FTP Server Set Up With File Zilla

Introduction:

There seemed to me some need for a guide to setting up a FTP server for at-work to offer FTP srevice to mi remote Administrative office.


Requirements:

• FileZilla Server
• FileZilla Client(most suggested but other ftp clients will work)
• Home LAN setup with administrative abilities over your router(optional for internet server)

Download:



Navigate to http://filezilla.sourceforge.net/ and select the "Download" option from the right. Then select the server option. You may then choose either the Windows executable if you intend to run the machine from a Windows environment or the platform independent version if you plan to run it on any version of Linux/Unix or Macintosh.

Installation:

Installation is pretty quick. There is a few key options that you should make that vary depend based on how you intend to run this machine so i'll explain each briefly as I come to it.



At this point, you can make any options you see fit but I do suggest setting up the administrative interface as it makes the administration far more simple from the local machine and it takes up little to no extra space.

If you are installing this to simply administer a server(i.e. having multiple admins on, say, an in-home file server)you will only need to install the administration interface.



Here you will decide how you would like to install the FTP service. I have chosen to install it as a service operated manually. This is really a preference as I don't like anything on my computer to really start on its own. However, if you intend to run this on a remote machine that will have no real other use, you might want to set this as a remote service started automatically in case of a reboot. You can, of course, also set it to simply run on demand.

Additionally, this is the port that you will specify the remote administration port. It is best to leave it at its default value but if, for some reason, you would like to use another port: specify it now. Be sure to forward that port correctly as well(covered later).

Running FileZilla Server:



When you start up FileZilla Server it will ask you what server you would like to administrate.

If the machine is local: use the settings above making sure to specify the right port.

If the machine is remote: specify the IP and port.

Settings:

Select Edit > Settings and look into some of the changes.



Here you can leave pretty much default. My only suggestions are to change some of the timeout options if you don't want/need users to be disconnected. Also, change the Listen Port now if the server will be accepting client requests on some OTHER port. Again, be sure to reflect this change in your port forwarding options.



Nothing much here EXCEPT to set an admin password for your server. Be sure to set it to something you don't mind sharing if you intend to have multiple admins but make it secure enough that anyone who knows about your server can't gain access to the administrative rights.



This seems to be the part where most people stumble in their setup and I am not sure why. This is fairly basic and doesn't require nearly as much concern as most people give it. If you are behind a firewall/router that operates under NAT: select "Use the following IP:" and enter in your IP into the field.

Also, you will have to forward a range of ports for passive users to use. The FileZilla FAQ suggests 5000-5100 and I will go with this as well. Unless there is a problem with this number, use it. Make sure to set this as a range inside your router.

Users & Groups:

This is pretty basic stuff so I'll keep it brief. You will want to create groups to manage users but its not needed. It makes the sharing of a single file over multiple users easier. I'll start with making groups:



Pretty simple: make the appropriate group and fill in any needed information.



This is the gravy of the section. Set up which ever files you intend to share. These files will be accessible by ANYONE in the group, so add files carefully and add users even more carefully. In my example with admins: i will want admins to be able to have full permissions on the files so that new stuff can be added and old stuff removed.

Now for specific users:



Now we can add a user and give him group membership. Be sure to set this carefully as it will determine the access to particular files across groups. If you add a user to a group, that groups selected home directory will become the users home directory.



We can now add files/folders for the user. Be sure to set a home directory and set up an aliases(Linux/Unix). This is a bit more advanced and I suggest trying to share all the stuff you intend to share in a single folder to simplify things.

How do aliases work?
Let's assume you have two shared folders: c:\ftproot is your homedir and d:\myfiles is the second one. In order to display an alias to d:\myfiles in your homedir, add c:\ftproot\myalias as alias to d:\myfiles. A new folder with the name myalias will apear in your homedir with the contents of d:\myfiles
Source

Port Forwarding & Ranges:

See this site: http://www.portforward.com/english/r...outerindex.htm

Be sure to forward these ports(following this guide):

• 5000-5100 (passive range)
• 21 (listen)
• 14147 (admin interface)

Also, if you are operating behind a Windows based firewall add port 21 and the filezilla server executable to the exceptions list.

Conclusion:

There it is. This is your basic startup guide to getting a FileZilla Server on its feet. Please post questions and any suggestions I could make here. I'll try to keep this up-to-date with answers to more commonly asked questions

Read More

OpenBTS : Starter Reference

What is OpenBTS? What all they can do for humans ?

Open BTS is a Open source Base Transceiver Station, just a piece of hardware that helps you to create ur own GSM network Or Intercepting calls of GSM users via Any VOIP Subscription, but before subscribing to any VOIP Providers I want u read the Privacy policy of the provider then u all set to go ..!!

I understand ur next question, What this hardware all about and where I can get it ?

Alright, USRP(Universal software radio project) as a part of essel  is manufacturing the product, they are the leading manufacturers of software based radio servers..

Gotcha, Where I can buy it for Legal Puposes ?

Yeah there is a place 

  Click here to purchase

They are currently taking all the Orders now..! You can even contact them in mail form for the Hardware datasheets

OK my product is shipped ?what I can do with it ?

Subscribe for VoIP services that u like ..!!

Then u are ready to go, but before some insights that u need to understand about OpenBTS,

Its Purely opensource  Not as Asterisk habe Dual licences (Free software & properitary Software)

You ll learn about asterisk in mi next article.

Watch the above video to Create ur OWN GSM Network:

Where is Used : OpenBTS has already been used for cellular service at the Burning Man festival in the Black Rock Desert of Nevada and on the island of Niue in the South Pacific, among other locations.

Since No telecom company shown interest to provide services in the Island of Niue(only 1,200 peopes).OpenBTS is installed recently for Telecom services to talk with another in the same island..If the OpenBTS Switch is connected to internet means 1,200 peoples can talk all over the world..!  Thanks to Dany for Bridging the Small island to the world

It uses open source Asterisk VoIP software as the PBX(private both exchange, you can call it as a Switching center where ur all calls forwarding to destination) to connect calls..

GSM operates on licensed bandwidth, OpenBTS networks can connect to the public switched network and the Internet. Because it converts to VoIP, it "makes every cell phone look like a SIP end point … and every cell phone looks like an IP device. But we don’t touch anything in the phone. Our calls Placed in VoIP using interent and then reaches the GSM Network Thro asterisk PBX …

any GSM phone will work, from a NOKIA 1100,2300 ANY 1000Rupees cell phone to iPhones and Androids.(In Androids and IPhone I Don kno call reception and forwarding will work inUMTS and Dual mode, So educate me in comments )

Kestral has sold about 150 units, hardware and software, since last January, with trial systems installed in India, Africa, the South Pacific and a number of other countries. The team has also done a few private installations like oil fields, farms, and ships at sea. They are also providing a system to the Australian Base in Antarctica. Plus OpenBTS has been downloaded about 4,000 times, mostly by researchers able to build their own base stations. It is also of interest for military communications, law enforcement and DARPA projects.

 DEFCON Hacking with GNU RADIO :

TECHNOLOGY SHOULD HELP THE MAN KIND , but TECHNOLOGY CAN BE DEVASTING TOO, By PREACHING UR PRIVACY BY INTERCEPTING UR PRIVATE CALLS AND SEXTING MESSAGES

See you on Next Article "ASTERISK"

I wish to have a USRP in order to test OpenBTS, but I think it still a little bit expansive.

 h@ckfre@k

Read More

Fundamentals of Social Engineering

A True Story :

One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees’ names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.

The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.

In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from the CFO but were able to obtain all the access they wanted through social engineering. (This story was recounted by Kapil Raina, currently a security expert at Verisign and co-author of mCommerce Security: A Beginner's Guide, based on an actual workplace experience with a previous employer.)

Definitions

Most articles I’ve read on the topic of social engineering begin with some sort of definition like “the art and science of getting people to comply to your wishes” (Bernz 2), “an outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system” (Palumbo), or “getting needed information (for example, a password) from a person rather than breaking into a system” (Berg). In reality, social engineering can be any and all of these things, depending upon where you sit. The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much... and then it’s up to Maggie in accounting or her friend, Will, dialing in from a remote site, to keep the corporate network secured.

Target and Attack

The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. Typical targets include telephone companies and answering services, big-name corporations and financial institutions, military and government agencies, and hospitals. The Internet boom had its share of industrial engineering attacks in start-ups as well, but attacks generally focus on larger entities.

Finding good, real-life examples of social engineering attacks is difficult. Target organizations either do not want to admit that they have been victimized (after all, to admit a fundamental security breach is not only embarrassing, it may damaging to the organization’s reputation) and/or the attack was not well documented so that nobody is really sure whether there was a social engineering attack or not.

As for why organizations are targeted through social engineering – well, it’s often an easier way to gain illicit access than are many forms of technical hacking. Even for technical people, it’s often much simpler to just pick up the phone and ask someone for his password. And most often, that’s just what a hacker will do.

Social engineering attacks take place on two levels: the physical and the psychological. First, we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and even on-line. In the workplace, the hacker can simply walk in the door, like in the movies, and pretend to be a maintenance worker or consultant who has access to the organization. Then the intruder struts through the office until he or she finds a few passwords lying around and emerges from the building with ample information to exploit the network from home later that night. Another technique to gain authentication information is to just stand there and watch an oblivious employee type in his password.

Social Engineering by Phone

The most prevalent type of social engineering attack is conducted by phone. A hacker will call up and imitate someone in a position of authority or relevance and gradually pull information out of the user. Help desks are particularly prone to this type of attack. Hackers are able to pretend they are calling from inside the corporation by playing tricks on the PBX or the company operator, so caller-ID is not always the best defense. Here’s a classic PBX trick, care of the Computer Security Institute: “’Hi, I’m your AT&T rep, I’m stuck on a pole. I need you to punch a bunch of buttons for me.’”

And here’s an even better one: “They’ll call you in the middle of the night: ‘Have you been calling Egypt for the last six hours?’ ‘No.’ And they’ll say, ‘well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2,000 worth of charges from somebody using your card. You’re responsible for the $2,000, you have to pay that...’ They’ll say, ‘I’m putting my job on the line by getting rid of this $2,000 charge for you. But you need to read off that AT&T card number and PIN and then I’ll get rid of the charge for you.’ People fall for it.” (Computer Security Institute).

Help desks are particularly vulnerable because they are in place specifically to help, a fact that may be exploited by people who are trying to gain illicit information. Help desk employees are trained to be friendly and give out information, so this is a gold mine for social engineering. Most help desk employees are minimally educated in the area of security and get paid peanuts, so they tend to just answer questions and go on to the next phone call. This can create a huge security hole.

The facilitator of a live Computer Security Institute demonstration, neatly illustrated the vulnerability of help desks when he “dialed up a phone company, got transferred around, and reached the help desk. ‘Who’s the supervisor on duty tonight?’ ‘Oh, it’s Betty.’ ‘Let me talk to Betty.’ [He’s transferred.] ‘Hi Betty, having a bad day?’ ‘No, why?...Your systems are down.’ She said, ‘my systems aren’t down, we’re running fine.’ He said, ‘you better sign off.’ She signed off. He said, ‘now sign on again.’ She signed on again. He said, ‘we didn’t even show a blip, we show no change.’ He said, ‘sign off again.’ She did. ‘Betty, I’m going to have to sign on as you here to figure out what’s happening with your ID. Let me have your user ID and password.’ So this senior supervisor at the Help Desk tells him her user ID and password.” Brilliant.

A variation on the phone theme is the pay phone or ATM. Hackers really do shoulder surf and obtain credit card numbers and PINs this way. (It happened to a friend of mine in a large US airport.) People always stand around phone booths at airports, so this is a place to be extra cautious.

Dumpster Diving

Dumpster diving, also known as trashing, is another popular method of social engineering. A huge amount of information can be collected through company dumpsters. The LAN Times listed the following items as potential security leaks in our trash: “company phone books, organizational charts, memos, company policy manuals, calendars of meetings, events and vacations, system manuals, printouts of sensitive data or login names and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and outdated hardware.”

These sources can provide a rich vein of information for the hacker. Phone books can give the hackers names and numbers of people to target and impersonate. Organizational charts contain information about people who are in positions of authority within the organization. Memos provide small tidbits of useful information for creating authenticity. Policy manuals show hackers how secure (or insecure) the company really is. Calendars are great – they may tell attackers which employees are out of town at a particular time. System manuals, sensitive data, and other sources of technical information may give hackers the exact keys they need to unlock the network. Finally, outdated hardware, particularly hard drives, can be restored to provide all sorts of useful information. (We’ll discuss how to dispose of all of this in the second installment in this series; suffice it to say, the shredder is a good place to start.)

On-Line Social Engineering

The Internet is fertile ground for social engineers looking to harvest passwords. The primary weakness is that many users often repeat the use of one simple password on every account: Yahoo, Travelocity, Gap.com, whatever. So once the hacker has one password, he or she can probably get into multiple accounts. One way in which hackers have been known to obtain this kind of password is through an on-line form: they can send out some sort of sweepstakes information and ask the user to put in a name (including e-mail address – that way, she might even get that person’s corporate account password as well) and password. These forms can be sent by e-mail or through US Mail. US Mail provides a better appearance that the sweepstakes might be a legitimate enterprise.

Another way hackers may obtain information on-line is by pretending to be the network administrator, sending e-mail through the network and asking for a user’s password. This type of social engineering attack doesn’t generally work, because users are generally more aware of hackers when online, but it is something of which to take note. Furthermore, pop-up windows can be installed by hackers to look like part of the network and request that the user reenter his username and password to fix some sort of problem. At this point in time, most users should know not to send passwords in clear text (if at all), but it never hurts to have an occasional reminder of this simple security measure from the System Administrator. Even better, sys admins might want to warn their users against disclosing their passwords in any fashion other than a face-to-face conversation with a staff member who is known to be authorized and trusted.

E-mail can also be used for more direct means of gaining access to a system. For instance, mail attachments sent from someone of authenticity can carry viruses, worms and Trojan horses. A good example of this was an AOL hack, documented by VIGILANTe: “In that case, the hacker called AOL’s tech support and spoke with the support person for an hour. During the conversation, the hacker mentioned that his car was for sale cheaply. The tech supporter was interested, so the hacker sent an e-mail attachment ‘with a picture of the car’. Instead of a car photo, the mail executed a backdoor exploit that opened a connection out from AOL through the firewall.”

Persuasion

The hackers themselves teach social engineering from a psychological point-of-view, emphasizing how to create the perfect psychological environment for the attack. Basic methods of persuasion include: impersonation, ingratiation, conformity, diffusion of responsibility, and plain old friendliness. Regardless of the method used, the main objective is to convince the person disclosing the information that the social engineer is in fact a person that they can trust with that sensitive information. The other important key is to never ask for too much information at a time, but to ask for a little from each person in order to maintain the appearance of a comfortable relationship.

Impersonation generally means creating some sort of character and playing out the role. The simpler the role, the better. Sometimes this could mean just calling up, saying: “Hi, I’m Joe in MIS and I need your password,” but that doesn’t always work. Other times, the hacker will study a real individual in an organization and wait until that person is out of town to impersonate him over the phone. According to Bernz, a hacker who has written extensively on the subject, they use little boxes to disguise their voices and study speech patterns and org charts. I’d say it’s the least likely type of impersonation attack because it takes the most preparation, but it does happen.

Some common roles that may be played in impersonation attacks include: a repairman, IT support, a manager, a trusted third party (for example, the President’s executive assistant who is calling to say that the President okayed her requesting certain information), or a fellow employee. In a huge company, this is not that hard to do. There is no way to know everyone - IDs can be faked. Most of these roles fall under the category of someone with authority, which leads us to ingratiation. Most employees want to impress the boss, so they will bend over backwards to provide required information to anyone in power.

Conformity is a group-based behavior, but can be used occasionally in the individual setting by convincing the user that everyone else has been giving the hacker the same information now requested, such as if the hacker is impersonating an IT manager. When hackers attack in such a way as to diffuse the responsibility of the employee giving the password away, that alleviates the stress on the employee.

When in doubt, the best way to obtain information in a social engineering attack is just to be friendly. The idea here is that the average user wants to believe the colleague on the phone and wants to help, so the hacker really only needs to be basically believable. Beyond that, most employees respond in kind, especially to women. Slight flattery or flirtation might even help soften up the target employee to co-operate further, but the smart hacker knows when to stop pulling out information, just before the employee suspects anything odd. A smile, if in person, or a simple “thank you” clenches the deal. And if that’s not enough, the new user routine often works too: “I’m confused, (batting eyelashes) can you help me?”

Reverse Social Engineering

A final, more advanced method of gaining illicit information is known as “reverse social engineering”. This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off.

According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.

Conclusion

Of course, no social engineering article is complete without mention of Kevin Mitnick, so I’ll conclude with a quote from him from an article in Security Focus: “You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Stay tuned for Part II: Combat Strategies, which will look at ways of combatting attacks by identifying attacks, and by using preventative technology, training, and policies.

To read Social Engineering, Part Two: Combat Strategies, click here.

Read More

Malware Analysics (Screenshots) - URL Redirection

Today lets have deeper Insight of Malware Analysics with Mindset of FORENSIC INVESTIGATOR !Alrite JUMP IN !!!

(SHA1: fbe71968d4c5399c2906b56d9feadf19a35beb97, detected as TrojanDropper:Win32/Vundo.L). This trojan hijacks  the hosts “vk.com” and “vkontakte.ru” (both social networking sites in Russia)and redirects them to 92.38.209.252, but achieves this in an unusual way.

A common  method used to hijack a website and redirect it to a site of the attacker’s choice is to add an entry in the Windows hosts file located in the %SystemRoot%\system32\drivers\etc directory.
However, when we open this file on an affected computer, it doesn’t contain any entries related to “vk.com” and “vkontakte.ru”, as you can see in the following example:

 
But when we show hidden files, we can see another “hosts” file. It is hidden, as in the following example


There are two files with exactly the same name, “hosts”, in the etc directory! How can this happen?
As we know, it is not possible for a directory to contain two files with the same name.

Think ..!! Think ,...!!

When we copy the file names to notepad, save them as a Unicode text file and open them with a hex editor we see the following (the upper is for the first “hosts” file, the lower is for the second “hosts” file)

Technical Informataion :

For Unicode (UTF-16), the 0x006F is the same as 0x6F in ASCII, which is the character “o”. But what’s the 0x043E in Unicode? We can find it in Unicode chart table (Range: 0400-04FF). The following is part of this table.

So Now ,

We can see that Unicode 0x043E is a Cyrillic character, and it looks very much like the English character “o”.
So the hidden “hosts” file is the real hosts file in fact. When we open this file, we can see that two entries have been added to the end of the file:

Mystery solved!
This is not the first time we’ve seen a hacker using Unicode characters to mislead people. In Aug 2010, a Chinese hacker disclosed a trick with a Unicode control character used to mislead people into running an executable file. Hackers use Unicode control characters 0x202E (RLO) to reverse parts of a special file name, which changes the look of the file name in Windows Explorer.
For example, there is a file named as “picgpj.exe”, as the following:

 The “gpj.exe” part of this name is specially crafted. When inserting an RLO character before “gpj.exe” in this name, the whole name appears as the following:

Hackers also usually use a picture as the file icon. Unwary people treat this file as a picture, and blindly double-click to open it, thus running the executable. Obviously, this type of trick is useless for Unicode aware programs, but it is not easy for the eyes of people to identify the problem.
Can we believe our eyes? The answer is... not always.


H@CKFR3AK

Read More

Setup a Tor relay or Tor bridge to help Censorship Country Users

For those in Iran. Here is a guide in Farsi for installing Tor so you can surf the web without censorship: http://greenoolo.pieceoftheworld.org/


IMPORTANT UPDATE (23/06/09): New email addresses have been added, and others updated. If you have Tor setup in bridge mode, resend your connection information to us.


IMPORTANT UPDATE #2: When posting in the comments section do not post your normal email address, do not use your name/alias (make up a new one) or post other personally identifiable information. This is very important.
UPDATE: slseveral sends this interesting read: http://blog.torproject.org/blog/measuring-tor-and-iran That might ease those wondering if we’re actually helping

---

What is Tor? (from https://www.torproject.org/) “Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.”
This is something of great value to our friends in Iran.
Get Tor
https://www.torproject.org/easy-download.html.en
and install (detailed instructions Windows, Os X) (short version: double click install file)

---

Relay or Bridge? A relay will be a proxy in the Tor network and help speed up the network for the people using it – a bridge, on the other hand, will enable people to reach the Tor network if the relays are blacklisted.
If you setup a bridge, you will need to get its address to the people that are going to use it (more on that later. Short: do not post it publicly, like in the comments below).
IMPORTANT: We’re going to need both sorts (mostly relays though), so please answer the poll (at the end) on which type you’ve set up. And if the type doesn’t matter to you, please check the poll to see how others have chosen and balance it up.

---

Relay: (from https://www.torproject.org/docs/tor-doc-relay.html.en#setup)

• Right click on the Vidalia icon in your task bar. Choose Control Panel.
• Click Setup Relaying.
• Choose Relay Traffic for the Tor network.
• Enter a nickname for your relay. (Optional, enter contact information.)
• Change ports from the default ports (needs to be >1024 on Os X and Linux/Unix)
• If you have UPnP: Choose Attempt to automatically configure port forwarding. Push the Test button to see if it works. If it does work, great. If not, see “Firewall/router” below.
• Choose the Bandwidth Limits tab. Select how much bandwidth you want to provide for Tor users like yourself.
• Choose the Exit Policies tab. If you want to allow others to use your relay for these services, don’t change anything. Un-check the services you don’t want to allow through your relay. If you want to be a non-exit relay, un-check all services.
• Click the Ok button. See “Check if it works” below for confirmation that the relay is working correctly.

Firewall/Router:
If you are using a firewall, open a hole in your firewall/router so incoming connections can reach the ports you configured (Relay Port (plus Directory Port if you enabled it)). Make sure you allow all outgoing connections, so your relay can reach the other Tor relays.
Check if it works:
Restart your relay. If it logs any warnings, address them. Look at the updates at the end of the post for help resolving issues that arise.
As soon as your relay manages to connect to the network, it will try to determine whether the ports you configured are reachable from the outside. This may take up to 20 minutes. Look for a log entry like Self-testing indicates your ORPort is reachable from the outside. Excellent. If you don’t see this message, it means that your relay is not reachable from the outside — you should re-check your firewalls, check that it’s testing the IP and port you think it should be testing, etc.
Problems?
And now what?
Well, congratulations, this is it. People can now surf the internet without fear of filtering/blocking or surveillance. Collect your karma points and continue following https://twitter.com/#search?q=%23IranElection or http://www.huffingtonpost.com/2009/06/13/iran-demonstrations-viole_n_215189.html

---

Bridge:

• Right click on the Vidalia icon in your task bar. Choose Control Panel.
• Click Setup Relaying.
• Click Help censored users reach the Tor network
• Enter a nickname for your relay. (Optional, enter contact information.)
• Change ports from the default ports (needs to be >1024 on Os X and Linux/Unix)
• If you have UPnP: Choose Attempt to automatically configure port forwarding. Push the Test button to see if it works. If it does work, great. If not, see “Firewall/router” below.
• Choose the Bandwidth Limits tab. Select how much bandwidth you want to provide for Tor users like yourself.
• Click the Ok button. See “Check if it works” below for confirmation that the bridge is working correctly.
• Now scroll down to “Get the address to those that need it” and follow the instructions. Do NOT publish your connection information in the comments.

Firewall/Router:
If you are using a firewall, open a hole in your firewall/router so incoming connections can reach the ports you configured (Relay Port (plus Directory Port if you enabled it)). Make sure you allow all outgoing connections, so your relay can reach the other Tor relays.
Check if it works:
Restart your bridge. If it logs any warnings, address them. Look at the updates at the end of the post for help resolving issues that arise.
As soon as your bridge manages to connect to the network, it will try to determine whether the ports you configured are reachable from the outside. This may take up to 20 minutes. Look for a log entry like Self-testing indicates your ORPort is reachable from the outside. Excellent. If you don’t see this message, it means that your relay is not reachable from the outside — you should re-check your firewalls, check that it’s testing the IP and port you think it should be testing, etc.
Problems?
Get that address to those that need it (IMPORTANT)
After successfully setting up the bridge, click “Setup Relay” and you will see your IP port and a string of chars, this is your bridge address.
Your bridge address is not posted publicly, you need to get it to those that need it.
Email this bridge address to anonygreen@gmail.com, gr88proxies@googlegroups.com, tor@austinheap.com, irancurtain@iansbrain.com and protesterhelp@gmail.com or Direct Message (private message) in Twitter to @iran09, @austinheap, @protesterhelp, @persiankiwi or @stopahmadi. If you email be sure to include “Tor bridge” in the subject line.

---

And now what? Well, congratulations, this is it. People can now surf the internet without fear of filtering/blocking or surveillance. Collect your karma points and continue following https://twitter.com/#search?q=%23IranElection or http://www.huffingtonpost.com/2009/06/13/iran-demonstrations-viole_n_215189.html

---

Poll:

Which type have you set up? (please, only answer this when you have a working relay/bridge)

BridgeRelay

View Results
Polldaddy.com

---

Update 1:
GeoIP error:
Ian Says:
19th June, 2009 at 02:38 |
download this http://git.torproject.org/checkout/tor/master/src/config/geoip and put it in C:\Documents and Settings\{username}\Application Data\Tor\
Open ports in the router:

Carl Says:
21st June, 2009 at 13:01 |
Then you need to forward that port from your router to your computer.
See: http://portforward.com/ for info and howto:s
Update2:
DNS hijacking:
From David and slseveral:
http://dnsresolvers.com/ got me past the hijacking errors (Verizon FIOS DNS servers.)
Update3:
DIR Port not reachable, but OR port is.
Boogs says:
“THE SOLUTION, at least for me, was to download the latest unstable version at http://www.torproject.org/download.html.en and presto, now everything works just like it should. There must be a bug in the latest stable version.”

---

How can you help, 2nd edition. Talk to friends and spread the word of the Iranian struggle for freedom. Refer them to this guide if you think it was good.
If you know Farsi, please help translate
https://www.torproject.org/docs/tor-doc-windows.html.en
https://www.torproject.org/docs/tor-doc-osx.html.en

Read More

Exploring all DNS Records using DIG Commands

Using dig command you can query DNS name servers for your DNS lookup related tasks. This article explains 10 examples on how to use dig command.

1. Simple dig Command Usage (Understand dig Output)

When you pass a domain name to the dig command, by default it displays the A record (the ip-address of the site that is queried) as shown below.

In this example, it displays the A record of redhat.com in the “ANSWER SECTION” of the dig command output.

$ dig redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             37      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             73      IN      NS      ns4.redhat.com.
redhat.com.             73      IN      NS      ns3.redhat.com.
redhat.com.             73      IN      NS      ns2.redhat.com.
redhat.com.             73      IN      NS      ns1.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         73      IN      A       209.132.186.218
ns2.redhat.com.         73      IN      A       209.132.183.2
ns3.redhat.com.         73      IN      A       209.132.176.100

;; Query time: 13 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:09:49 2012
;; MSG SIZE  rcvd: 164

The dig command output has the following sections:

• Header: This displays the dig command version number, the global options used by the dig command, and few additional header information.
• QUESTION SECTION: This displays the question it asked the DNS. i.e This is your input. Since we said ‘dig redhat.com’, and the default type dig command uses is A record, it indicates in this section that we asked for the A record of the redhat.com website
• ANSWER SECTION: This displays the answer it receives from the DNS. i.e This is your output. This displays the A record of redhat.com
• AUTHORITY SECTION: This displays the DNS name server that has the authority to respond to this query. Basically this displays available name servers of redhat.com
• ADDITIONAL SECTION: This displays the ip address of the name servers listed in the AUTHORITY SECTION.
• Stats section at the bottom displays few dig command statistics including how much time it took to execute this query

2. Display Only the ANSWER SECTION of the Dig command Output

For most part, all you need to look at is the “ANSWER SECTION” of the dig command. So, we can turn off all other sections as shown below.

• +nocomments – Turn off the comment lines
• +noauthority – Turn off the authority section
• +noadditional – Turn off the additional section
• +nostats – Turn off the stats section
• +noanswer – Turn off the answer section (Of course, you wouldn’t want to turn off the answer section)

The following dig command displays only the ANSWER SECTION.

$ dig redhat.com +nocomments +noquestion +noauthority +noadditional +nostats

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +nocomments +noquestion +noauthority +noadditional +nostats
;; global options: +cmd
redhat.com.             9       IN      A       209.132.183.81

Instead of disabling all the sections that we don’t want one by one, we can disable all sections using +noall (this turns off answer section also), and add the +answer which will show only the answer section.

The above command can also be written in a short form as shown below, which displays only the ANSWER SECTION.

$ dig redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com +noall +answer
;; global options: +cmd
redhat.com.             60      IN      A       209.132.183.81

3. Query MX Records Using dig -t MX

To query MX records, pass MX as an argument to the dig command as shown below.

$ dig redhat.com  MX +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com MX +noall +answer
;; global options: +cmd
redhat.com.             513     IN      MX      5 mx1.redhat.com.
redhat.com.             513     IN      MX      10 mx2.redhat.com.

You can also use option -t to pass the query type (for example: MX) as shown below.

$ dig -t MX redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t MX redhat.com +noall +answer
;; global options: +cmd
redhat.com.             489     IN      MX      10 mx2.redhat.com.
redhat.com.             489     IN      MX      5 mx1.redhat.com.

4. Query NS Records Using dig -t NS

To query the NS record use the type NS as shown below.

$ dig redhat.com NS +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com NS +noall +answer
;; global options: +cmd
redhat.com.             558     IN      NS      ns2.redhat.com.
redhat.com.             558     IN      NS      ns1.redhat.com.
redhat.com.             558     IN      NS      ns3.redhat.com.
redhat.com.             558     IN      NS      ns4.redhat.com.

You can also use option -t to pass the query type (for example: NS) as shown below.

$ dig -t NS redhat.com +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t NS redhat.com +noall +answer
;; global options: +cmd
redhat.com.             543     IN      NS      ns4.redhat.com.
redhat.com.             543     IN      NS      ns1.redhat.com.
redhat.com.             543     IN      NS      ns3.redhat.com.
redhat.com.             543     IN      NS      ns2.redhat.com.

5. View ALL DNS Records Types Using dig -t ANY

To view all the record types (A, MX, NS, etc.), use ANY as the record type as shown below.

$ dig redhat.com ANY +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com ANY +noall +answer
;; global options: +cmd
redhat.com.             430     IN      MX      5 mx1.redhat.com.
redhat.com.             430     IN      MX      10 mx2.redhat.com.
redhat.com.             521     IN      NS      ns3.redhat.com.
redhat.com.             521     IN      NS      ns1.redhat.com.
redhat.com.             521     IN      NS      ns4.redhat.com.
redhat.com.             521     IN      NS      ns2.redhat.com.

(or) Use -t ANY

$ dig -t ANY redhat.com  +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -t ANY redhat.com +noall +answer
;; global options: +cmd
redhat.com.             367     IN      MX      10 mx2.redhat.com.
redhat.com.             367     IN      MX      5 mx1.redhat.com.
redhat.com.             458     IN      NS      ns4.redhat.com.
redhat.com.             458     IN      NS      ns1.redhat.com.
redhat.com.             458     IN      NS      ns2.redhat.com.
redhat.com.             458     IN      NS      ns3.redhat.com.

6. View Short Output Using dig +short

To view just the ip-address of a web site (i.e the A record), use the short form option as shown below.

$ dig redhat.com +short
209.132.183.81

You can also specify a record type that you want to view with the +short option.

$ dig redhat.com ns +short
ns2.redhat.com.
ns3.redhat.com.
ns1.redhat.com.
ns4.redhat.com.

7. DNS Reverse Look-up Using dig -x

To perform a DNS reverse look up using the ip-address using dig -x as shown below
For example, if you just have an external ip-address and would like to know the website that belongs to it, do the following.

$ dig -x 209.132.183.81 +short
www.redhat.com.

To view the full details of the DNS reverse look-up, remove the +short option.

$ dig -x 209.132.183.81

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> -x 209.132.183.81
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;81.183.132.209.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
81.183.132.209.in-addr.arpa. 600 IN     PTR     www.redhat.com.

;; AUTHORITY SECTION:
183.132.209.in-addr.arpa. 248   IN      NS      ns2.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns1.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns3.redhat.com.
183.132.209.in-addr.arpa. 248   IN      NS      ns4.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         363     IN      A       209.132.186.218
ns2.redhat.com.         363     IN      A       209.132.183.2
ns3.redhat.com.         363     IN      A       209.132.176.100

;; Query time: 35 msec
;; SERVER: 209.144.50.138#53(209.144.50.138)
;; WHEN: Thu Jan 12 10:15:00 2012
;; MSG SIZE  rcvd: 193

8. Use a Specific DNS server Using dig @dnsserver

By default dig uses the DNS servers defined in your /etc/resolv.conf file.
If you like to use a different DNS server to perform the query, specify it in the command line as @dnsserver.
The following example uses ns1.redhat.com as the DNS server to get the answer (instead of using the DNS servers from the /etc/resolv.conf file).

$ dig @ns1.redhat.com redhat.com

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> @ns1.redhat.com redhat.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20963
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;redhat.com.                    IN      A

;; ANSWER SECTION:
redhat.com.             60      IN      A       209.132.183.81

;; AUTHORITY SECTION:
redhat.com.             600     IN      NS      ns1.redhat.com.
redhat.com.             600     IN      NS      ns4.redhat.com.
redhat.com.             600     IN      NS      ns3.redhat.com.
redhat.com.             600     IN      NS      ns2.redhat.com.

;; ADDITIONAL SECTION:
ns1.redhat.com.         600     IN      A       209.132.186.218
ns2.redhat.com.         600     IN      A       209.132.183.2
ns3.redhat.com.         600     IN      A       209.132.176.100
ns4.redhat.com.         600     IN      A       209.132.188.218

;; Query time: 160 msec
;; SERVER: 209.132.186.218#53(209.132.186.218)
;; WHEN: Thu Jan 12 10:22:11 2012
;; MSG SIZE  rcvd: 180

9. Bulk DNS Query Using dig -f (and command line)

Query multiple websites using a data file:

You can perform a bulk DNS query based on the data from a file.
First, create a sample names.txt file that contains the website that you want to query.

$ vi names.txt
redhat.com
centos.org

Next, execute dig -f as shown below, which will perform DNS query for the websites listed in the names.txt file and display the output.

$ dig -f names.txt +noall +answer
redhat.com.             60      IN      A       209.132.183.81
centos.org.             60      IN      A       72.232.194.162

You can also combine record type with the -f option. The following example displays the MX records of multiple websites that are located in the names.txt file.

$ dig -f names.txt MX +noall +answer
redhat.com.             600     IN      MX      10 mx2.redhat.com.
redhat.com.             600     IN      MX      5 mx1.redhat.com.
centos.org.             3600    IN      MX      10 mail.centos.org.

Query multiple websites from dig command line:

You can also query multiple websites from the dig command line as shown below. The following example queries MX record for redhat.com, and NS record for centos.org from the command line

$ dig redhat.com mx +noall +answer centos.org ns +noall +answer

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> redhat.com mx +noall +answer centos.org ns +noall +answer
;; global options: +cmd
redhat.com.             332     IN      MX      10 mx2.redhat.com.
redhat.com.             332     IN      MX      5 mx1.redhat.com.
centos.org.             3778    IN      NS      ns3.centos.org.
centos.org.             3778    IN      NS      ns4.centos.org.
centos.org.             3778    IN      NS      ns1.centos.org.

10. Use $HOME/.digrc File to Store Default dig Options

If you are always trying to view only the ANSWER section of the dig output, you don’t have to keep typing “+noall +answer” on your every dig command. Instead, add your dig options to the .digrc file as shown below.

$ cat $HOME/.digrc
+noall +answer

Now anytime you execute dig command, it will always use +noall and +answer options by default. Now the dig command line became very simple and easy to read without you have to type those options every time.

$ dig redhat.com
redhat.com.             60      IN      A       209.132.183.81

$ dig redhat.com MX
redhat.com.             52      IN      MX      5 mx1.redhat.com.
redhat.com.             52      IN      MX      10 mx2.redhat.com.

Read More

Basics of XSS, How the Logic Works

---

Cross Site Scripting also known as XSS is a popular type of Client Site Attack, It is a type of attack which occurs in Web-Applications and allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.

Types of XSS

This attack is mainly of 2 types

Non-Persistent

This type of attack is carried out by injecting some client side code in a Vulnerable URL. Now further the Attacker can spread this URL and send it to his/her victims by means of some social engineering etc , on clicking these links the Victims Unknowingly executes the injected code , Which in turn can result in Cookie stealing , Privacy Disclosure etc.

Persistent

This type of Attack is more dangerous and it occurs when the data provided by the attacker is stored by the server, which is viewed as a normal page to the normal users.
Now Further the Attacker can simply inject some malicious Client Side Code which in turn can result in Defacement of the Website, Cookie Stealing, and Privacy Disclosure etc.

Demo

Now that we know something about what are these type of vulnerabilities and how they occur let’s actually take a look at how these vulnerabilities occur How to test it!
Xss.php

Code: php

<html>
<head>
    <title>Vulnerable to XSS</title>
</head>
</html>
<body>
<h1>Welcome to XSS Demo Page</h1>

<p>The Data Entered is As Follows :- </p>

<?php

/**
 * @author lionaneesh
 * @copyright 2011
 */
 

if(isset($_GET['data']))
{
    $data = $_GET['data'];
}
else
{
    $data = "No Data Entered !";
}

echo "<i>$data</i>";

?>

</body>

Now Just Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Wow! An Alert box saying XSS will appear proving that your injected code actually executed! Now this is just an example of how these vulnerabilities can occur in web-applications and how you can test them!

How to Fix Them

If you’re one of the people whose site is vulnerable to this type of attack I recommend fixing it as soon as possible, For the scope of this tutorial I’ll be only covering on how these vulnerabilities can be fixed in PHP , If you are using some other language , I recommend you to check your Language Reference or Contact Me .

PHP Provides a function called htmlspecialchars() which converts the chars into their HTML entities. Now we’ll just use this in the above code and check what happens.
Xss.php (line number 33)

Code: php

echo htmlspecialchars("<i>$data</i>");

Now let’s once more Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Voila! U can notice the change now!

That’s all for this tutorial stay tuned for more

For advanced reading click here

Thanks,

Greyhat

Read More