Pages

Tuesday, December 6, 2011

Error when Updating Ubuntu

The problem :
W: GPG error: http://archive.canonical.com
 jaunty Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://security.ubuntu.com
 jaunty-security Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://us.archive.ubuntu.com
 jaunty Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>

W: GPG error: http://us.archive.ubuntu.com
 jaunty-updates Release: The following signatures were invalid: BADSIG 
40976EAF437D05B5 Ubuntu Archive Automatic Signing Key 
<ftpmaster@ubuntu.com>
 
How to fix :
apt-get clean
cd /var/lib/apt
mv lists lists.old
mkdir -p lists/partial
apt-get clean
apt-get update

Tuesday, September 20, 2011

S N O R T



SNORT is simple software are very useful to see activity from computer networking. Snort can be used as Network Intrusion Detection System (NIDS) in lightweight and this software use rules system to detecting and logging from any assault in computer networking. With any rules to detect signature from any assault, then Snort can detect and logging that assault.This software is opensource based from GNU (General Public License)[GNU89], so that can it's free to used and the source code for Snort can be obtained and modified if we necessary. Initially, Snort be made to operating system based unix, but in windows version also been made too, and now Snort is cross-platform.
Snort is software who still based command-line, so it's be troublesome for user who are used to Graphical User Interface (GUI). Therefore, there are some software from third person provide GUI for Snort, for example IDScenter for Microsoft Windows and Acid based PHP so we can accessed from web browser.
Snort has a language-making rules relatively easy to learned and flexible.
Snort have a database for any rules.
Snort can do logging direct to database system, for example to MySQL, PostGRE SQL and MS

Saturday, September 3, 2011

Install Google Chrome in Backtrack 5

Many people are questioning how to install google chrome in backtrack.
This time I will tell you how to install google chrome in backtrack 5. Follow the steps below :
1.   apt-get install chromium-browser
You can also use synaptic and select the chromium-browser.
2.   cd /usr/lib/chromium-browser
3.      Replace geteuid to be getppid using hexedit with the following command :
hexedit chromium-browser
Then press tab to switch to the mode string. Then press ctrl+s and type geteuid. Replace geteuid to be getppid then press ctrl+x to exit!
4.      Enjoy your google chrome!!!

Monday, July 25, 2011

Installing Backdoor in the Database through SQL Injection


Now, I will to explain about how to installing backdoor in the database through SQL Injection. For this practice, I try to use DVWA as web application. DVWA is already available web application about SQL Injection and SQL Injection (Blind).
First, I choose SQL Injection as my target. In the user id form, I just type admin and then click submit, but does not happen. Then, I try to copy address (from the site after I submit the admin as user id). I use sqlmap and try this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py –u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit"

but, this is failed to get database. Then, I try to use tamper data from browser. From tamper data, I get cookie and copy it. With sqlmap, I try to scan again with this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101
/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit" --cookie="security=low; PHPSESSID=0pggchrjrb0lj1ttrobmp1ace4"

the result from the command above, I can see the parameter id is vulnerable and might me injectable.

Wednesday, July 20, 2011

SOCKS, SOCKS v4, SOCKS v5 and HTTP

SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. Socks5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.
One use of SOCKS is to allow connections to be made through a firewall.

SOCKS4 is the first widely adopted version of the protocol.  It suffers from a couple of problems which have been remedied in SOCKS4A and SOCKS5, namely :
·       It requires clients to know the IP address (e.g. 123.123.123.123) of the servers they want to connect to.  This means, in most cases, that they must be able to resolve domain names.
·        There is no authentication.  A client only requires a user-name to be able to access SOCKS4 services.
SOCKS4A is a simple extension to SOCKS4 which solves the former problem, but not the latter.

SOCKS5 is the most recent version of the SOCKS protocol.  It solves both the problems of