction to Bluetooth
Bluetooth vulnerabilities overview
Bluetooth hacking tools and techniques
Defending against Bluetooth attacks

Aku rasa module training tok maybe banyak dapat sambutan.. banyak dah orang effort laptop ngan smart phone or pda phone. :-) 3.5G pun sik lamak agik implement maybe dalam bulan 10 2008 tok.. WLan and wiwi bila agik? mesia kan ada full coverate satellite, bagilah orang local pakei, iboh disewa deh... mok buat revenue ajak... lelah jak undi sari ya T_T;

TECHNICAL TRAINING TRACK 3:
STRUCTURED NETWORK THREAT ANALYSIS AND FORENSICS
Trainers: MelingMudin (spoonfork) & Lee Chin Sheng (geek00l)

mm memang rasanya OnDemand juaklah digital forensic kinek tok, macam ada attention jak kat mesia sejak dua menjak tok, maybe banyak kes kot.. sebelum tok pun banyak kes, sebab banyak orang sik merepot ajak.. apa sidak madah tek... sik kuasa bah... so far okey lah. maybe datang in handy untuk incoming kerajaan pun projek dalam bidang bioinformatic... dengar - dengar dah ada peruntukan buat R&D kat universiti.. well maybe info aku optimistic ngan sik betul, someone check it out la..

TECHNICAL TRAINING TRACK 4:
TELECOMMUNICATIONS FRAUD

Topics Covered:
  • Introduction to fraud
  • Fixed Network Fraud
  • Mobile Network Fraud
  • Subscription Fraud
  • Partnership fraud
  • Content & Added value services fraud
  • Fraud detection & prevention
Fraud, real thing to make money.. so far untuk 2008, apa jak fraud aku kenak oleh sidak frauder...

1. aku terimak sms dari petronas madah dapat hadiah berupa $$$ best nya.. sangsi juak aku... macam ne nya tauk nombor telefon aku, last thing aku buat pasal petronas, aku ada register ajak lah... now macam leak ajak information ya.. mmmmm muskil - muskil. sik patut kebetulan... nevermindlah.. buat lah apa sidak suka.. bukan senang dunia akhirat pun... bukan petronas, tapi kepada orang nok molah fraud ya lah., nok terimak rasuah, nok sik amanah. kat petronas.com ada announce ada pasal sms fraud tok juaklah FYI....
2. ahhh email aku kenak spam.. mala jak kenak invite mok molah connect back lah ya...mok curi cookie, mok curri session, mok redirect ke phising site.. mmmm rajin juak kerja sidaknya.. ada ka patut aku nok sekda sen, cuba lah molah kat orang nok ada sen ya ada lah pedahnya...

so far seingat aku lah 2 benda tok dalam 2008 lah.. ya pun dalam tempoh 3 bulan.

TECHNICAL TRAINING TRACK 5:
HACKING & HARDENING ORACLE

Trainer: Alexander Kornbrust, Founder, Red Database GmbH

  • Introduction
  • Oracle Basics (Oracle Architecture, Oracle Products, Oracle Features) -> Exercise: connect to the database, use sqlplus, sqldeveloper
  • Passwords -> Exercise: Find passwords, crack Oracle database passwords
  • SQL-Injection (Web, Database, C/S) -> Exercise: Privilege Escalation via SQL Injection, Information Retrieval via SQL Injection
  • Hacking mod_plsql -> Exercise: Hack mod_plsql Apps
  • Google Hacking for Oracle -> Exercise: Find vulnerable websites with Google
  • Hardening Oracle 10g R2
  • PL/SQL Programming Basics (Execute programs, read/write files) -> Exercise: Create files, read files, execute programs, ...
  • PL/SQL-Source-Code Analysis -> Exercise: Find Security bugs in PL/SQL code
  • Oracle Client attacks -> Exercise: modifying startup files, finding passwords, ...
  • IDS Evasion -> Exercise: Bypass Snort and other Oracle IDS
  • Oracle Rootkits& Backdoors -> Install and detect RK
  • Oracle Forensics ->Excercise: Analysis Logfiles, Audit-log
  • Oracle Capture-The-Flag
sik abis - abis jak pasal sql tok? pkq dah lenyap tek...dapatkan patch terkini kat oracle.com mmm i think la... so far exploit ada disclose nok makei oracle version 9, check out lattest oracle product pakei updates available...

reference :
http://conference.hitb.org/hitbsecconf2008dubai/confkit.pdf

Aik dah abis ka? blum.. ada agik, incoming base kat malaysia agik, jeng jeng jeng....

HITBSecConf 2008 Malaysia - Student CtF


Incoming kat Malaysia... yeee.. maybe dapat pergi lah waktu tok.. lagikpun dekat... mok kolek duit form team pasya try register dapat shortlisted ka sik join comp tok...

Event Date: October 2008 * maybe lar.. macam dah comfirmed ajak tarikh tok..ada kata julai ada kata september .. tengoklah.. bila ada info agik, check url nya

Venue: Westin Hotel, KL
URL: http://conference.hitb.org/

Student Capture the Flag Details: 0_o?, kenak mok CTF, kenak sik CT$$$ :-)

Objective:

  • To provide a secure environment for students that have interests in network/computer security to test their skills againsts each other.
  • Cost per team: Fee Structure: MYR1000 / team of 3 students. Universities / Colleges that takes up a booth (MYR 10,000) are entitled to send in 1 team FOC. Maximum of 2 teams per University / Colleges.
  • Prizes: 3 months Internship with some of the world's leading Fortune 500 IT companies - Listing to be announced by June / July
@===)(//////h/3/4/d/|-|/u/n/t/3/r////////>

kamekorang mok form headhunter team eh for this hitb challenge this October 2008... sik kan orang sawak tanam pokok ajak, mok juak ada celik technology yo juak!!

Well rata - rata apa jak related dalam pembelajaran untuk conference 2008 tok, boleh lah dikompilasikan macam ya.. rasanya kat KL kelak pun lebih kurang sama module mok dipresent para speaker. Sepa jak speaker datang kat mesia kelak? wait for next blog lah bila dah nak dekat2 hari ya kelak...

Anyone nok ada experinces dalam ngekot comp tok, sila - sila lah share info ngan knowledge by leaving something kat comment k, thx

Monday, October 15, 2007

apa benda tok

wah... black hat, black metal, underground,... yin yan, grey hat will maintan balance antara whithat ngan blackhat..... duit singgit ya kita makei bluehat... :-)
.. advance agik eh dari redhat kalik...wakakakakak..

mok pegi session tok eh..

Monday, October 8, 2007

Hakin9 issue 1/2007(1) vol.1



Oleh kerana review dan toturial dah berlambak dalam english dan bahasa
melayu, aku rasa nak buat dalam bahasa dialek swk.

dislaimer, this blogs for education purpose and pentest. mun mok
ngetes, please buat lan ngan server-client box kitkorang, mun sik pat
lebih pc, makei virtualization. Go fetch qemu, virtualbox, pearpc,
vmware. Ok.
Vmware works fine with me.

tok rebiu aku pasal zine tok. tok zine palin best untuk tempoh enam
bula 2007. Very crazy yet efektif dan praktrikal approch.

Nok paling ketara, google searching secret ngan. advance search tok
memudahkan pentest kita even untuk audit security. banyak site
mendedahkan subdirectory nok sekda index file ngan access directory ya
viewable and writeable. Attack paling ketara xss take this advantage.
Bukan ya ajak, google search tok reveal how simply is it to access
computer orang. Dan tok treat kepada kebanyakan kompeni sebab teknik
belajar tok sik perlu tauk gilak pasal komputer tapi mudah agik kat
orang nok tauk apa dipolahnya. Contoh exploitation maybe cctv. Bila
orang sekda authority dapat access, sidak leh ngecheck ada orang ka
sik kat sesuatu premis ya dan cctv data feeds ya tadik just terminat
ajak. mun kitakorang malas nak carik or baca article treats cctv.
Solusinya update deamon kitakorang dan set pasword tuk terhadkan
access. kitakorang leh tengok ngan mata sendiri melalui youtube,
keyword or tags, google hacks.
contoh operator advance google search;

site, link, allintitle, allinurl, related, "", '',
Contoh makeinya
intitle:"index of"

apa resultnya, resource information, data, nok dibuat oleh googlebot,
sempena untuk crawling website nok connected ka www. Untuk ngelak
daripada kenak crawl oleh googlebot, kita leh taruh nobots.txt

banyak ditunjuk dalam zine tok pasal google hacking, dalam bentuk
ilustrasi nok step by step. Ada beberapa pages dalam zine tok nerang
kita pasal google hack.
Untuk lebih lanjut agik kitakorang leh dapat source pasal google hack
dari johnny.ihackstuff.com. Mun kitakorang pikir nak dapatkan software
auditing, kitakorang leh dapatkan acunetix, nya ada database resource
daripada johnny.ihackstuff.com, dan updates terus leh buat auditing
makei acunetix ya tek. In linux, kitakorang mok tengok into xXx
scripts 0_o;

zine tok juak ada cita pasal dns cache poisoning, mendedahkan macamne
pharmig method, macam molahnya dan macam ne kita ngelak darinya.

kitakorang juak akan dapat tauk sikit cerita spam email. macam ne
attacker spam email makei email server nok sik secure dan macam ne
kita ngelak server kita jadi relay spammer. Mun kitakorang perna ada
server, kitkorang tengok log acces, mesti ada probing ke email server
kita mok establish connection untuk relay atau proxy via ip kita.
Natijanya, server kita akan jadi pengantar email nok bukan daripada
kita mpun. Tok perlu kita ambik tauk, sebab apa - apa attack masa tok
lebih kepada email based. Contohnya, xss, phising, mitm, reverse dns,
reverse engineeing, dan banyak agik boleh digunakan dalam email even
maleware spreading zombie (trojan+worms), worms dan macam - macam
agik.
bukan ya ajak, spam email juak dipakei untuk kita jadi anoymous kat
mana buletin board, video server macam youtube, web 2.0 community
portal dan sebagainyalah nok perlu email account.

Bluetooth connection security, another wireless treats selain
wardriving and trashing. Kita dapat rasa tok threat nya sik lama agik
bila kita semua rely on digital smartphone, pdaphone, contoh UMPC,
htc. Signal ya leh di intercept sama juak prinsip macam wifi, wimax,
haps and satellite..

Ada banyak agik dalam zine tok,
Ada article pasal safe storage untuk data confidential kitakorang.
Macam ne encrypt or macam ne permenantely rubish benda ya.

komand dibah tok basik encryption, pastikan kitakorang main - main nga
sytaxnya utuk biasakan dirik, sik pasal - pasal kitakorang pun
documant sik pat dibukak. why nya safeguard kita pun data? bagusnya,
software encryption tok free, oleh kerana nya non user friendly, os
attention pun kurang. Mun dari segi window, leechers le ambik masa
sari ajak untuk crack window encryption. :-)
$ gpg --output failencryptkamek -symmetric \ --cipher-algo TWOFISH
databelanjakamek.xls

Lepas kitakorang encrypt, ada dua file, sigek fail nok encrypted hasil
daripada nok kita polah dari data original databelanjakamek.xls,
kitakorang sik perlu agik data origninal sebab kitakorang dah buat
encrypted mpun. Delete file macam
$ shred -n 35 -z -u databelanjakamek.xls

Untuk decrypt file tok
$ gpg --output failendecryptkamek --decrypt databelanjakamek.xls

ada beberapa agik teknik nok bagus dalam zine ya, untuk encrypt
directory ngan encrypt filesystems. Selain ya juak, macam ne mok
generate keys makei gpg, tok untuk kita telly file distriubte kita kat
internet semacam validasi file ya tek. Mun kitakorang biasa ke
souceforge, banyak software application kinektok disertakan generated
key, ya salah satu contoh apa guna key ya. Tujuannya pengesahan,
kitakoang simok dapat software nok dicrack maksudnya, ada reverse
egineering dalam kod asal untuk molah benda sebaliknya. Contohnya,
jump if equal kita leh buat jump if not equal so apa - apa resultya
leh direverse menyebabkankan security kitak dah diteloransi. Mun mok
tauk lebih lanjut agik apa benda crack or RCE kitakorang mok tauk
pasal shellcode exploits. Crack software dalam software windows banyak
shellcode, :-) most of the time codenya direverse untuk establish
connction or pawn targetnya, mun dah kenak pawn game over :-0,
dokument, financal, account info, semua gambar, video confidential
kitakorang didownload.


robot wars - macam ne botnets berfungsi, mun kitaoang kaki irc,
kitakoang berminat ngan benda agobot.
Dalam section tok juak, kita dipadah macamne host infected dan
dicontrol. Selain ya kitakorang dapat tauk macam ne mok ngambik
langkah berjaga - jaga ngan macam ne mok respond kat bot infestation.
section tok juak cita pasal macam ne maleware berjalan macam ne
makanisma DDoS ngan basic tcp/ip, dns, irc.


Voice over ip securiy - sip ngan rtp protocal. Macam blutooth, wifi
juak tapi tok lebih kepada communcation, macam handphone, whereas
perbualan kita leh dirakam. actually lamak - lamak tok pun perbualan
kita leh ditraceback, asalkan sim card kita agik ada. Gsm hacks ada
reveal prof of concept gsm data leh retrive. Tok bagus untuk forensic,
makei trace call, just article tok reveal macam ne orang nok advance n
ada knowledge tok ada potential untuk exploit service gsm ya. :-) zine
tok juak bagi cd live aurex linux free. Bagus, kernal nya support
resolution tinggi juak.
Makei gui kde. Mun kitakorang suka nya pun style leh install dari cd
bootable ya tek terus ke hard disk.

Zine tok juak ada article pasal penetration test. Nya cita pasal
tcpdump, nmap, amap, nessus, ettercap. semua utilities tok, very basic
and commonly used kat nix machine. Tok free ajak, kitakorang leh check
blog aku untuk article ngan url. Just imagine, tools nok advance agik.
untuk tujuaan pentest tok, kitakorang leh ke site
http://mypentest.blogspot.com


mostly dalam xine edition haking issue 1 tok reveals nok paling asas
dan commonly used. memang puas mun beli zine tok.
Tok expose nok paling best skalik lah bagi aku. sebelum tok,
resourcenya kat site versi cd kompilasi live cd nya sik disertakan
dengan utilities tapi versi livecd sebelumnya ada.
Versi seterusnya ada include starterkit utilities. Mun kitakorg pernah
ada hackingexpose book, aku rasa kompilasi nya lebihkurang macam ya
juaklah. Toolsnya lebih kurang sama juak.
Dalam first issue tok lebih banyak expose nyerang tapi ada juaklah
disertak ngan macam ne defend balit. next issue on april 07 sidaknya
akan cita pasal defending. lebih kepda firewall.

Pharming - DNS cache poisoning attacks
Macam ne pharming
Macamne nyedia dns cache
Macamne kita lawan balit pharming
Ngan kita leh tauk dns ne nok lebih bait agik.
Kitakorang mun suka part tok, leh asah pengetahuan kitkorang pasal dns
protocol, iso/osi reference model, ngan shell programming.


Software direkomen zine tok
Eltima keylogger - p/s trend kinektok makei usb keylogger, check it out
password generator professional 2006
steganous internet anonym vpn - makei kedak proxy. Tapi berbayar. Mun
kitakorang simok ips kita sniff or analyze or mitm, kitakorang leh
apply toklah. Usd 14.95 sebulan vpn 25 igek, or usd 99.95 untuk 300
vpn ngan 25 GB traffic selamak 12 bulan. Kitkaorang mok cuba
proxify.com juak
Mun mok nok free keyin kat google, carik "open proxy" ada banyak list,
but recently makin kurang.

duh.. Bnyak na juak mok ditype tok.. ada ndak ka orang baca.. hehe.. anyway.. Mun mok lebih specifik faham zine tok, beli lah.. or email me beli dari saya..hohohoh....

Thursday, November 13, 2003

lxf45 october 2003 review

"Bismillahirahmanirahim"

Dalam tok zine tok highlight pasal macam ne mok speed up linux. Kira tweaking lah.

Nok lain di highlight apa
- agik pasal mozilla
- cita pasal zend studio 3
- webserver ne satu nok best
- Pasal server school, macam ne mok buat projek kat sekolah makei linux

selain ya ada juak review pasal
- News
- Mailserver
- Armari Opteron server 64 bit
- Yellow Dog 3.0 review - linux on Apple mac
- SNAP Graphics 2.0
- Revolution 2.0
- Scribus 1.0
- Infomap Navigator
- OpenGroupware.org
- Book review on FreeBSD, Cryptography, - Java & ada macam - macam agiklah.
- HotPicks software lxf
- What on earth BSD?
- Red Hat Package management
- Compiler writing - makei flex ngan Bison
- Blender tutorial
- Gimp tutorial
- PHP tutorial
- Answer kat previous questions.

Aku beli nok CD bukan DVD.
kat dalam cd ya ada FreeBSD 4.8 Unix-alike distro, stabil juak nya pun OS, mostly basic utilities dalam ya.

Okey aku just buat review nok best ajak, nok dihighlight.

native savage released
pasal real time strategy game pakei linuxers gamers. Okey juaklah, ada juak orang mok molah game makei linux, mun makei wine susah lak, masih buggy agik. nevermind lar, maybe masa datang lak ada software makei emulate nya macam ps emulator ya.

Armari RM-064-1AE 1U Opteron Server
Slim na server tok eh.. best mun ada kat rumah tok.. hehehe.. benchmark nya

hd 3.63
ab 7.33
mysql 0.70
compile 2.14
oggenc 4.81
Overal 3.72

Verdict
Features 9/10
Performance 9/10
Ease of use 9/10
lxf zine rating 9/10

aku pun rating macam best juak eh.. aku sikda hardware tok aku sik tauk mok rating macamne..

nya ada semua connectivity peripheral - keyboard, mouse, VGA, 2 USB sockets ngan 2 egik Ethernet ports, owh ngan dua Broadcom gigabit LAN cards nestling kat dalam.

Yellow Dog 3.0
wah Linux leh jalan kat PPC / PowerPC / APple deh.. mesti laju agik, sik sangup aku tengok apple ya.. biarlah aku makei pc ajak untuk FC tok. Distro linux lain boleh dipakei kat PPC macam Debian, Mandrake ngan Gentoo.

Scribus 1.0
Mun kitakorang orang office mpun, scribus tok macam publisher juak. Mun kerajaan ngecheck licence publisher kitakorang, kitakorang leh install scribus 1.0 tok, nice juaklah walaupun agik baru versi 1. Deh.. jangan expect nya perfect, but useable lah.

InfoMap Navigator Europe
Ada juak dipolah benda tok, ala - ala map online, mun sik silap terhad kat Europe map ajak.

Zend Studio 3.0
Tok php editor, muh kitakorang suka php and yes mostly php banyak pakei kat CMS opensource. Editor tok simply bagi environment programming nok kemas agik daripada kita makei VI, gedit ataupun Notepad kat windows. Every syntax nya colourfull :-) walaupun linux kurang darisegi Guinya tapi bila dah okey nya cantik
juak bah. Owh nya support PHP5 juak. best thing nya ada code analysis pakei kitakorang pentest or check ada bogus ka sik.

Roundup Server apa nok best ngan practically used.
http://www.apache.org
Apache tok dah biasa dipakei kebanyakan orang, even koperate ngan kompeni besar makei apache. cara settingnya senang ajak. sik banyak karenah.
Mostly distro linux support apache, mun sik silap ada juak distro dah installed ngan apache services. Ngekot juak apa package kitakorang pilih masa install nix.

http://www.boa.org
mun kitakorang makei embed systems, termasuk routers ngan portabale devices, makei boa sebab nya makei sikit ajak memory.

http://www.Caudium.net
mmm sik tauk aku pasal tok, tapi masalanya ngan community support sidaknya. Nya pun support ada kurang. Sebab sidaknya ada project baruk kalik. Anyway, it's good to testdrive this one also.

http://www.roxen.com
Roxen tok lebih kepada graphic. Semua setting nya point and click :-) tok bagus mun kitakoran sik suka CLI / command line interface. Mun kitakrorang serve server kitakorang makei machine lamak or pc dah outdated, iboh install tok, nya consume performance kitakorang. teruk ajak kitakorang loads kelak.

http://www.acme.com/software/thttpd
thttpd tok tiny/turbo/throttling http server. Mun kitakraong server server makei usb thumbdrive aku rasa tok bersesuaianlah dengan server kitakorang ya.

http://www.kernel.org
Tux/kHTTPd
aku lum ada ngetest tok. It's totally hacking the kernel. nya pun setting kita kenak hack kernel linux kitakorang.. Best experiment juak, tapi aku sik advice kitakorang untuk messing productive server kitakorang.. biar buat kat lab okey, atau makei qemu untuk virtualization.

http://www.zeus.com
Zeus Web Server
mmm tok berbayar. Mun berbayar ya mesti lah ada advantagenya. lam kes tok nya top performance. Tok makei sidak enterprise boleh tok. untuk orang macam kita tok iboh jak, but mun nya free, why not?.. bagus ya. Contoh client sidaknya ebay.com ngan Red Nose.

mun diikut ikut kan server nok popular, dari segi costnya, dari segi supportnya, dari segi extendingnya dari segi scalibilitynya aku milih apachelah. nurut zine tok apache is best selection. untuk graft analysis on server kitakorang leh check n e t c r a f t d o t c o m


Hotpicks of this issue are
AbiWord 2.0 http://www.abisource.com
XFce 4.0 RC 2 http://www.xfce.org - tok GUI alternative nix.
IlohaMail 0.0.8 http://ilohamail.org - php kind of webmail i thinklar
KScope 0.2 http://kscope.sourceforge.net - programming editor
NaturalDocs 1.0 http://www.naturaldocs.org - makei buat doc untuk open source.
IBMonitor 1.01 http://ibmonitor.sourceforge.net/ - monitor kitakorang pun bandwith stats
Stoned 1.1.4 http://stoned.cute-ninjas.com/ - game pakei linux deh. tapi tok 3D, nice lor nix starting game area... next maybe huge, or mabe keep the WINE project.
FooBillard 2.8 http://foobillard.sunsite.dk/ - 3d pool game, pakei orang nok suka main pool kat pub.

Okey dah ready mok start tips nix kitakorang, righteous
Speed UP LInux!

1. Swap Space
check memory kitakorang
$ cat /proc/meminfo
kitakoran leh check nya pun setting kat
$ vi /etc/fstab

2. Kernel
Modules vs monolithic
kitakorang kenak pergi hack kernel kitakorang
contohnya mun kitakorang sik makei ISDN atau PCMCIA, iboh compilenya atau thick kat linux kernel configuration.

3. CPU
upgrade proccesr kitkorang contoh kat sitok disarankan kitakorang makei AMD Opteron. It's time we move to 64 bit cpu tech.

4.Hard Drives
ada duak kategori,
i. - SCSI
ii. - IDE

cara tweaknya
$ hdparm -tT /dev/hda

take note, mun hardware lamak, ada imcompatibility issue. please make buat kat test lab kitakorang :-) tercalar ajak hard disk kitakorang lak

selain daripada ya, kitakorang kenak pilih filesystem nok sesuai ngan hard disk ya lah. Ext2 laju tapi tapi kinek tok exploref2 dah boleh view ext2 filesystem, so feeling window can look into filesystem ext2, mun kitakorang pilih ext3 masalah ngan kernel, so baca bait - bait kernel upgrade kikakraong sama ada nya comapible ngan filesystem.

Raid also reduce performance. Tambah laju agik mun sik makei raid, tapi masalah nya backup kitakorang mun kitakorang makei server kitakorang untuk productivity deh... Ingat BACKUP is ESSENSIAL.

What on Earth is BSD?
wakakaka.. adik beradik nix tok.. mun dolok linux gauk juak kinek tok dah sikit - sikit bait, ada agik scene baru tok, BSD, mbiak gauk baru.. nya macam unix juak, gui lebihkurang sama, syntax lebih kurang sama, make CLI juak. mmm not yet user friendly, i think more 5-10 years agik maybe full of WINDOW$ box lah. bye - bye CLI.

Info
http://www.freebsd.org/
http://www.bsd.org/
http://en.wikipedia.org/wiki/FreeBSD
http://www.openbsd.org/
Red Hat Alternative Package Management

contoh macamne manage package atau RPM

Finding an rsync Server
rsync fully.qualified.domainandhostname::
aku sik faham pasal rsync tok tapi anyway, mun mok lebih lanjut check out
http://en.wikipedia.org/wiki/Rsync

$ curl \ ftp://ftp.mirror.ac.uk/sites/ftp.redhat.com/pub/redhat/linux \/9/en/iso/i386/shrike-i386-disc[1-3].iso

wget
$ wget \ ftp:/ftp.mirror.ac.uk/sites/ftp.redhat.com/pub/redhat/linux \ /9/en/iso/i386/shrike-i386-disc1.iso

p/s wget is very popular download command. aku dengar nya ada dicompile dalam window juak.

$ ftpcopy ftp.mirror.ac.uk \ /sites/ftp.redhat.com/pub/redhat/linux/updates/9/en/os/i386 \ /var/ftp/pub/apt/9/en/os/i386/RPMS.updates/

memang banyak.. tapi kita leh makei script, ada auto script macam AutoRPM scrip kat www2.autorpm.org:81

$ yum command package
tok makei yellow dow updater. Nice package improvement, walaupun masih ada masalah depedencies, tapi in future, lebih improve agik, maybe auto downloadnyapun dependencies.

zine tok juak ada Basic tutorial pasal
Flex/bison Compiler writing,

macam ne mok makei Blender. Teknik macam
Bezier Cruves, Thickening shap out, spins, steps, and turns. Semua tok basik pengenalan kat Blender, nice indeedlor, dapat juak buat rendering kat nix.

Tutorial Gimp
Basic or beginer level makei gimp. Gimp very popular among opensource, scripnyapun free. contohnya macam ne mok buat jedi light saber :-). dalam tutorial nok zine tok nya ngajar kita skinning. nice untuk buat futuristic logos, or whatever lah.

Tutorial PHP
Practical PHP Programming
lam tutorial tok macam ne mok optimise php ngan mysql kita, well mun kita cakap sorang ajak sik perlu mok tweak or rewrite program, tapi mun dah banyak n kita nak maintain server, mesti mok rewrite or recode php kita well, tok basic tutorial how we look into it. :-)

Usergroup www linux support.
site - contact
http://hants.lug.org.uk/cgi-bin/wiki.pl - Hugo Mills
www.bristol.lug.org.uk
www.scottish.lug.org.uk
www.oxford.lug.org.uk - Alasdari G Kergon
www.kent.lug.org.uk - kevin grouves
www.brighton.lug.org.uk - johnathan swan
www.worcs.lug.org.uk
www.northants.lug.org.uk - kevin taylor
www.anglian.lug.org.uk - martyn drake
www.lug.org.uk - denny de la haye
www.scundog.org - shaun holt - sahun@scundog.org
www.moray.lug.org.uk - steward watson
www.westwales.lug.org.uk - dan field
www.wolves.lug.org.uk - jono bacon
www.edinburgh.lug.org.uk - alistari murray
www.tyneside.lug.org.uk - brian ronald
www.leicester.lug.org.uk - clive jones
www.surrey.lug.org.uk - jay bennie
www.cam-lug.org.uk
www.dclug.org.uk - simon Waters
www.manlug.mcc.ac.uk - john Heaton, Owen Le Blanc
www.herts.lug.org.uk - Nicolas Pike
www.wylug.lug.org.uk - jim Jackson
http://www.extraknowledge.org/xoops/
http://members.tripod.com/penanglug/990624/index.html
http://kuchinglug.blogspot.com/
http://www.iosn.net/asean-3/countries/malaysia/organizations/
http://www.linuxapps.org/?action=kategorie&k1=Linux+User+Groups&k2=&k3=&k4=&k5=&start=230&anzahl=10
http://wikiwikiweb.de/LugsList

last kalik mestilah blog tok hahaha
http://linuxdigger.blogspot.com
mun kitakorang windows user
http://windowsdigger.blogspot.com
for macosX user
http://macosxdigger.blogspot.com