Nmap is a port scanning and host identification tool I use all the time. It is multi platform and open source, supporting Windows, Mac, Linux, FreeBSD, and more. You can download Nmap here.
Why would we need Nmap?
Nmap is a great tool to use when needing to find what hosts are on a given network or IP, and what ports and services are running on those hosts. Nmap has many built in features and scripts to aid in the detection and identification of services running with in a host, and with proper tweaking, you can discover a lot of information not intended to be public. Let me go over some basic features provided in Nmap.
For this quick guide, I will be going over the Command Line version of Nmap. There is a GUI version for windows which also allows you to specify command line options so it should be the same…
I recorded my workshop last Thursday on this talk, but not surprisingly, the recording did not save! I decided to do the talk and demo again on my own and record it for everyone to enjoy… I did not anticipate it to be over 40 minutes, so I apologize for that, but here you go!
Feedback is greatly appreciate it. Otherwise, I would not know what to change to make them better. :)
Metasploitable is a Linux distribution built for testing security tools and learning penetration testing. The Metasploitable virtual machine is purposely configured with many vulnerable services which can be exploited to gain access to the system. You can use tools such as Nmap, Nikto, and Metasploit to discover services and identify vulnerabilities within those services and learn how to exploit them.
In Part 1 of this series, I will be going over how to get Metasploitable running and what we can do in BackTrack Linux to discover services running on Metasploitable over the network…
Hey guys, don’t forget that the US Cyber Challenge Digital Forensics quiz is open until Thursday, October 25, 2012. Jump right in and take it! Remember registration closes Wednesday, October 24, 2012, so register before then!
What is digital forensics? The most basic description is the investigation and recovery of data digital devices. Examples of digital forensics would be recovery deleted files, finding hidden files and volumes, discovering information about files included who altered them, when they were created, when they were accessed, and more. Uses of digital forensics include criminal/civil investigations, intrusion investigations and more! It’s a fun and interesting field!…
For those who want to get their started in security, I will be going over some tools to help you get started. The first one I will be going over is BackTrack Linux.
What is BackTrack Linux?
BackTrack is a Linux distribution based off Ubuntu. It was created for security penetration testing, digital forensics, reverse engineering, social engineering and more. The beauty of BackTrack is its convenience. BackTrack is a fully set up Linux Live CD with all the security tools you need to get started. Once you boot into the BackTrack Linux Operating System, you can immediately start using tools such as Aircrack-ng for Wireless Auditing/penetration testing, Wireshark for packet analysis, or even The Social-Engineer Toolkit for social engineering/pen-testing. We will go over all these tools and more in separate blog posts.
You can use BackTrack in many ways such as booting from a DVD, booting from a flash drive, or creating a virtual machine using VMware Player or VirtualBox. (both are free.) In this blog post, we will go over how to set up BackTrack for VMware player using the ISO image…
Yesterday (October 11, 2012) was the 3rd annual Houston Security Conference and also my first security conference. I can say that it was much better than I could ever hope for it to be. There were about ~200 or more attendees and many vendors such as Accuvant, HP, WhiteHat Security, Symantec, Rapid7, Sourcefire, Hackers for Charity, and more! There were also many great activities like Lockpick Village, Capture the Flag, and Metasploit training. I met a lot of great people and companies!
There were 2 servers in a network that competitors were told to break into. One was running Linux and the other was running Windows. I was able to fully root the Linux box but could not get into the Windows box. I ended up turning in 10 out of 13 possible flags winning the 2nd top tier prizes and getting the most flags out of anyone else at the conference. :) Unfortunately, I can’t write a tutorial on how I broke in or what the flags were since Symantec plans to hold similar competitions in the future. To make up for it, here is a quick summary of what I did to win the competition:…
Earlier this week, I wrote a blog post detailing some privacy issues with the way The University of Houston handles forgotten UH ID/Password requests.
Well it seems to have gained the attention of some UH IT folk and one of the main issues has been fixed!
If you make your way over to the “Lookup a CougarNet Account Online” page, entering a PeopleSoft ID number will no longer result in an email address and will only show a button that sends an email straight to the owner.
Obviously this is a good step towards better privacy since no longer will your email be shown to anyone who knows your peoplesoft number. Thanks University of Houston IT! keep up the good work.
I forgot my CougarNet (University of Houston) credentials one time and decided I should use their tool to reset my password. Upon entering the necessary information into their password reset tool here, I was greeted with my security question in which I must provide the correct answer to be authorized to change my passwords for various UH services. Here is the issue for non-security folk. The security question is often something simple such as “What is my pet’s name?” or “What city am I currently living in?“. All that information can be found out by asking them or finding it on the internet such as Facebook.
The most interesting service, in my opinion, is the PeopleSoft - MyUH. The biggest threat is someone getting into your MyUH account. Why? Take a look for yourself. Login to your MyUH profile. Click on Academic Records > Demographic Information. BOOM! Full Name, Date of Birth, Birth Place, Social Security Number, Driver’s License Number, Picture, Visa/Permit Data, etc! All the information is available in plain text WITHOUT additional authentication. Please tell me that’s not real, because that scares me.
You may be wondering, “Who cares?” In this blog post, I will show you how someone can take your PeopleSoft MyUH ID and turn it into a compromised account…
A Capture the Flag event is a competition where individuals or teams of security enthusiast compete to break into systems and networks to capture flags for points. You can work alone or as a team. Your goal is to find specified flags in a system and sometimes steal flags from others.
For this competition, we are given a lot of detail about the systems and flags we need to compromise. See their website for information on the event. To make things easier, I will list what we now know about these systems and a quick explanation of what they mean. Lets get started:
