Thursday, June 18, 2015

Linux file system hierarchy v2.0

Read full details here: Linux file system hierarchy v2.0

What is a file in Linux? What is file system in Linux? Where are all the configuration files? Where do I keep my downloaded applications? Is there really a filesystem standard structure in Linux? Well, the above image explains Linux file system hierarchy in a very simple and non-complex way. It’s very useful when you’re looking for a configuration file or a binary file. I’ve added some explanation and examples below, but that’s TL;DR.


Read the rest of it here: Linux file system hierarchy v2.0
#Linux, #Linux-Administration #Linux, #Linux-Administration, #Linux-File-System

Sunday, June 14, 2015

How to create a Bot Net legally? Put that in your ToS, that's how!

Read full details here: How to create a Bot Net legally? Put that in your ToS, that's how!

This is a #rant post, TL’DR.
In summary, you can just create a Chrome, Firefox, iOS, Android extension/plugin/app for free, let it grow bigger overtime and then just sell idle users bandwidth to Bot Net for profit. And you just put that somewhere in your looong ToS that everyone just presses “I Agree, get it over with and let me use the service already”.


Read the rest of it here: How to create a Bot Net legally? Put that in your ToS, that's how!
#Denial-of-Service-Attack-(DoS), #Distributed-Denial-of-Service-Attack-(DDoS), #News #Distributed-Denial-Of-Service-Attack-DDoS, #Rant

Router Hack - How to hack ADSL router using NMAP

Read full details here: Router Hack - How to hack ADSL router using NMAP

Asynchronous digital subscriber line (DSL or ADSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connectivity to the Internet, which is often called DSL or ADSL broadband. In this guide I will show you show you how to scan IP range for connected ADSL or DSL modem routers and find DSL ADSL router hack remotely. This guide applies to Windows, Linux or Mac, so it doesn’t matter what’s your Operating system is, you can try the same steps from all these operating systems. The term DSL or ADSL modem is technically used to describe a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot. The more common DSL or ADSL router which combines the function of a DSL or ADSL modem and a home router, is a standalone device which can be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called a residential gateway, a DSL or ADSL router usually manages the connection and sharing of the DSL or ADSL service in a home or small office network.


Read the rest of it here: Router Hack - How to hack ADSL router using NMAP
#Cracking, #Hacking, #Kali-Linux, #Security #ADSL-Router, #Cracking, #Hacking, #How-To, #Kali-Linux

Skype bug crashes Windows, iOS and Android versions of Skype application

Read full details here: Skype bug crashes Windows, iOS and Android versions of Skype application

A recent Skype bug discovered by VentureBeat can crash Skype in Windows, iOS and Android versions. All it takes is sending or receiving http://: in a message. It crashes the Windows app if you’re the sender and completely kills it if it’s the one receiving that string of characters. However, the iOS and the Android apps are only affected when they’re the recipient, and Skype for Mac seems to be immune from the issue.


Read the rest of it here: Skype bug crashes Windows, iOS and Android versions of Skype application
#Bugs-(Software-and-Hardware), #News #Crash, #Skype, #Skype-Bug

DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool

Read full details here: DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin – a Unix-like environment and command-line interface for Microsoft Windows. It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server. Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.


Read the rest of it here: DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool
#Denial-of-Service-Attack-(DoS), #Kali-Linux, #Linux, #Security #Denial-Of-Service-Attack, #Linux, #Penetration-Test

How to get Public IP from Linux Terminal?

Read full details here: How to get Public IP from Linux Terminal?

Public addresses are assigned by InterNIC and consist of class-based network IDs or blocks of CIDR-based addresses (called CIDR blocks) that are guaranteed to be globally unique to the Internet. When the public addresses are assigned, routes are programmed into the routers of the Internet so that traffic to the assigned public addresses can reach their locations. Traffic to destination public addresses are reachable on the Internet. For example, when an organization is assigned a CIDR block in the form of a network ID and subnet mask, that [network ID, subnet mask] pair also exists as a route in the routers of the Internet. IP packets destined to an address within the CIDR block are routed to the proper destination. In this post I will show several ways to find your public IP address from Linux terminal. This though seems like a waste for normal users, but when you are in a terminal of a headless Linux server(i.e. no GUI or you’re connected as a user with minimal tools). Either way, being able to get public IP from Linux terminal can be useful in many cases or it could be one of those things that might just come in handy someday.


Read the rest of it here: How to get Public IP from Linux Terminal?
#Command-Line-Interface-(CLI), #How-to, #Linux, #Networking #Command-Line-Interface-CLI, #Linux-Terminal, #Public-IP

Monday, May 18, 2015

DoS website in Kali Linux using GoldenEye

Read full details here: DoS website in Kali Linux using GoldenEye

I’ve talked about testing few DoS tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting resource pools. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS websites with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it wont work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly.
You can also use DoS using hping3 to simulate similar attacks or PHP exploit to attack WordPress websites. There’s also few great tools that will allow you view live DDoS attacks maps worldwide in almost realtime.
DoS website in Kali Linux using GoldenEye - blackMORE OpsDetails for GoldenEye tool is listed below:
From GoldenEye’s writer’s post:
  1. This tool is meant for research purposes only and any malicious usage of this tool is prohibited.
  2. GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
  3. GoldenEye is a HTTP DoS Test Tool.
  4. Attack Vector exploited: HTTP Keep Alive + NoCache

Types of DoS or DDoS attacks

Let’s go over some very basic info regarding DoS or DDoS attacks. There are basically three types of DoS and DDoS attacks:
  1. Application layer DoS and DDoS attacks
  2. Protocol layer DoS and DDoS attacks
  3. Volume-based DoS and DDoS attacks

Application layer DoS and DDoS attacks

Application-layer DoS and DDoS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol layer DoS and DDoS attacks

A protocol DoS and DDoS attacks is an attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DoS and DDoS attacks attacks

This type of DoS and DDoS attacks includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.
The word DoS and DDoS is used loosely as when you attack from a single machine, it’s usually considered as a DoS attack. Multiply a single attacker from a botnet (or a group) then it becomes a DDoS attack. There are many explanations to it, but just know that no matter which type of attack it is, they are equally detrimental for a server/network.



Read the rest of it here: DoS website in Kali Linux using GoldenEye