September 2011

What is PScan?

PScan is a multi-threaded port scanner that can scan 65535 port numbers. It is very efficient, super fast compare to Nmap but provide a limited set of features.

Features :

  • Perform SYN scan
  • Define port ranges to scan (by default attempt to scan all)
  • Resolves port number to known services.

How to install PScan?

There isn’t any binary available for PScan so we have to compile it from the source code. Before compiling it, you need to make sure you have libpcap library installed at your system.
This HowTo can be followed for any linux distro e.g CentOS, BackTrack, LinuxMint etc.
Dependency
aptitude install libpcap-dev

cd /tmp/
wget http://www.secpoint.com/freetools/threaded-syn-port-scanner-2.0.zip
unzip threaded-syn-port-scanner-2.0.zip
cd threaded-syn-port-scanner-2.0/
make
cp -a pscan /bin/

It is cooked.

Now simple run;
pscan

How to use PScan?

PScan can be use with following options;

Example :
pscan 10.0.54.23 -p 1-65535 -n 20 -w 2000 -r -M

-p : Define port ranges
-n : Number of threads that runs ports scan
-w : Max time to wait for next port scan
-r : If you want to resolve port number to known service name e.g 53 # DNS
-M : Lookup for Mac Address.

Note : You must provide IP address to scan it. You can use nslookup or dig command line utility.

If you have any question or suggestion feel free to comment.

Scenario :
Our client required mod_proxy module for their application. Apache is already installed on WHM/CPanel CentOS Linux Server that run few websites. We thought recompiling Apache is not a good option that will require a down time for maintenance window and a small error can put our contract at risk and lost for our client.

What is ModProxy?

Mod_proxy is an Apache module that implements a proxy for your Apache web server. It is divided into further modules for different purposes. For example mod_proxy_http, mod_proxy_connect, mod_proxy_ftp, mod_proxy_ajp, mod_proxy_balancer. In our case we will compile few of them that are required for our application.

Installation :

Check Apache current version :

/usr/local/apache/bin/httpd -v

Output :
Server version: Apache/2.2.19 (Unix)
Server built: Jul 4 2011 06:24:27

Go to http://archive.apache.org/dist/httpd/ and pick your matched apache version. In our case it is Apache 2.2.19

cd /tmp/
wget http://archive.apache.org/dist/httpd/httpd-2.2.19.tar.bz2
tar -jxvf httpd-2.2.19.tar.bz2
cd httpd-2.2.19
./configure --enable-mods-shared="proxy proxy_http proxy_connect"

Note : You can add additional mod_proxy modules inside inverted commas.
In our case "proxy proxy_http proxy_connect"

cd modules/proxy/
/usr/local/apache/bin/apxs -i -a -o mod_proxy.so -c mod_proxy.c proxy_util.c
/usr/local/apache/bin/apxs -i -a -o mod_proxy_http.so -c mod_proxy_http.c proxy_util.c
/usr/local/apache/bin/apxs -i -a -o mod_proxy_connect.so -c mod_proxy_connect.c proxy_util.c
/etc/init.d/httpd restart

Installation is completed.

You can verify modules under Apache modules directory.

ls -l /usr/local/apache/modules/mod_proxy*

Output :
/usr/local/apache/modules/mod_proxy_connect.so
/usr/local/apache/modules/mod_proxy_http.so
/usr/local/apache/modules/mod_proxy.so

If you have any question, feel free to comment below.

Overview :
Installing a single php extension without recompiling PHP is never been a difficult job but most of the people doesn’t know it which leads to re-compile whole php.. In this article i will explain how can you add new php extension without recompiling whole php.

In our example, i will tell you how can you add iconv php extension without recompiling PHP.

A sample error for iconv php extension which was not installed
Fatal error: Call to undefined function iconv() in /some/path/file.php line 12

iconv php extension necessary configuration & compilation :
View current php version
php -v

Output :
PHP 5.2.13 (cli) (built: Jun 23 2010 04:49:30)
Copyright (c) 1997-2010 The PHP Group

Downloading the same php version source code from php.net
cd /tmp/
wget http://museum.php.net/php5/php-5.2.13.tar.bz2
tar -jxf php-5.2.13.tar.bz2
cd php-5.2.13/ext/iconv

Prepare php extension to compile it.
phpize

Output :
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519

aclocal
./configure
make
make install

You can can see iconv php extension is installed under php extensions directory:
ls /usr/local/lib/php/extensions/no-debug-non-zts-20060613/iconv.so

Enable iconv PHP extension in php.ini
echo "extension=iconv.so" >> /usr/local/lib/php.ini

Verify iconv :
php -i | grep -i "iconv support"

Output:
iconv support => enabled

What is DroidSheep?

DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open and WEP Encrypted networks that includes WPA and WPA2 networks (PSK)

According to the author, all websites are vulnerable that includes Google.com, facebook.com. BTW we have tested it with Facebook 🙂

How DroidSheep works?

DroidSheep uses ARPSpoofing techniques for normal networks while DNSSpoofing is use for WPA & WPA2 encrypted networks.

What are the requirements to run DroidSheep on Android phones?

You have to make sure the following checklist that we have tested on our SamSung Galaxy S phone with Andriod 2.3.4 🙂

  • libpcap
  • arpspoof  – It can be install using Android Market
  • Your phone Must Be ROOTED in order to use this application.
  • and yes.. DroidSheep.

How to install DroidSheep ?

DroidSheep is removed from Android Market so you have to follow the tutorial in order to get it install on your Android phone.

On Android phone

  1. Open your Internet browser.
  2. Download using URL http://static.hackersgarage.com/droidsheep-current.apk Due to large complains, it is removed. Download from here 
  3. Launch DroidSheep Application. It should popup for Super privileges, allow it.


DroidSheep Source code

Google repository  Droidsheep source code

For detail tutorial, see DroidSheep Video Tutorial below:

Update 17/03/2012 :

I heard from the community in emails that Andreas Koch removed the application from his server due to the German Law and this tool was identified as Hacking-tool.

I have hosted this application on my server and it can be download under GPL as Andreas Koch written in license log. And yes, I do not be held responsible for any damage or misuse of this tool. This is shared with intention for the Research and Students encouragement in Information Security field.

If you have any objection or complain, please report me.

Update 21/03/2012 :

Thank you all for appreciations in emails.

Since i host this application on my server, thousands of concurrent downloads of droidsheep-current.apk are processed and it is increasing now. I appreciate if you consider Retweet this post or share it on facebook 🙂 This will help us to broaden our community.

Update 26/11/2012 :

Droidsheep-current.apk is removed from our server because of many complains received by our hosting service provider. But you can still request us via request form, we can send you on email.

Since we believe this is educational purpose app and expect everyone to comply with that.

Network Miner 1.1 is a Network Forensic Analysis Tool that can be used to capture packets in order to detect sessions, plain text logins(user,password), hosts, open ports, certificates and dozen of other features that can be only viewed when you install it. It also support Offline analysis of PCap files that i captured using different tools/Operating systems.

Our previous post about Network Miner 1.0 can be viewed for the detail description. How ever this post is about Network Miner 1.1 release.

 

Network Miner 1.1 ChangeLog Summary :

  • Google Analytic’s parameters (Screen resolution,language,browser and other info)  in Network Miner under ‘Host Details’.
  • Drag n Drop pcap files directly, make sure Networkminer 1.1 is running 😀
  • Provide PCap files as a arguments using CLI interface.
  • Improvements for SMB/CIFS and NetBIOS.
  • Point-to-Point Protocol (PPP) frames Support in PCap data files.
  • Stability for load PCap data files.
Download :

FBPwn is releasing new version very quickly. What we believe, It is because of the tool has some outstanding features that given developers a new thought, how facebook data can be accessed with different ways. Our previous post regarding FBPwn Beta – 0.1.4  was in detail about its strength and HowTo use it.

FBPwn Beta - 0.1.5 version contain new FEATURES and one FIX.

Summary from the Official ChangeLog

  • Exception is fixed for the issue
  • Use FBPwn through proxy
  • Check for new version / Update.
  • WallDumper module is also added
  • About dialog
Download  FBPwn-beta-0.1.5  here
Download FBPwn Video Tutorial  directly from
https://rapidshare.com/files/507532677/FBPwn-Video-Tutorial.ogv 

Watch FBPWn video tutorial Shoot by HG Team on youtube below ;