Archives

All posts for the month September, 2013

“When the time for the march of one’s enemy’s army has approached, one has to obstruct the enemy or send him far away, or make his movements fruitless, or, by false promise, cause him to delay the march, and then deceive him after the time for his march has passed away. One should ever be vigilant to increase one’s own resources and frustrate the attempts of one’s enemy to gain in strength.”

-Kautilya, Arthashastra.

Bannergrabbing or fingerprinting is the method of gaining information about the target host OS. web server type, version etc. Once the hacker gets the needed information about the target OS etc, he can easily find out the vulnerabilities present in particular version and launch his attacks against it. Today we are going to see how webserver bannergrabbing is performed on web servers and how to apply counter measures to it. We will see Apache and IIS 8 server examples in this article.

Apache:

Imagine I have set up a website named www.shunya.com on an Apache server. A hacker can easily find Information about the web server in different ways. For example, a hacker can visit the website and and try to open a webpage which is not existent on my server,like below.

wbc1

 

In the above example, hacker tried to open page named “admin.php” which was not available on my server and in turn the server responded with a type of web server, the target OS and the scripting language. This is giving out too much information.

The traditional and popular way of fingerprinting is through telnet. A hacker opens command line or terminal. and types the command “telnet www.shunya.com 80″. When the screen goes black, type “HEAD / HTTP/1.0″ and this will give the server information.

wbc2

 

There are also many fingerprinting tools available. I am gonna show you only one, Id serve. Let’s see how to banner grab using Id serve.

wbc3

 

Now what are the preventive measures we can take in Apache server to disable or atleast prevent fingerprinting to some extent. Apache web server has a configuration file called “httpd.conf” where we can make changes to fight fingerprinting. Go to httpd.conf and change the value of the option “Server Signature  to off”. This will not display any information about server when an nonexistent page has been accessed.

wbc4

 

In the httpd.conf file, changing the value of “Server Tokens” from “Full” to “Prod” will only show the minimum server information as shown below.

wbc5

wbc6

 

 

This still discloses that our web server is Apache but it doesn’t show the version. In Kautilya’s words this is delaying the march of enemy. Here are the options we set.

wbc7

 

IIS 8:

Now imagine we changed our www.shunya.com website from Apache server to the latest version of Microsoft web server, IIS 8. To prevent error pages form revealing any infomation in IIS server, we can set custom error pages.  Now let’s use IDserve tool to fingerprint the IIS 8 server.

wbc8

 

It shows the server version. Now how can we prevent this. Microsoft provides a tool named UrlScan freely available for download which can be used easily to process HTTP requests. Download this tool and install it. ( See how to configure Urlscan for IIS 7.5 and IIS 8 ). Then go to the configuration file of UrlScan, “UrlScan.ini” located at “C:WindowsSystem32inetservUrlscan” by default and change the value of “RemoveServerHeader’ from “0″ to “1″.

wbc9

 

This will not reveal the server version information as shown below.

wbc10

 

We can further mislead the attacker by setting our server name to some other value different than our original one. This can be done by setting the value of “RemoveServerHeader” to “0 “and changing the value of “AlternateServerName” to the value we want to specify ( in our example Nginx ).

wbc11

 

So when the attacker tries to fingerprint our website, he will be misleaded.

wbc12

 

Note: Taking this preventive measures will not stop a determined hacker to find out our server information.

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsary to install URLscan.

urlscan1

 

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

urlscan2

 

Click on Install. You are shown a review of components you selected to install. Click on I accept.

urlscan3

 

The components are installed and will show you a Finish screen. Click on Finish.

urlscan4

 

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

urlscan5

 

The installation is very quick. Once it finishes,click on “Finish”.

urlscan6

 

 

Now open IIS Manager. Click on ISAPI filters.

urlscan7

 

If everything went well, we should see a filter already set like below.

urlscan8

 

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan9

 

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

urlscan10

 

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini)  to make some changes to it.  It is located by default at “C:WindowsSystem32inetservurlscan” and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

urlscan11

 

Now let’s again try to bannergrab using Idserve.  Restart the web server.

urlscan12

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

We can easily install a web server in Windows Server 2012 using Microsoft Web Platform Installer. The Microsoft Web Platform Installer (Web PI) is a simple tool that installs the latest components of the Microsoft Web Platform including IIS, PHP, MYSQL and many others. It can be downloaded for free from here. In this tut we will install IIS, PHP and MYSQL using this tool.

Download and install Web Platform installer 4.6. Click on it.

webpi1

 

Select the components you want to install. I have selected IIS, PHP and MYSQL.

webpi2

webpi3

 

webpi4

 

After selecting the applications you want to install, click on “Install”. If you have selected MYSQL, it will prompt for a password to be set for MYSQL. Enter the password and click on “Continue”.

webpi5

 

It will display a summary of components which will be installed. Click on “I Accept”.

webpi6

 

After system finishes installing all the components, click on “Finish”. After the installation is finished, open your browser and see whether IIS8 installation has been successful. If the display shows the version of IIS displayed as below, then our web server installation has been  successful.

webpi7

 

Now let’s test our php. Go to the root directory which is “%systemroot%/inetpub/root” in IIS and create a php file with the following script and save it as version.php ( in fact any name but with php extension. )

webpi8

 

Now go to address “http://localhost/version.php” from the browser.

webpi9

 

If it displays the version of the php installed, then our php installation has been successful. Hope this was helpful.

According to Wikipedia, “In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area NetworkVirtual LAN or VLAN.”

VLAN’s simplify network management, limit the size of a broadcast domain and improve network efficiency. VLANs are of two types.

  • Static VLAN
  • Dynamic VLAN

In a static VLAN, we assign specific ports to a specific VLAN. whereas in dynamic VLAN we assign MAC addresses to a specific VLAN. In this article we are going to see how to create and configure a static VLAN. We are going to create three VLANs and assign ports to them. For this example, we will create three VLANs named Java, SAP and HR.

vlan1

 

We need to be in global configuration mode to create VLANs. The command “vlan 2″ assigns number 2 to the VLAN we are going to create. We can assign any number from 2 to 4094 to the vlan. The command “name java” names our vlan as java. Similarly we can create the vlans SAP and HR.  Before assigning ports to the VLAN let’s see the port states in our switch.

vlan2

 

We can see above that all the ports of the switch are members of VLAN 1. VLAN 1 is a special purpose VLAN used for administration. It is the only precreated VLAN on the Cisco switch. All ports are members of this VLAN by default. So when you are assigning a port to a specific VLAN, you are just changing the port from VLAN1 to that VLAN.

Now let’s assign ports to the VLANs we just created. First,  let’s assign three ports to the VLAN java.

vlan3

 

The “interface fastethernet 0/1″ command selects the fastethernet port 1. The “switchport access vlan2″ command assigns this port to VLAN java. Similarly we can add the fastethernet ports 2 and 3 to the vlan 2. Now let’s see the port states once again.

vlan4

 

We can see that the first three fastethernet ports have been assigned to the VLAN java. Now we will assign fastethernet ports 4 and 5 to VLANs SAP and HR respectively.

vlan5

 

This is how our network  will look like if we connect the host devices.

vlan6

 

And our port states will look like this.

vlan7

 

Good evening everybody. Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pentest lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

pentestlab1

 

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

pentestlab2

 

Do the same for Metasploitable virtual machine.

pentestlab3

 

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

pentestlab4

 

Type the command “ifconfig” to see the IP addresses of interfaces.

pentestlab5

 

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

pentestlab6

 

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

pentestlab7

 

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

pentestlab8

 

The connection is successful. Our penetration testing lab is ready. Happy practising.


Today I’m gonna show you how to install metasploitable in VirtualBox. Metasploitable is a Linux virtual machine made vulnerable intentionally for testing purposes. This virtual machine can be used to conduct security training, test security tools, and practice common penetration testing techniques.  For this i am going to use Metasploitable 2 which can be downloaded from here. After downloading the zip archive, extract the files into a folder. The file contents look like below.

metasploitable1

Open VirtualBox and click on “New Virtual machine wizard”. Type the name of your choice. I am using ‘Metasploitable-2‘. Choose ‘Type’ as Linux and ‘version’ as Ubuntu. Click on “Next”.

metasploitable2

Choose the memory size appropriate to the availability of RAM on your host machine although 512MB is more than enough. Click on “Next”.

metasploitable3

In the hard drive creation window, select option “Use an existing virtual hard drive”, browse to the folder where we have extracted our zip files and select the ‘vmdk’ file available. Click on “Create”.

metasploitable4

Then you are automatically booted into the metasploitable OS. The default username and password are “msfadmin”.

metasploitable5

Hi Friends. as you already know, the latest version of Kali, Kali rolling edition 2016.1 has been released. The rolling edition of Kali Linux gives users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community. The best feature I like in this version is constantly updated tools. Now let us see how to install this latest version of Kali linux in virtualbox and I assure you, this will be the easiest guide.

For this howto, I am using the latest version of Oracle Virtualbox, i.e version 5.0.20. Ever since Sana has been released, the makers of Kali Linux have also released Pre-built virtual images for virtualbox and Vmware. We will use that virtualbox image in this howto. Go here and download the Pre-built virtualbox image. They are as shown below.

sanarvb0

I downloaded the first image from above. After the download is finished, extract the contents of this file as shown below.

sanarvb1

After extraction, we will get a OVA file as shown below.

sanarvb2

Now open Virtualbox and click on File>Import Appliance as shown below.

sanarvb3

A window like below will open. Click on “Expert mode”.

sanarvb4

The window will change as below. Now browse to the location of OVA file as shown below. You can change the settings of the virtual machine like name, location, RAM etc as you like below. After configuration is over, click on Import.

sanarvb6

The importing process will start as shown below. It will take some time, but it will be worth the wait.

sanarvb7

After import is completed, a new virtual machine is automatically created as shown below.

sanarvb8

Power on the machine. As the virtual machine powers up, it will prompt for username and password. The default username is “root” and password is “toor”.


sanarvb9

Given below is our Kali Linux rolling 2016.1 successfully installed in Virtualbox. No need of installing guest additions. If you face any problems during installation, plz comment. I will be happy to help you.

sanarvb12