Posts

Showing posts from 2011

Process listening on the ports

Image
Some times it becomes very necessary to confirm which exe or process is listening upon which port in order to determine the reason behind the running services on those ports. For example, if you find that there is one more web service running over another port, suppose 8082 apart from port 80, you may need to determine, after all which process. To see it type:
netstat -anb:
If you see the above output, you can see the inetinfo.exe process is running on two ports 80 and 3205 which in turn are http and sapdp05 respectively. Also, the respective PID or processID, which in this case is 2644 for inetinfo.exe. So, if you stop or kill the inetinfo.exe process, these services will stop.

I have seen in some PCs, specially in Win7 netstat -ab command does not work. So for determining about the process listening on a specific port you can do like this:
type netstat -ano | find "2644" as we know that PID 2644 is responsible for opening the port 80 (http) and 3205 (sapdp05) but…

Article in Hakin9

My Article on reversing exe has got published in Oct issue of "Exploiting Software-Hakin9" magazine. This article is about basic introduction to Reverse Engineering. I have chosen to show reversing of a sample exe file and how to patch it. The article more focuses on showing a practical example of reversing.
It could be downloaded here. The article is from Page no. 38 onwards.

Dealing with Non-technical users

In Security profession, you always go with your finding to the people who has technical capabilities so that they may understand, what you want to explain to them. But what in a situation if you need to deal with ordinary, non technical users? They don't understand your security jargon, they only care about their business. I have been dealing with these sort people from long back! And when they are sitting in remote location, it's very tough!
The best way is to send them mails explaining the issue, its impact and how to fix them. Sometimes, they will co-operate with you some times, you are disappointed.
For example, if you need to deal with users running any Insecure Services (suppose FTP) on their machines, the following ways seem working:
1. First send a communication to them about the issue, eg, what the service is all about, how it could be exploited if not closed or secured.
2. If they respond, well, tell them to stop FTP from Services.msc.
3. Sometimes, they are not sure why …

Securing Connection Strings

Today, again I came across the same scenario about which my colleague Sam had asked me once. He asked me about best practices for securing the connection strings. Well, for securing the Database connection string file. The general approach will be-irrespective of technology- its’ best practice to move the credentials out of source-code into a configuration file. It needs to be properly protected, using strong ACLs and strong encryption with properly protected keys. I shall give you an example of .NET which I am aware of and you can suggest developers to use the similar thing for Oracle and jsp pages.

Again there are different approaches for different technologies- for ASP.Net you can either use Windows authentication instead of using username/password, database (connection string) name in the source code. But that’s not possible, if you have got to mention the username/password, database name, put them in a separate configuration file such as app.config or web.config and encrypt them u…

Open Mail Relay-How to test

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.[Wikipedia]

How to test your mail server for open relay:
1. At command prompt type:
C:/>telnet mailserver.yourdomain.com 25

220 mailserver.yourdomain.com ESMTP MAIL Service Version 6.0.3894 ready at Tue, 22 Aug 2011 05:22:00 -0700

2. helo

250 mailserver.yourdomain.com Hello

3. mail from: sender@otherdomain.com

250 2.1.0 sender@otherdomain.com....Sender OK

4. rcpt to: recepient@someotherdomain.com

250 2.1.5 recepient@someotherdomain.com

5. data

354 Start mail input; end with .

This is a test mail. Please ignore this-Nilesh

Use SSH-Reject Telenet,RSH/RLogin

Image
The main problem with Telnet/rsh/rlogin/rcp is that they send the information over the wire unencrypted. So whatever you type, your username/passwords that go in clear text over the wire. Anybody can sniff it and make your life difficult. The remote shell utilities such as, rsh, depend on a pre authenticated IP connection. Anything coming from that IP is reliable for them. IP spoofing is not difficult!
So use SSH, Secure way to send information over network.The Secure Shell keeps unauthorized users out of our computers, both by encrypting passwords to protect them from sniffing, and by providing more positive authentication than simple password exchange.Instead of rsh, rcp, and rlogin, simply use the commands ssh, scp, or slogin.
How to tunnel Telnet through SSH:
1. Launch Puttyand provide the destination host IP address.
2. Go to SSH->Tunnel.Enter the destination server name or address followed by a colon and the port PuTTY will forward to.


3.Click on the Open button. A terminal windo…

Web Application:Authorization Issues

I have written one article that got published in Hakin9 Magazine's July Issue.
This article is about different kind of Access Control mechanisms and issues with them in Web Applications.
Access Control, as the name suggests, is the mechanism of determining privileges of different
users to access the contents of an application. It can also manage fine-grained read and write
permissions on the files owned by a particular user. In other words, access control decides who has the authorization to use files, manipulate their contents, or visit a website. In the case of web applications, access control mechanisms allow different users different levels of access to web pages and functions.
Want to read more? It can be found here or clicking on the list of articles in the right side of the blog.

Lifetime of cryptographic Hash functions

Image
Many times developers ask which Hash is the best to work with currently. As I always suggest using SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512) as they are still not known to be broken, I found this chart very convincing and useful to compare between them:

As you can see only popular SHA-2 are still remain undefeated.
Reference: http://valerieaurora.org/hash.html

Wireless Security- Best Practices

This article is about different kind of Best Practices that should be followed when using Wireless LAN.
A liitle lazy to write it again :) . The article has been published into June 2011 Issue of ClubHack Magazine (Page 20-24).

It can be downloaded here.

Disable NetBIOS

Image
NetBIOS an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. [Reference:http://en.wikipedia.org/wiki/NetBIOS]

Testing for SSH

Image
This is written for specific scenario so may differ from yours.

Insecure protocols

Image
Some basic insecure protocols and risk associated with them: