4/21/2011

Difference between a scripting language and a programming language

A programming language needs to be compiled before it can run, like C or C++ but a scripting language like PHP doesn't. PHP is a server side scripting language and it can be run straight from the server's side without any compiling.

Locking the console in Linux

Install vlock by typing apt-get install vlock.
Change to console by pressing Ctrl+Alt+Fx (x=1-6)
Now type vlock -a or vlock -c

4/13/2011

Bash scripting- The Basics

What is bash scripting?
Bash scripting is a type of shell scripting in Linux. Other types of shell scripts include csh, tcsh, ksh, zsh etc.

How to use traceroute when traceroute is not working!!!!

Okay, let me try and do a traceroute to my college website this time.

Understanding how Traceroute works using wireshark

When we are connecting to a website, we are going through different hops or routers. Each time we connect to a website, the path taken could be different. So the hop count will also be different. Using Traceroute, we can determine the path traversed. Traceroute uses a very intelligent method for this.

4/12/2011

Anonymous FTP

If anonymous FTP is enabled, you can login remotely using username and password as 'anonymous'. Its very rare to find it these days. But its worthwhile to try it if after doing an nmap scan, you find that FTP port 21 is open, especially if the OS used is XP.

Password hashes in Linux

 The passwords are not stored in clear text. Instead a one way hash function is used. That means it is very difficult for an attacker to crack the password even if the hash is obtained.  The hash can be obtained from /etc/shadow. It will look something like this:

4/11/2011

Wireshark





Wireshark is a packet analyzer, one of the best and easiest to use. Its got a beautiful GUI that's really user friendly and you can learn a lot of things by just analyzing the packets by using it.
It is available for windows and linux. Like all cool tools, its pre-installed on Backtrack.

4/09/2011

NESSUS - Vulnerability Scanner

First thing you should do is a nessus registration. Go to this link and select the home user http://tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code . An email will be sent to you with the activation code. Now download and install both the Nessus Server and Client from their website. Register using the code provided in the mail.

NMAP


Nmap is a great tool for scanning networks, specific ips, finding out which ports are open etc. Its available for Windows and Linux. Its pre installed on Backtrack. Its an awesome tool to have.


4/07/2011

Understanding TCP/IP using Wireshark


I feel that it is best to use a packet sniffing tool like wireshark to understand TCP/IP. The following picture shows the layers of TCP/IP and the protocols involved.

4/04/2011

Puzzle 10

A spy is trying to send a secret message,I`m trying to decode it,,can you help me?
He sent these messages:
Lado Mado Bado
Nado Sado Mado
Kado Bado Fado
One of these messages(not as in above order) means:Plan excuted successfully.
other message means:Mission dangerously excuted.
and the third message means:Abort mission immediately.
Now....what does "Lado" mean?

Puzzle 9

Barbera's daughter is my daughter's mother. Who am I to Barbera?

Snort

Snort is also a very popular packet sniffer. It does not prevent attacks, but logs the traffic so that we can get information as to what happened.

Tcpdump

Tcpdump is a packet analyzer for linux. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

4/03/2011

Some useful commands

ls                       lists the files and directories

ls -a                     lists the hidden files and directories (files can be made hidden by using a . in front of its   name)

netstat -an     lists the open ports

netstat -rn     displays the internal routing table


pwd                current directory location in terminal

last                  displays the last users who logged into the system and the time in which they did so

lsmod              displays the kernel modules loaded

sudo                super user, previlege escalation

apt-get            installation package (eg. apt-get install gedit)

gunzip 'file'    unzipping file    

tar -xvf 'file'   untaring file

man                if you don't know what a program does for eg. nmap, type man nmap, it will give a lot 
                          of info

uname -a       System info 


df -H              Disk usage

vi                   to view a file

nano              easier tool to view a file than vi


cat                 view a file in the current shell itself i.e; without opening another tab


strings           view text data in a dump file (eg. captured by tcpdump with .dmp extension)


lsof                list open files


gedit             probably the most user friendly text editor, install it using apt-get install gedit

chmod          change mode eg. chmod +x filename creates an exe file

grep             search for data inside a file (eg. grep indy filename displays all lines with indy in it)

4/01/2011

File Recovery

Suppose you have the dd of the hard disk. You can recover any file you want from it.

fls sda.dd    (sda is just an example)

Puzzle 8:Shiekh's inheritence

An Arab sheikh tells his two sons to race their camels to a distant city to see who will inherit his fortune. The one whose camel is slower wins. After wandering aimlessly for days, the brothers ask a wise man for guidance. Upon receiving the advice, they jump on the camels and race to the city as fast as they can.
What did the wise man say to them?

Puzzle 7: Christmas Tree

Four angels sat on the Christmas tree amidst other ornaments. Two had blue halos and two – yellow. However, none of them could see above his head. Angel A sat on the top branch and could see the angels B and C, who sat below him. Angel B, could see angel C who sat on the lower branch. And angel D stood at the base of the tree obscured from view by a thicket of branches, so no one could see him and he could not see anyone either.
Which one of them could be the first to guess the color of his halo and speak it out loud for all other angels to hear?

Puzzle 6: Head Bands

Three Palefaces were taken captive by a hostile Indian tribe. According to tribe’s custom they had to pass an intelligence test, or die. The chieftain showed 5 headbands – 2 red and 3 white. The 3 men were blindfolded and positioned one after another, face to back. The chief put a headband on each of their heads, hid two remaining headbands, and removed their blindfolds. So the third man could see the headbands on the two men in front of him, the second man could see the headband on the first, and the first could not see any headbands at all.
According to the rules any one of the three men could speak first and try to guess his headband color. And if he guessed correctly – they passed the test and could go free, if not – they failed. It so happened that all 3 Palefaces were prominent logicians from a nearby academy. So after a few moments of silence, the first man in the line said: "My headband is ...".
What color was his head band? Why?

Puzzle 5: The Magnet

This logic puzzle was published in Martin Gardner's column in the Scientific American.
You are in a room with no metal objects except for two iron rods. Only one of them is a magnet.
How can you identify which one is a magnet?

Backtrack, a must have for hacking enthusiasts

If you are having problems with loading your gmail chat

Useful ports and port numbers

SSH Using Public Key Cryptography

Public key authentication


Puzzle 4: Masters of Logic 3

Try this. The Grand Master takes a set of 8 stamps, 4 red and 4 green, known to the logicians, and loosely affixes two to the forehead of each logician so that each logician can see all the other stamps except those 2 in the Grand Master's pocket and the two on her own forehead. He asks them in turn if they know the colors of their own stamps:
A: "No."
B: "No."
C: "No."
A: "No."
B: "Yes."
What color stamps does B have?

Puzzle 3: Masters of Logic 2

After losing the “Spot on the Forehead” contest, the two defeated Puzzle Masters complained that the winner had made a slight pause before raising his hand, thus derailing their deductive reasoning train of thought. And so the Grand Master vowed to set up a truly fair test to reveal the best logician amongst them. He showed the three men 5 hats – two white and three black. Then he turned off the lights in the room and put a hat on each Puzzle Master’s head. After that the old sage hid the remaining two hats, but before he could turn the lights on, one of the Masters, as chance would have it, the winner of the previous contest, announced the color of his hat. And he was right once again.
What color was his hat? What could have been his reasoning?

Puzzle 2: Masters of Logic 1

Three Masters of Logic wanted to find out who was the wisest amongst them. So they turned to their Grand Master, asking to resolve their dispute. “Easy,” the old sage said. "I will blindfold you and paint either red, or blue dot on each man’s forehead. When I take your blindfolds off, if you see at least one red dot, raise your hand. The one, who guesses the color of the dot on his forehead first, wins." And so it was said, and so it was done. The Grand Master blindfolded the three contestants and painted red dots on every one. When he took their blindfolds off, all three men raised their hands as the rules required, and sat in silence pondering. Finally, one of them said: "I have a red dot on my forehead."
How did he guess?

My favourite puzzles 1: Guess my B'day

Day before yesterday, I was 20 years old. Next year I will be 23. When is my birthday?

SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged using a  secure channel between two networked devices.

Backup using dd

Suppose you have a 20GB external hard drive and you want to do a back up quickly, what would you do? Copying the whole thing to a new hard disk is not what you want. You can use dd command in windows, linux or Mac. But here I am gonna talk about doing it in linux only.Ok, so the command goes something like this:

First Post - Gmail Motion

Hello friends! This is my first attempt to create a blog. I hope to share some pretty interesting info in here. Cheerz

Google's latest technology is here...Gmail motion