Friday, March 9, 2012

Scapy

Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, etc.  Additional details can be found at http://www.secdev.org/projects/scapy/.  Below are some screen captures from Ubuntu version 10.04.  Scapy was not present by default, so it needed to be installed.

scapy_1

The command must be executed with root credentials.  Simply enter scapy, and the command prompt should appear.

scapy_2

The command ls() will display all of the various modules available.

scapy_3

To view options for a specific module such as TCP, enter the command ls(TCP).

scapy_4

Variables can be used to specify different values than the defaults.  The command ls() can be used to verify the value of the variable.

scapy_5

The commands below configure the destination port, source port, and payload variables.

scapy_6

The command send(i/t/p) will send the packet to the destination address with the variables, which is the loopback in this example.  The send command is at Layer 3; sendp is at Layer 2.

scapy_7

The tcpdump command can be used to verify the packet was sent.

scapy_8

Multiple ports can be used, as well as a range

scapy_9

The sr command can be used to send and receive data.

scapy_10

Thursday, March 8, 2012

Windows 8 Keyboard Shortcuts

Windows Key (tap)- Toggles between the Start screen and the foremost running app (Metro-style) or the Windows Desktop.

Windows Key + 1, Windows Key + 2, etc. - Switch to the (classic) Windows desktop and launch the nth shortcut in the Windows taskbar.

Windows Key + B - Switch to the Windows desktop and select the tray notification area.

Windows Key + C - Display Charms and time/date/notification overlay.

Windows Key + D - Switch to the Windows desktop and toggle Show Desktop.

Windows Key + E -  Switch to the Windows desktop and launch Windows Explorer with Computer view displayed.

Windows Key + F - Display File Search pane

Windows Key + H - Display Share charm.

Windows Key + I - Display Settings charm.

Windows Key + J - Swaps foreground between the snapped and filled apps.

Windows Key + K - Display Devices charm.

Windows Key + L - Lock PC and return to Lock screen.

Windows Key + M - Minimize the selected Explorer window.

Windows Key + O - Toggle orientation switching on slate and tablet PCs.

Windows Key + P - Display the new Project (for "projection") pane for choosing between available displays.

Windows Key + Q - Search (within) Apps using the new Search pane.

Windows Key + R - Switch to the Windows desktop and display the Run box.

Windows Key + U - Switch to the Windows desktop and launch the Ease of Access Center.

Windows Key + V - Cycles through Notification toasts.

Windows Key + W - Display Settings Search pane

Windows Key + SHIFT + V - Cycles through Notification toasts in reverse order.

Windows Key + X - Access the advanced context menu on the Start preview tip.

Windows Key + Z - Access the App Bar.

Windows Key + ENTER - Launches Narrator.

Windows Key + SPACEBAR - Switch input language and keyboard layout

Windows Key + TAB - Cycle through apps in Switcher.

Windows Key + SHIFT + TAB - Cycle through apps in Switcher in reverse order.

Windows Key + CTRL + TAB - Cycle through apps, snapping them as you go.

Windows Key + PGUP  - Moves the Start screen to the display on the left.

Windows Key + PGDN  - Moves the Start screen to the display on the right.

Press "Windows Key + PrntScr" keys together and a screenshot will be automatically saved to "Pictures" library folder.  The screenshot is saved with the name "Screenshot.png".

The new hotkey of "Shift+F8" replaces “F8” to boot into Safe Mode.

Tcpdump Information

Tcpdump is a command-line packet capture tool normally found within Unix/Linux operating systems.  A Windows port can be found http://www.winpcap.org/windump/.  Below are some common command switches for tcpdump.

-D = list available interfaces

-i = listen on the selected interface

-r = read the input file specified

-n = do not perform DNS resolution

-c = give a count of the number of records to process

-x = display data in hexadecimal

-e = display the MAC/Ethernet address information

-vv = verbose output

-X = display the ASCII payload of records

-w = write the data to a file

-q = quiet or quick output (less data)

‘tcp’ ‘ip’ ‘udp’ ‘icmp’ = macro filters for protocols

‘port’ = port filter

‘src port’ ‘dst port’ = source port and destination port filters

‘src host’ ‘dst host’ = source host and destination host filters

Below is an example of displaying the the available interfaces on an Ubuntu operating system, and then capturing traffic on one interface.

tcpdump_1

The example below reads a file called TEST, disables DNS and port resolution, and only display TCP traffic.

tcpdump_2

The example below reads a file called TEST, disables DNS and port resolution, and only display traffic using the port 23.

tcpdump_3

The command below continues the example but uses a filter to only include ICMP traffic and only where the destination host had the IP address of 192.0.2.1.

tcpdump_4

The example below uses a filter to include data with a source host of 192.0.2.1 or a destination port value of 23.

tcpdump_5

The verbose option will return additional details concerning the packets.

tcpdump_6

Wednesday, March 7, 2012

HTOP

The top command has been popular with Unix/Linux operating systems for some time.  Htop is an different version of the original top command.  Htop is not installed by default with some Linux distributions.  With Ubuntu, use the following command to install the application.

sudo apt-get install htop

Once installed, simply type “htop” within a terminal prompt.

htop_1

A series of function key shortcuts are listed at the bottom of the screen.  A process can be selected by using the up and down arrows, and then the F9 key can be used to kill it.

htop_2

The sort order can be modified by using the F6 key.

htop_3

More information can be found at the project’s main web page at http://htop.sourceforge.net/.

https://www.howtogeek.com/how-to-use-linux-htop-command/


Anti

Anti is an Android Network Toolkit.  Anti consists of 2 parts:  the Anti version itself and extendable plugins.  Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti.  Several versions include a free edition is available.

http://www.zimperium.com/anti.html

Tuesday, March 6, 2012

Outlook Configuration Analyzer Tool

The Outlook Configuration Analyzer Tool (OCAT ) provides a quick and easy method to analyze your Microsoft Office Outlook profile for common configurations that may cause problems in Outlook.  The Outlook Configuration Analyzer Tool provides a detailed report of your current Outlook profile.  This report includes many parameters about your profile, and it highlights any known problems that are found in your profile.  For any problems that are listed in the report, you are provided a link to a Microsoft Knowledge Base (KB) article that describes a possible fix for the problem.

http://www.microsoft.com/download/en/details.aspx?id=28806

CalCheck

The Calendar Checking Tool for Outlook (CalCheck) is a command-line program that checks Microsoft Outlook Calendars for problems.  The tool opens an Outlook profile to access the Outlook Calendar.  It performs various checks, such as permissions, free/busy publishing, delegate configuration, and automatic booking.  Then each item in the calendar folder is checked for known problems that can cause unexpected behavior, such as meetings that appear to be missing.  As CalCheck goes through this process, it generates a report that can be used to help diagnose problem items or identify trends.

http://www.microsoft.com/download/en/details.aspx?id=28786

Monday, March 5, 2012

Hardanger

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.  Hardanger is an Open Source web application penetration testing tool led by security researchers from SecurityWire.  The project aims to bridge the gap between current open source web application testing tools commonly used in a Linux environment and bring the same level of tools to native Windows based platforms.  Hardanger aims to deliver a user friendly experience for semi-automated web application penetration testing by building tools on top of the excellent Fiddler2 web debugger.

http://hardanger.codeplex.com/

Rufus

Rufus is a small utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc.  This free utility can be used in Windows XP and all later Windows versions such as Windows Vista, 7, and 8.  It can be used in both 32-bit and 64-bit Windows editions.  Rufus is portable and does not require an installation.

rufus

http://rufus.akeo.ie/

Sunday, March 4, 2012

Ruby vSphere Console

The Ruby vSphere Console project is a console UI for vCenter Server and ESX(i) host.  It provides a way to interact with your vSphere infrastructure like the vSphere Client but using a console shell.  RVC can be installed on a Windows, Linux or Mac OSX system.  RVC currently has over 120+ commands that simplify some of the most common tasks such as cloning a VM (Full & Linked Clone), vDS Management, Cluster/Host/VM Management, etc.

https://github.com/vmware/rvc