Posts

Monitor and block SSH connection attempts

-
Monitor and block SSH connection attempts. Here is a simple guide for iptables... This will set iptables to default: ........ sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT Then flush the rules: sudo iptables -F INPUT sudo iptables -F OUTPUT sudo iptables -F FORWARD This allows you to view your current rules: $ sudo iptables -L ........ Install iptables-persistent package to save tables on reboot. $ sudo apt-get install iptables-persistent During the installation, you will asked if you want to save your current firewall rules. If you update your firewall rules and want to save the changes, run this command: $ sudo netfilter-persistent save $ sudo netfilter-persistent reload ........ With the following, an attacker is allowed to produce exactly 3 faulty logins in 2 minutes. Afterwards, they will be blocked for 120 seconds. 1) Add the following line to /etc/ssh/sshd...
Post a Comment
Read more

Cheat Sheet : Snort

-
Snort is a free/paid intrusion detection system, which also does packet logging and packet sniffing as well. Snort comes with built in rules and community rules that the security industry has submitted. The paid version gives you more of these and more up to date: * SNORT: there are 3 modes, packet sniffer, packet logger and ids   * .To start snort in sniffer mode, start the snort service then open a terminal and type snort –v   * .Ping another computer and see it captures that icmp traffic   * SNORT RULES:   a.A very simple one to start with is: log tcp any any -> 192.168.3.0/24   23 , this states to: log any tcp packets from any ip and any port to destination network 192.168.3.0/24 and destination port 23 b.You can add messages too, so lets say someone is trying to get to telnet on your network: alert tcp any any -> any 23 (msg: “hey this fools trying to use telnet!”;) c.It can also be bi-directional as in any leaving or coming for tel...
Post a Comment
Read more

Cheat Sheet : IP Table

-
 Ip tables is a command line firewall that comes with linux. Its essential to learn how to use the different parts of it for the scanning phase: IPTABLES: iptables has the following 4 built in tables:   i.FILTER table: it has 3 chains:           1.INPUT chain- incoming to the firewall           2.OUTPUT chain- outgoing from the firewall           3.FORWARD chain-packets for another NIC on the local server   ii.NAT table: it has 3 chains:           1.PREROUTING- alters packets before routing. (used for DNAT , destination nat)           2.POSTROUTING – alters packets after routing. (used for SNAT , source nat)           3.OUTPUT – used for packets generated locally    iii.MANGLE table: specialized packet alteration. It m...
Post a Comment
Read more

Cheat Sheet : Wireshark

-
 Now that you know some command line packet sniffing, lets go over some wireshark display filters: * If you want to filter by a protocol, just type it in, like arp, dns, etc.   * If you click the analyze tab you can filter here as well   * If you did it by tp, you can go to preferences/protocols/tcp and take the check out of “relative sequence numbers” and they will show the real seq numbers   * Right click a packet and follow tcp stream to see the whole conversation between the client and the server . if you do this and you close out of the window you will see that the filter is listed for these packets   * A source filter can be applied to restrict the packet view in wireshark to only those packets that have source IP as mentioned in the filter. The filter applied in the example below is: ip.src == 10.10.10.5   * A destination filter can be applied to restrict the packet view in wireshark to only those packets that have destination IP as m...
Post a Comment
Read more

Cheat Sheet : TCP Dump

-
Wireshark is a very popular packet sniffing tool, but sometimes you may be on a pentest and you only have a linux shell, no gui, no wireshark. Good thing is a lot of linux and unix machines come with tcpdump installed which is essentially a command line wireshark. Lets look at some examples: * First off, I like to add a few options to the tcpdump command itself, depending on what I’m looking at. The first of these is -n, which requests that names are not resolved, resulting in the IPs themselves always being displayed. The second is -X, which displays both hex and ascii content within the packet. The final one is -S, which changes the display of sequence numbers to absolute rather than relative. The idea there is that you can’t see weirdness in the sequence numbers if they’re being hidden from you. Remember, the advantage of using tcpdump vs. another tool is getting manual interaction with the packets. * It’s also important to note that tcpdump only takes the first 6...
Post a Comment
Read more

Cheat Sheet : Linux

-
Basic Linux and Bash training is essential for any aspiring hacker. here a small beginners cheat sheet/lesson about Linux basics: Linux Operating System Linux File System /Root of the file system /varVariable data, log files are found here /binBinaries, commands for users /sbinSystem Binaries, commands for administration /rootHome directory for the root user /homeDirectory for all home folders for non-privileged users /bootStores the Linux Kernel image and other boot files /procDirect access to the Linux kernel /devdirect access to hardware storage devices /mntplace to mount devices on onto user mode file system Identifying Users and Processes: INIT process ID 1 Root UID, GID0 Accounts for services 1-999 All other users Above 1000 ring 0 in the security rings model, is where the kernel lies in linux ring 1 and ring 3 is where device drivers lie ring 3 is the users space and this is where init is and applications, etc. init executes scripts to setup all non-os services and structu...
Post a Comment
Read more

Cheat Sheet : Shodan HQ

-
Shodan is considered the world's most dangerous search engine. The site scans the internet and finds public facing devices, I even found my router on there before! You can sign up for free but it limits the searches. Heres some examples: •Shodanhq: http://www.shodanhq.com/?q=Fuji+xerox     some printers http://www.shodanhq.com/?q=RTU  scada http://www.shodanhq.com/search?q=sonicwall  sonicwall firewalls http://www.shodanhq.com/search?q=%22cisco-ios%22+%22last-modified%22   cisco ios devices   http://www.shodanhq.com/search?q=cisco-ios+200  cisco devices with no login required More specifically on that last one  http://209.56.171.1/xhome.htm Zhone MALC is a full-featured multi-service access platform optimized for delivering voice, data, and video services over a pure packet access network.    http://www.shodanhq.com/search?q=Zhone+SLMS  the default username is admin, default password is zhone   http://www.shoda...
Post a Comment
Read more