PWB Day 1

DHCP:


Dynamic host configuration protocol.

Server: Sends configuration to clients who ask for it. It assigns Ip address,default route and DNS server config to the client.
Client: asks for the configuration to the client.
Use
>ifconfig -a

for knowing all the interfaces.

To get the network configurations use
> dhclient <interface>
e.g. dhclient eth0

SSHD:

to start sshd daemon first set the keys using:

>sshd-generate

then start the ssd daemon :
>/etc/init.d/sshd start

ATFTPD

opens the tftpd daemon
>atftpd --daemon --port 69 /tmp

VNCServer
>Vncserver

PenTest With Backtrack- Day1

- Had already download a 64bit VMware Backtrack which i am running on my laptop using a VMware player.
- Changed password of my vmware based machine.
- Downloaded course videos and course content
- Not yet registered to the forums.
- Read the first chapter

From the first chapter:

- Will have to prepare a formal PenTest (PTR now on) report.
- First chapter tells tools are available in path of the Backtrack (BT now). Backtrack is basically customized ubuntu linux. Also the directory /pentest has a lot of pentest related tools.

Lets see the directory inside it individually:
a)backdoors:  It has
-3proxy
-iodine
-ptunnel
-web which has webshell and weevly
All these are backdoor programs where iodine uses dns requests to bypass a firewalled setup and ptunnel uses icmp echo requests to similar tasks. Web shell gives a jsp based page to have access to root on a webserver. Weevly works similarly

b)Bluetooth: It has two bluetooth penetration softwares. Bluediving and bluemaho.
c) Cisco: It has tools to pen test cisco devices. Lot of tools there. I guess need to read in more detail.
d)database: It has tools for sqlinjection and other sql kungfu for databases like MSsql oracle etc.
e)enumeration: It has tools for enumerating vulnerabilty using various points of interaction like dns, googlescan, tcp
f) exploits: It has list of tools which use know exploits against softwares and devices.
g) forensics: Forensics tools.Loads and loads for different scenarios.
h) fuzzers: fuzzing tools. Fuzzing is random data strings input to a tool with aim to crash it or test.
k)libs: tools to input data into lib calls etc
l)misc: misc toolss
k) miscellaneus:- misc tools again
l) passwords: password crackers
k)python: has python examples
m)reporting : unsure about it
n)reverse-engineering: reverse engineering tools
o)rfid: has one rfid tool
p)scanners: different scanners based on different protocols
q) snifferes: different packet sniffers
r) Stressing: giving stress :P tools for DOS.
s)telephony: related to telephony (mobile mostly) tools
t)tunneling: couple of data tunneling softwares (tcp through udp etc)
u)VOIP: a lot tools related to voip
v)web: a lot tools for web vulnerability scan and other toools
w)window-binaries: for scanning sniffing cracking etc
x)wireless: wireless crackers kismet, aircrack etc.

All in a day

- Compiling shopizer on a VPS( virtual private server) absolute pain in the ass. Seems like the VPS blocks some resource leaving the reference thread waiting for some object. Not sure what.   Will have to do some magic if successful  will write it here.

My solution to the problem build the shopizer locally :) and then copy the war to the tomcat on VPS \m/. I want to get my shopizer up and running. Of course you need to give the settings of the vps where you are going to run shopizer when building it locally. hope it runs.

- brings me to the second issue. I have a 75 mb file of the shopizer build which i have to upload to my VPS. I have shitty 3G connection which never lives up to its name. Upload speed it unreliable and the connections keeps on disconnection. My TSP has very weak signals. yes i am awesome in stupidity.

My solution split my file into 75 mb files and upload them as and when i can one by one.

local> split -b 100000 myfile.tar

remote> cat x*>myfile.tar

- On the Java design front. What is strategy pattern. Hehehe. Smart thing you see. Sometimes inheritance doesnot live upto its promise of code reuse in the maintenance phase of any project. When the requirements change in a way that part of subclasses have a property and part of it dont need it. A solution is to create an interface and give the property as interface to the subclasses who need it  but this means a lot of code change and you will have to implement methods in the subclasses. errors bugs increased.
All the changable behaviors should be put in separate class which are then made part of the class as a property.this make the system loosely coupled and dynamic.
A cool feature is that your objects can change properties at run time and truely free :)