SANS Sec542 CTF

SANS Logo

SEC 542 is web penetration testing mainly it focus on web attacking and they already succeed to make it nice track , Cause of many theoretical and processes steps in Part 2 it was boring and they should cut off this part and they can merge it with the python part

SQL Injection


Capture The Flag was day 6 as usual and it was the BEST DAY i didn’t expect that i will find what i found !!! and capture the flags don’t only depend on tools use customized scripts , it will help you to bypass **** ( LOL it’s a secret ) , The main idea that you have to mapppppppppppppp and recon as possible as you can in everything plus don’t waste your time

If you are going to take this track so don’t miss CTF

Advertisements

SSH Tunneling

How to tunnel the traffic through ssh to get a proxy?

First of all ssh server should accept the TCP Forwarding .. if not so this will not work ..

it’s simple , Lets say that you have 2 servers and your client and to be totally undetectable from any DPI and the traffic will be through the ssh so we will tunnel the traffic from the Client machine to server A [ 1.1.1.1 ] and from server A we will tunnel the traffic to Server B [ 2.2.2.2 ] … This will be also undetectable if its’ established only between the client and the server

So from the CLI excute the following command As ROOT :
[root@Bassem] ssh username@1.1.1.1 -L 8081:2.2.2.2:80 -X

Now you can export your localhost ip 127.0.0.1 on port 8081 to as http/s_proxy or ftp_proxy or on your browser and the local port 8081 will forward the TCP packets to the back end server at the end of the tunnel which will be 80 on 2.2.2.2

Linux Updates Notification By Mail

The greatest thing on open source platforms that you can do whatever you wanna do .. Simply it’s Perfect

– If you have many linux platforms so you can trace the updates and make sure that admins upgrades the packages and kernel via many ways , I will just mention on of them can be deployed on Redhat .. you can trace the updates and receive it via mail through Yum .

– Yum-updatesd package installed by default with RHEL 5.X and 6.X to inform you with the updates , With some modifications on the default options found on the configuration files you will be able to receive the updates found on the machines

1# make sure the package is installed, enable it on boot and start the service

as root rpm -q yum-updatesd ; chkconfig yum-updatesd on ; /etc/init.d/yum-updatesd start

2# Open the main config file for the service with your favorite editor for me vim is the best

vim /etc/yum/yum-updatesd.conf

set the below parameters


run_interval = 172800 [ Two days ]  this is cool for me , you can set the time you need
emit_via = email
email_from = " Sender mail address"
email_to = " Recipient Mail address"
do_update = no
do_download_deps = no
do_download = no
smtp_server = 'You smtp_server:port'

3# take a look also at /usr/libexec/yum-updatesd-helper ” Python script”  .. You can customize it also to add or remove some sockets if you want to ..

Thanks,

Bassem

Windows updates Notification By Mail

I manage more than 300 Server  , and there are about 100 Windows platform , The problem  that they are not connected on same domain and some solutions such as WSUS can’t be performed due to the nature of this environment.

Administrators are responsible for updating their servers  and i can’t trace if they are doing what they paid for or not ! so this process should be automated , i merged many scripts into two small scripts which will do this for me.

# PowerShell is needed for sure to complete the JOB

1# Prepare PowerShell to run the scripts

– Open the power shell and type “Set-ExecutionPolicy RemoteSigned

To know what is this mean read this article:http://powershell.com/cs/forums/p/2621/3508.aspx

2# First Script : collect.vbs

collect.vbs “Make sure the extension is vbs” will be responsible to search for updates on the machine same as windows update agent behave and if there is no updates it will simply echo that there are no applicable updates :


Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateupdateSearcher()

WScript.Echo "Searching for updates..." & vbCRLF

Set searchResult = _
updateSearcher.Search("IsInstalled=0 and Type='Software'")

WScript.Echo "List of applicable items on the machine:"

For I = 0 To searchResult.Updates.Count-1
 Set update = searchResult.Updates.Item(I)
 WScript.Echo I + 1 & "> " & update.Title
Next

If searchResult.Updates.Count = 0 Then
 WScript.Echo "There are no applicable updates."
 WScript.Quit
End If

3# Now make small patch “.bat” contain the following line to redirect the output of the below script to txt file


cscript c:/collect.vbs > " Redirect the output of the script on txt file set here the destenation of the file"

for example


cscript c:/collect.vbs > c:/basem.txt

and you can name it basem.bat for example

4 # Second script “notify.ps1″ to get the txt file ” The output of the first script ” and sent it via mail to your mail address


$filename = “PATH TO UPDATES FILE”
$smtpServer = “Your SMTP Server”

$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment($filename)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)

$msg.From = “Your Mail Address”
$msg.To.Add(“Recepient Mail Address”)
$msg.To.Add(“Another Recepient Mail Address”)

$msg.Subject = “Mail Subject ”
$msg.Body = "Write whatever you need in the body
$msg.Attachments.Add($att)
$smtp.Send($msg)

5# Last patch “.bat” to make the notify.ps1 will contain the below to be  executed automatically via scheduled task :


powershell.exe -nologo -command "&{c:/notify.ps1}"

if the path of the notify.ps1 script exist on c:/ for sure if not you can set whatever the source location

6# Make the patches we created on scheduled tasks every whatever the time you need , for me i make it every 48 hr and make sure that collect patch scheduled 10 or 15 minutes before the notify patch

BR,

Bassem