Have you ever created a python script and wondered why when you attempt to execute the program from the command prompt, it states that the command was not found or something similar. This is because the system does not know the location of the file. The system executes programs in one of the directories listed in the PATH environment variable.
To determine the directories in the PATH environment variable, enter the following at the command shell:
$ echo $PATH
We can display the PATH variable using the echo command and prefixing the variable name by $ to indicate to the shell that we need the value of this variable. There are two ways of executing your program without having to go directly to the path which it exist. One way is you can store your program in one of the directories listed in the PATH variable, or you can add a directory to the PATH variable itself.
Option 1. Determine the available paths in the PATH variable and add your program to the directory
$ echo $PATH
$ cp python.py /usr/local/bin
$ python
Option 2. Add a directory of your choose to the PATH variable
$ PATH=$PATH:/usr/yourdir
This is very useful for script that you may want to run anywhere at anything.
December 26, 2011
Python Scripts * Gedit Editor
If gedit is your editor of choose, when creating python scripts, below are some modification to the editor I found to be very helpful:
1. Run gedit.
2. Open Preferences from the edit menu and select the Editor tab.
3. Change Tab width: to 4.
4. Select (make sure a check mark is in) 'Instert spaces instead of tabs'.
5. Turn on "Automatic indentation" as well.
6. Open the View tab and tun on "Display line numbers".
1. Run gedit.
2. Open Preferences from the edit menu and select the Editor tab.
3. Change Tab width: to 4.
4. Select (make sure a check mark is in) 'Instert spaces instead of tabs'.
5. Turn on "Automatic indentation" as well.
6. Open the View tab and tun on "Display line numbers".
Labels:
Programming
December 21, 2011
Session Tracking
One of the confusing aspects of web applications to some is the understanding of session tracking. Session tracking is just that, tracking sessions. When a communication channel (request and response) has been established between the client (or browser) and the server, a record needs to exist tracking the conversation. HTTP is a stateless protocol, meaning it does not maintain the status of the communication string or source of the communication. For example, if you were to go online to perform Christmas shopping, and you continuously purchase items by adding it to the application’s shopping cart, the server should know which client the request is coming from and add it to the correct cart.
There are three popular methods to the stateless protocol.
1. Cookies
2. URL encoding
3. Hidden form fields
The three methods serve as a way for the server to identify individual request and track sessions.
There are three popular methods to the stateless protocol.
1. Cookies
2. URL encoding
3. Hidden form fields
The three methods serve as a way for the server to identify individual request and track sessions.
December 20, 2011
Fixing HTTPOnly and Secure Cookie Flags
I read a great entry from the ModSecurity blog. This is in relation to repairing the HTTPOnly and Secure Cookie flags. According to the Microsoft Developer Network, HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).
According to the OWASP website, if the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits this flaw, the browser (primarily Internet Explorer) will not reveal the cookie to a third party.
If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie, the HttpOnly flag will be ignored by the browser, thus creating a traditional, script accessible cookie. As a result, the cookie (typically your session cookie) becomes vulnerable to theft of modification by malicious script.
If you are only interested in addressing the missing "Secure" cookie flag, then you can simply take the example from the previous post and edit it slightly to swap out "httponly" with "secure". If, however, you want to try and address both of these issues together, then you will need to change the rule set approach a bit so that it works correctly. This is because there are now three different scenarios you have to account for -
• Missing HTTPOnly flag
• Missing Secure flag (if the SessionID is being sent over an SSL connection)
• Missing both HTTPOnly and Secure flags
With this in mind, here is an updated rule set that will handle both missing HTTPOnly and Secure cooking flags.
#
# First we want to capture Set-Cookie SessionID data for later inspection
SecRule RESPONSE_HEADERS:/Set-Cookie2?/ "(?i:(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid))" "phase:3,t:none,pass,nolog,setvar:tx.sessionid=%{matched_var}"
#
# We now check the saved SessionID data for the HTTPOnly flag and set an Apache
# ENV variable if it is missing.
SecRule TX:SESSIONID "!(?i:\;? ?httponly;?)" "phase:3,t:none,setenv:httponly_cookie=%{matched_var},pass,log,auditlog,msg:'AppDefect: Missing HttpOnly Cookie Flag.'"
#
# Next we check the saved SessionID data for the Secure flag (if this is an SSL session)
# and set an Apache ENV variable if it is missing.
SecRule SERVER_PORT "@streq 443" "chain,phase:3,t:none,pass,log,auditlog,msg:'AppDefect: Missing Secure Cookie Flag.'"
SecRule TX:SESSIONID "!(?i:\;? ?secure;?)" "t:none,setenv:secure_cookie=%{matched_var}"
#
# The final check is to see if BOTH of the HTTPOnly and Secure cookie flags are missing
# and set an Apache ENV variable if they are missing.
SecRule TX:SESSIONID "!(?i:\;? ?httponly;?)" "chain,phase:3,t:none,pass,log,auditlog,msg:'AppDefect: Missing HttpOnly and Secure Cookie Flag.'"
SecRule SERVER_PORT "@streq 443" "chain,t:none"
SecRule TX:SESSIONID "!(?i:\;? ?secure;?)" "t:none,setenv:secure_httponly_cookie=%{matched_var}"
#
# This last section executes the Apache Header command to
# add the appropriate Cookie flags
Header set Set-Cookie "%{httponly_cookie}e; HTTPOnly" env=httponly_cookie
Header set Set-Cookie "%{secure_cookie}e; Secure" env=secure_cookie
Header set Set-Cookie "%{secure_httponly_cookie}e; Secure; HTTPOnly" env=secure_httponly_cookie
These rules will both alert and fix these cookie issues. You may want to switch the actions to "nolog" so that you are not flooded with alerts.
According to the OWASP website, if the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits this flaw, the browser (primarily Internet Explorer) will not reveal the cookie to a third party.
If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie, the HttpOnly flag will be ignored by the browser, thus creating a traditional, script accessible cookie. As a result, the cookie (typically your session cookie) becomes vulnerable to theft of modification by malicious script.
If you are only interested in addressing the missing "Secure" cookie flag, then you can simply take the example from the previous post and edit it slightly to swap out "httponly" with "secure". If, however, you want to try and address both of these issues together, then you will need to change the rule set approach a bit so that it works correctly. This is because there are now three different scenarios you have to account for -
• Missing HTTPOnly flag
• Missing Secure flag (if the SessionID is being sent over an SSL connection)
• Missing both HTTPOnly and Secure flags
With this in mind, here is an updated rule set that will handle both missing HTTPOnly and Secure cooking flags.
#
# First we want to capture Set-Cookie SessionID data for later inspection
SecRule RESPONSE_HEADERS:/Set-Cookie2?/ "(?i:(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid))" "phase:3,t:none,pass,nolog,setvar:tx.sessionid=%{matched_var}"
#
# We now check the saved SessionID data for the HTTPOnly flag and set an Apache
# ENV variable if it is missing.
SecRule TX:SESSIONID "!(?i:\;? ?httponly;?)" "phase:3,t:none,setenv:httponly_cookie=%{matched_var},pass,log,auditlog,msg:'AppDefect: Missing HttpOnly Cookie Flag.'"
#
# Next we check the saved SessionID data for the Secure flag (if this is an SSL session)
# and set an Apache ENV variable if it is missing.
SecRule SERVER_PORT "@streq 443" "chain,phase:3,t:none,pass,log,auditlog,msg:'AppDefect: Missing Secure Cookie Flag.'"
SecRule TX:SESSIONID "!(?i:\;? ?secure;?)" "t:none,setenv:secure_cookie=%{matched_var}"
#
# The final check is to see if BOTH of the HTTPOnly and Secure cookie flags are missing
# and set an Apache ENV variable if they are missing.
SecRule TX:SESSIONID "!(?i:\;? ?httponly;?)" "chain,phase:3,t:none,pass,log,auditlog,msg:'AppDefect: Missing HttpOnly and Secure Cookie Flag.'"
SecRule SERVER_PORT "@streq 443" "chain,t:none"
SecRule TX:SESSIONID "!(?i:\;? ?secure;?)" "t:none,setenv:secure_httponly_cookie=%{matched_var}"
#
# This last section executes the Apache Header command to
# add the appropriate Cookie flags
Header set Set-Cookie "%{httponly_cookie}e; HTTPOnly" env=httponly_cookie
Header set Set-Cookie "%{secure_cookie}e; Secure" env=secure_cookie
Header set Set-Cookie "%{secure_httponly_cookie}e; Secure; HTTPOnly" env=secure_httponly_cookie
These rules will both alert and fix these cookie issues. You may want to switch the actions to "nolog" so that you are not flooded with alerts.
URL Encoding
URL encoding is the process of converting strings into valid URL format that can be transmitted over the Internet. URLs can only be sent over the Internet using ASCII based character sets. Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.
URL encoding is normally performed to convert data passed via html forms, because such data may contain special character, such as "/", ".", "#", and so on, which could either: a) have special meanings; or b) is not a valid character for an URL; or c) could be altered during transfer. For instance, the "#" character needs to be encoded because it has a special meaning of that of an html anchor. The character also needs to be encoded because is not allowed on a valid URL format. Also, some characters, such as "~" might not transport properly across the internet.
Encoding techniques can be use to avoid pattern detection when performing web application testing, especially SQL injections. Encoding has the effect of completely changing the text much in the same way cryptography changes the text it is meant to hide from unintended viewers.
URL encoding is normally performed to convert data passed via html forms, because such data may contain special character, such as "/", ".", "#", and so on, which could either: a) have special meanings; or b) is not a valid character for an URL; or c) could be altered during transfer. For instance, the "#" character needs to be encoded because it has a special meaning of that of an html anchor. The
Encoding techniques can be use to avoid pattern detection when performing web application testing, especially SQL injections. Encoding has the effect of completely changing the text much in the same way cryptography changes the text it is meant to hide from unintended viewers.
December 17, 2011
Displaying Windows Cached Commands
One-way of displaying the Windows commands in the buffer or history at the command line is to hit the up or down arrow key. The buffer size is limited to 50-cached commands by default. This can be changed by opening the command prompt window, right clicking on the title bar, and selecting properties. In the command history section, increase or decease the buffer size to the desired number of commands cached.
Also, similar to the ‘history’ command in Linux, the ‘donkey /history’ can also be used to display the commands in cache in the current session.
C:\> donkey /history
C:\> doskey /? {displays doskey switches and functions}
Pressing ‘F7’ function key will display a windows showing the previous commands. Hit enter to use any of the commands.
Also, similar to the ‘history’ command in Linux, the ‘donkey /history’ can also be used to display the commands in cache in the current session.
C:\> donkey /history
C:\> doskey /? {displays doskey switches and functions}
Pressing ‘F7’ function key will display a windows showing the previous commands. Hit enter to use any of the commands.
Labels:
Windows
December 15, 2011
Configuring Static IPs on the Fly
I have a MacBook Pro with VMware Fusion install. Fortunately, because of the cost of a laboratory with 4 or 5 servers, this setup works for me. I have various virtual appliances include Windows 2008, Ubuntu server, Windows XP, Backtrack, and others. Today I am working on exploiting the Ubuntu server with Backtrack 4 in the virtual environment.
On the fly, I configured eth0 interfaces to be on a class B network with the following linux commands:
Ubuntu Server
# ifconfig eth0 inet 10.10.73.54 netmask 255.255.0.0
Backtrack 4 Server
# ifconfig eth0 inet 10.10.74.54 netmask 255.255.0.0
Once the host are recycled, the TCP/IP configuration will revert to the original settings.
On the fly, I configured eth0 interfaces to be on a class B network with the following linux commands:
Ubuntu Server
# ifconfig eth0 inet 10.10.73.54 netmask 255.255.0.0
Backtrack 4 Server
# ifconfig eth0 inet 10.10.74.54 netmask 255.255.0.0
Once the host are recycled, the TCP/IP configuration will revert to the original settings.
Labels:
Linux
Resetting Ubuntu Root Password
I ran into an issue today where I forget the root password for root account. The great thing was that I had a secondary account on the virtual box. The secondary account did not have UID 0 privileges. Below are the commands used to reset the root password:
$ sudo passwd root
$ Enter Unix new password: toor
$ Retype Unix new password: toor
$ sudo passwd root
$ Enter Unix new password: toor
$ Retype Unix new password: toor
Labels:
Linux
The Road to being an Ethical Hacker
Yesterday was my last of the SANS 560 Network Penetration Testing and Ethnical Hacking class. The class was absolutely great. The class was very useful in many ways. For one, sharing ideas, experiences, and goals with like-minded people was priceless. My classmates for the six days included students from the UK, Canada, Denver, Houston, South Carolina, etc. Many worked within the Intelligence community, banks, and consultants for federal agencies. Secondly, the class helped me narrow my focus. Information security at time seems to have no boundaries.
With a wave of private and commercial industries being compromised by malicious hackers daily, the need for ethical penetration hackers are in much demand.
From a skill set perspective, the following is what I concluded as being needed in order to be successful in the IT security, more so as an Ethical hackers:
1. Knowledge of the enterprise network design
2. Familiar with penetration tools, namely Backtrack. Also, have the knowledge of exploitation with frameworks such as Metasploit or BeFf.
3. Familiar with wireless protocols and configurations.
4. Scripting language like python, Perl, javascript.
5. Communication skills in order to properly convey over to a client discoveries and formulating a business case to fix any discovered vulnerabilities.
6. Report writing skills are imperative to document what was found during the test, methodologies used step by step, and remediation suggestions.
With a wave of private and commercial industries being compromised by malicious hackers daily, the need for ethical penetration hackers are in much demand.
From a skill set perspective, the following is what I concluded as being needed in order to be successful in the IT security, more so as an Ethical hackers:
1. Knowledge of the enterprise network design
2. Familiar with penetration tools, namely Backtrack. Also, have the knowledge of exploitation with frameworks such as Metasploit or BeFf.
3. Familiar with wireless protocols and configurations.
4. Scripting language like python, Perl, javascript.
5. Communication skills in order to properly convey over to a client discoveries and formulating a business case to fix any discovered vulnerabilities.
6. Report writing skills are imperative to document what was found during the test, methodologies used step by step, and remediation suggestions.
Labels:
Network Penetration Testing
Subscribe to:
Posts (Atom)