Category: Uncategorized

BackTrack 4 on Windows Machine

As I mention on the “Some Updates About MySelf” I will update my blog  more frequently. Today, I want to talk about BackTrack4.

Backtrack is a lovely Linux distribution for security professionals. BackTrack4 is now using debian deposotories and that makes it nicer for me.

If you want to run BackTrack on your windows machine, you can use LiveCD or a virtual machine.

Only virtual image I have found was for VMware. VMPlayer is not best solution for a windows machine. Ram and cpu usage goes up and machine can be so slow. However Virtual PC 2007 runs smoothly.

If you get BackTrack VMware image from this link and could not find an image for virtual PC, don’t worry. Install VirtualPC 2007 from here.

Then go to this website and get the VMDK converter. This program will convert VMware images to virtual PC’s virtual hard disk image.

Use ‘letmein’ as your username and ‘bugmenot’ as your password ( Yeah, I don’t like to set up an account either!)

After unzip the directory and start program, you convert BackTrack 4 image to Virtual PC’s hard drive.

That is it!

Ask any question or problem you have.

Some update about myself

As you see from the logo at the upper side, I am CCNA now. Personally, I believe certifications are important but they are not mean a lot to me. I was required to get it and the mission accomplished.

Another good news is my application for an author position at a popular Turkish IT Security magazine was accepted. I will be writing monthly articles in there. (I will be writing an English IT Security magazine soon but still don’t decide it). Of course I will continue to write for articles.slicehost.com as part of my job.

To be honest, I am finding writing technical articles in Turkish harder than in English. For example, I am having hard time to find a Turkish word which means “multithread” or even “server”. I don’t know their Turkish correspondence (all computer class I have were in English- even at the Istanbul Technical University so I am not good Turkish IT terminology) but it will be good to learn them.

After now, hopefully I will have more time to update my blog at the evenings. You will find lots of new article and they will especially be about security tools ( nessus, ettercap, wireshark, metasploit, JohntheRipper, aircrack….)

I am adding a new project section: Computer Forensics. I will give more details about it later, but this will be a section just dedicated to my personal work on computer forensics .

I have already re-designed realinfosec.com and lunched a new section but could not have time to update it. It will be updated very soon.

My system administrator blog will stay in googlespot but can be reached from realinfosec.net with its new interface in a few days.

I am lunching another website soon (realinfosec.org) but this will be just dedicated to soccer. I was refereeing some games for kids and very soon I want to do more serious stuff for it. (I am required to get a certificate for this too!)

That’s all for now.

Recent Visitor Map

I already knew that information security is a hot topic but I was not expected to see many visitors from all around the world. This blog has regular visitors from Africa, America, Europe, Asia and Australia.  My goal is now getting visitors from Antarctica!!

Seriously, this blog is still new but it has good statistics. Actually, I did not and will not have any expectation from realinsec.com except sharing my knowledge and learning new things. Having readers from different countries just mean people are interested in this stuff.

Anyway, here is the map for last 500 visitor (the program only holds data for last 500 visitors, other wise you need to upgrade and pay for this service. I will see what google has for this.)

visitorMap

New Page: (Web Based) Security Tools

Hi,

I have updated my blog and make it look nicer!

I am trying to write quick handful articles for command line based tools. I now decided to have a web page dedicated to web based security tools. I will update this page frequently and will make a blog post for the complex tools. (Usually you don’t  need to have information security background to run these software, however interpreting output may require some advanced knowledge). Please let me know if you know any useful, good sec. tools!

Thanks,

Ismail

Social Engineering

Social engineering is so interesting. You can get all access of a system without a little technical information. To protect yourself is not that easy. A social engineer who has done much researching about his victim can do many harmful things.

You cannot hide your foot prints on internet. There are several command line utilities which use google and find all pdf, txt file on a domain then extract user names from those documents.

User names are so important and easy to get…. After I see people’s hotmail and google passwords, I can say guessing password based on social engineering is easy too.

Social engineering and computer forensics are two things I want to specialize in.

Learning crackers tactics can help security people to protect their users.

I am currently busy with some networking stuff. However, I will love to learn more some social engineering tools. There is a good website for this purpose: http://www.social-engineer.org/

As it said at the website “Because there is no patch for human stupidity”

Recent Open SSH Rumor + How to fix it

I love being in the  IT industry. You never get bored and you learn new stuff everyday. Recently there is a rumor for a possible vulnerability of OpenSSH. I was really interested, so I made a small research. It turns out just a rumor, but if you want to be really sure that your machine is safe, then I recommend you to upgrade openSSH package.

How to fix it?

In your Linux box ( I used Ubuntu in this example), type ssh- v to learn the version you have.  The latest stable version is 5.2 which is publicly available since february 09.  If your distro doesn’t provide this version, then you need to download it from source code, and compile it on your own.

Lets get our hand dirty and install it from source.

First let’s remove openssh from our linux box.

$apt-get remove openssh-client openssh-server

I didn’t use –purge option and remove my config files, since I want to keep them. (But I installed openssh with default option (ah!), then I need to figure out where new config files are, where  new sshd executable is etc, and do some tricks; however you can backup your config files and use –purge option and remove them completely, then paste your files in their new location which is /usr/local/bin, usr/local/sbin)

First go to their website and use wget to download the source (I choosed closest server for me):

$wget http://mirror.mcs.anl.gov/openssh/portable/openssh-5.2p1.tar.gz

Let’s now let’s install Zlib and OpenSSL which are prequisetes, (Probably you already have openssl so you can skip this step)

I installed zlib from it source.

$wget http://www.zlib.net/zlib-1.2.3.tar.gz

$tar xvfz zlib-1.2.3.tar.gz

$cd zlib-1.2.3.tar.gz

$./configure

$make install

And apt-get for openssl

$apt-get install openssl

Now we can tar our openssh package.

$tar xvfz openssh-5.2p1.tar.gz

Then go to inside of openssh-5.2p1 and run

$cd openssh-5.2p1

$./configure

Ahh, you should get some error, why?

You can check log file config.log in the directory. I found that we also need to install libcurl4-openssl-dev

After you install that package, then run

$./configure

$make

$make install ssh -v

Remember that this will install openssh with default option.

Now type $ssh -v, You should see OpenSSH 5.2p1 if you install it correctly. Since I installed openSSH with default option I need to make some changes to get ssh server is running. First, I see that my sshd executable is in /usr/local/sbin; however /etc/init.d/ssh script is looking for it in /sbin directory; so I copy sshd into that directory. Then I see that sshd check /usr/local/etc/sshd_config file not /etc/ssh/sshd_config file, so then I need to copy my previous sshd_config to /usr/local/etc/sshd_config

Finally it works! Even tough my new config files in the /usr/local/etc I am happy with that.

I hope this helps for ones who concern about their ssh server security.


Wireless Security @ Home

Wireless security is important in the home network for several reasons: The most obvious reason is someone gain access your wireless network easily and spy on your online activities. If they are educated crackers then they can even access your hard drive easily. Another reason is some one can use your wireless network and conduct some illegal activities. You will be responsible all activities they do by using your wireless network since you are owner of the ip.

so now question is how to make your wireless network secure. The steps I will mention below are easy to implement.

  1. Use WPA encryption with strong password
  2. Enable MAC filtering on your router (Plus some other configurations

Now I will discuss these two steps here:

Using encryption and strong password

If you don’t use any encryption for your wireless, that means any body can access your wireless network if their machine are in your wireless antenna’s transmission range. Ok, so we need to use encryption but which one; WEP or WPA ?

WEP stands for Wired Equivalent Privacy. It is introduced in the 1997. It worked well at the beginning, however security analysts discovered that WEP could suffer from Related-key attack. Basically, it means a kid can hack your WEP protected network in 10 minutes by using some hacking applications. Ok, let’s use WPA, but remember we still need to choose a strong password, the password should not be guessable by others. I have two suggestion for you for choosing the password:

1-)It should contain at least one special character, one lower and upper case and one number. The length should be more than 8 characters.

2-) If you don’t like first suggestion then take this one: Use a long phrase, or a sentence; it should be easy to remember for you but hard to guess for crackers- something like ” It is harder to crack a prejudice than an atom.” or “Let freedom ring from the curvaceous slopes of California!”

Later, I will mention WEP and WPA as well as choosing strong password in detail.

Enable MAC filtering on your router (Plus some other configurations)

Mac filtering makes your network accepts  only the computers which you want to have access. Oh, now I can hear that you are saying ” Hey Ismail, we already choose a good encryption method and a strong password, aren’t  those enough? why do we need to use MAC filter?!”

Well, there are two reasons. First reason is some of modems don’t support WPA (like mine!) so you must use mac filter to be sure that you have a protected network. Second reason is even though WPA is strong encryption mechanism, it can still be hacked by using dictionary attack ( a kind of brute force attack). If you watch that kid’s video and realize how a kid can hack your wpa by using simple tools and probably not knowing how they work but knowing what they do;  I can hear that you are now saying “Thanks, thanks Ismail, you saved our network by suggesting mac filtering:-)”

Ahh, I didn’t mention how to set up mac filtering. Ok, if you are using Linux then go to terminal and type route, the ip with G flag is your gate way. For Windows users,  start->run->cmd.exe (or simply start->type cmd in search box for vista) then type ipconfig. Your router ip is the ip of Default Gateway- usually 192.168.2.1 or 192.168.0.1-

After you determine your router’s ip, then type that ip in your browser. You will see your router page, login there, and change your default password and user name. This is so important, other wise anybody who can access your router webpage, can change your encryption password, router password, firewall configurations….

After that, check your firewall settings and be sure that it is on.  Finally add your mac address in the mac filter. (You can get your mac address with ipconfig /all command on Windows or ifconfig command in Linux and Mac-)

I think we are done! Congrats!!

Summary

Having strong password with WPA encryption, configuring your router and change its default password, using mac filtering, turning your router’s firewall on make your network more secure and protected.