ittutorial.net

TCP LAB

faisal — Sat, 14 Apr 2012 17:23:52 +0000

This lab will provide internal packet structure of TCP protocol in wireshark traces.

Wireshark Introduction

faisal — Sat, 14 Apr 2012 15:59:46 +0000

Formerly known as Ethereal. Wireshark is a GUI Network Protocol Analyzer. Display filters in Wireshark are very powerful. Follows the rules of the pcap library.

Download (PPTX, 984.22KB)

Wire shark Installation and Packet capturing

faisal — Sat, 14 Apr 2012 15:42:06 +0000

Wireshark is mostly used free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Download (PPTX, 763.95KB)

Change the Logon Window and the Shutdown Preferences

faisal — Mon, 02 Apr 2012 12:57:11 +0000

This article describes how you can enable the classic logon screen used by Windows XP Server that resembles the following example:

Log On to Windows

User name: _____________

Password: _____________

WARNING :

Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the “Changing Keys and Values” Help topic in Registry Editor (Regedit.exe) or the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

Use the classic logon screen

To temporarily use the classic logon screen, press CTRL+ALT+DEL twice on the Welcome logon screen.

To configure Windows XP to use the classic logon and shutdown screens for every logon session, do the following:

Click Start , and then click Control Panel .

Double-click User Accounts .

Click Change the way users log on or off .

Click to clear the Use the Welcome screen check box.

NOTE : If you disable the Welcome logon screen, you also disable the Fast User Switching option.

Require users to press CTRL+ALT+DEL before the classic logon is displayed

If you want to set up a requirement for a user to press CTRL+ALT+DEL before the classic logon is displayed, in the same manner as it behaves on Windows XP Server:

Click Start , click Run , type: regedit , and then click OK .

Select the Winlogon subkey at the following registry location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Click Edit , click New , and then click DWORD value .
Change the value name to “DisableCAD” (without the quotes) and press ENTER.

Keep the data value set to 0 which is displayed as 0×00000000(0).

How to install TrueCrypt

faisal — Mon, 19 Mar 2012 13:06:57 +0000

TrueCrypt is an open source software, which is used for establishing and maintaining an on-the-fly-encrypted (OTFE) volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

This tutorial contains step-by-step instructions on how install TrueCrypt on windows XP.

First off all download TrueCrypt from this link: http://www.truecrypt.org/downloads

move down to this window

After that double click on TrueCrypt exe amd after that click on next button.

Now select Install and click on next button.

After this on next window select required or all options and click next button.

On next window click Install button.

After that installation will start.

Now click on ok button.

If you want to learn about TrueCrypt click on yes button. If you dont want to learn click on NO button.

Now click on the Finish button and your TrueCrypt installation is complete.

How To Change SSH Default Port

faisal — Thu, 26 Jan 2012 15:44:17 +0000

Here we will change the ssh default port from 22 TCP to 3310 TCP. For SSH port change kindly login into your server, as root user via putty or console.
After that edit /etc/ssh/sshd_config

#vi /etc/ssh/sshd_config
######Look for the following line:
#Port 22
######Change the port to
Port 3210
#### Save sshd_config file with this command
:wq!

Restart SSH services with this command

#service sshd restart
or
#/etc/init.d/sshd restart

Try to connect to your server via putty, but you need to change the ssh default port to 3310.

How to Find a Hidden Process and Port in Linux Operating System

faisal — Sat, 07 Jan 2012 17:43:05 +0000

There are a lot of tools that can be used to check the hidden process and port; the tools are rootkits, lkms, unhide etc. In this tutorial a tool name as UNHIDE will be used for this purpose.
Unhide is basically used to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. This tools works under both Linux / Unix, and MS-Windows operating systems.

It detects hidden processes by using three techniques:

The proc technique consists of comparing /proc with the output of /bin/ps.
The sys technique consists of comparing information gathered from /bin/ps with information gathered from system calls.
The brute technique consists of bruteforcing the all process IDs. This technique is only available on Linux 2.6 kernels.
Most rootkits use the power of the kernel to hide themselves, they are only visible from within the kernel. You can use unhide or tool such as rkhunter to scan for rootkits, backdoors and possible local exploits.

Install UNHIDE

If you are using ubuntu / debian linux you can enter this command below:

#apt-get install unhide

If you are using FreeBSD / unix you can install it using this command below :

#cd /usr/ports/security/unhide
#make install clean

How to use UNHIDE

unhide-tcp is a tool that identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available.

You can use it as follows:

# unhide-posix proc
# unhide-posix sys
OR
# unhide-linux26 proc
# unhide-linux26 sys
# unhide-linux26 brute

Sample outputs:

Unhide 20100201
http://www.security-projects.com/?Unhide
[*]Searching for Hidden processes through kill(..,0) scanning
[*]Searching for Hidden processes through  comparison of results of system calls
[*]Searching for Hidden processes through getpriority() scanning
[*]Searching for Hidden processes through getpgid() scanning
[*]Searching for Hidden processes through getsid() scanning
[*]Searching for Hidden processes through sched_getaffinity() scanning
[*]Searching for Hidden processes through sched_getparam() scanning
[*]Searching for Hidden processes through sched_getscheduler() scanning
[*]Searching for Hidden processes through sched_rr_get_interval() scanning
[*]Searching for Hidden processes through sysinfo() scanning
HIDDEN Processes Found: 1

If you found something interesting:

# unhide-tcp

Sample outputs:

Unhide 20100201
http://www.security-projects.com/?Unhide
Starting TCP checking
Found Hidden port that not appears in netstat: 1048
Found Hidden port that not appears in netstat: 1049
Found Hidden port that not appears in netstat: 1050
Starting UDP checking

The netstat -tulpn or ss commands displayed nothing about the hidden TCP ports # 1048, 1049, and 1050:

# netstat -tulpn | grep 1048
# ss -lp
# ss -l | grep 1048

How to Disable Linux ExecShield Buffer Overflows Protection

faisal — Sat, 07 Jan 2012 17:18:06 +0000

The first step is to know what Exec Shield is. Exec Shield is a patch for Linux kernel security. It helps to avoid from worms and other problems. This project was started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.

Disable Exec Shield protection

# sysctl -w kernel.exec-shield=0

You can disable it permanently by adding following line to /etc/sysctl.conf file:

# vi /etc/sysctl.conf
kernel.exec-shield=0

Save and close the file.

Note :
Exec Shield disabling is not recommended one.

Exec Shield protection can also simply disabled via GRUB loader

Add up following lines in grub.conf

# vi /etc/grub.conf
Modify / append exec-shield=0 parameter as follows:
kernel /vmlinuz-2.6.8 ro root=LABEL=/ exec-shield=0

Close and save the file.

Enable ExecShield Protection Against Buffer Overflows

Open your /etc/sysctl.conf file:
#

vi /etc/sysctl.conf

#### Add the following lines:

kernel.exec-shield = 1
kernel.randomize_va_space = 1

Save and close the file.
The First line will enable ExecShield protection and second line will enable random placement of virtual memory regions protection.

To load sysctl without reboot enter the command given below:

# sysctl -p

How To Enable Telnet Client in Windows 7

faisal — Mon, 26 Dec 2011 14:16:57 +0000

what is Telnet ?

Telnet is an abbreviation of Telecommunication Network, which is an old network protocol. This protocol is used for remote host connection. It provides a two way interactive command / console line interface.
By default telnet is not enabled in windows. Telnet command will produce an error that telnet is not recognized as an internal or external command.

Click Start Menu, type “cmd” in the search box, right-click cmd command. And choose Run as administrator from the context menu.

You will see a command line console then
Type Telnet

Login into your Windows 7 with administrator access
Click Start >> Control Panel >> Programs >> Programs and Features >> Turn Windows Features On or Off >> Check Telnet client >> Press “Enter”

After you have Click OK button.
Then verify rather telnet is working or not.

You will see a result as shown below.

WordPress MU Installation

faisal — Tue, 20 Dec 2011 08:11:08 +0000

WordPress MU is basically a multi user wordpress, where u can host group of blogs.
The prerequisites for WordPress MU installation are mysql db,user and password.
For example ;

db : wpmu
user : wpmu
pass : wpmupass

Download WordPress MU

http://mu.wordpress.org/download/ Extract all files into desired folder

ex: http://www.yourdomain.com/blogs/

Begin installation

Point your browser to whichever directory you extracted your files to (ex: http://www.yourdomain.com/blogs/). The index.php file will load automatically “Installing WordPress µ” screen. You required ti fill some forms before proceeding.

change permissions

Delete .htaccess or move .htaccess to .htaccess-bak. change permissions on the public_html and wp-content directories. If you’re using FileZilla for FireFTP or similar, just right click on the folders and check all the boxes to change to 777

subdomains or subdirectories

Select whether you want the blog addresses for the install to be subdomains or subdirectories.

Database details required WordPress MU installation

Fill in your database name, username, and database password, as requested.

installation finished

If all goes well, you should see this happy screen reminding you to reset your directory permissions to 755.

Copy the password

Copy the password it generates for you and login. Immediately change your password to something better that you’ll remember.

Default Display

You’re finished! Your site should be fully installed now. It will display the default theme and will look something like this