Penetration Testing Blog
The formula to calculate how many symmetric keys would be needed for a number of users is:
n(n-1)/2
n denotes the number of users required.
For example, if there are 10 users requiring symmetric keys, you would need 45 keys:
10(10-1)/2 = 45 symmetric keys
Prerequisites
The Netwide Assembler (NASM) will need to be installed on the host. NASM is an assembler and disassembler for the Intel x86 architecture.
sudo apt-get install nasm
Getting started
Once NASM has been installed, create a new file with the below code and save as ‘hello-world.nasm’:
global _start
section .text
_start:
mov rax, 1
mov rdi, 1
mov rsi, hello_world
mov rdx, length
syscall
section .data
hello_world: db 'Hello, World!', 0xa
length: equ $-hello_world
For the example above, the ‘global _start’ is the global directive in NASM for declaring the entry point in the object code. The next line ‘section .text’ contains the actual machine instructions and declares the entry point of your program with ‘_start:’. The next line of code takes the integer value of 1 for the source address, and moves (mov) this in to the CPU general purpose register RAX (64-bit accumulator) as the destination address stored in memory. It is worth noting that the integer value of 1 here, is the argument used for the write syscall function. We can check this by grepping for the write syscall:
$ cat /usr/include/x86_64-linux-gnu/asm/unistd_64.h | grep write
This will show the write syscall functions (API syscalls from user mode in to kernel mode):
#define __NR_write 1
#define __NR_pwrite64 18
#define __NR_writev 20
#define __NR_pwritev 296
#define __NR_process_vm_writev 311
#define __NR_pwritev2 328
The remaining lines of code continue with moving the data between the source and destination addresses in memory to the general purpose registers, before calling ‘syscall’. Under ‘section .data’, this contains anything that you want to be automatically initialized by the system before it calls the entry point of your program.
For the next step after creating the file, is to assemble and link the object code for the ‘Hello World.nasm’ assembly file. To assemble, use the following command:
nasm -felf64 "hello-world.nasm" -o "hello-world.o"
To link the object code, use the following command:
ld "hello-world.o" -o "hello-world"
Finally, to execute the assembled and linked object code, run the following command:
./"hello-world"
Open PowerShell terminal from ‘Start > Run’.
Paste the following command in to the terminal to gather the list of installed programs on Windows:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize
This will display the output within your PowerShell terminal.
To output the information to a file, you can use the following command (amend as appropriate for your username and output location):
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize > "file_output_location_and_file_format".
For the file output location, you can use the path, e.g. C:\Users\Kevin\Documents\PSAppOutput.txt.
Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.
Wordpot is a WordPress honeypot which detects probes for plugins, themes, timthumb and other common files used to fingerprint a wordpress installation.
Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271.
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.
Suricata is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
Glastopf is a Python web application honeypot, that collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks.
Elastichoney is a simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch.
Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance.
Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.
using System;
namespace ConsoleApp1
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
}
}
}
Save file as helloworld.cs
#!/usr/local/bin/ruby -w
puts "Hello World"
Save file as helloworld.rb
#!/usr/bin/perl
use strict;
use warnings;
my $hello = "Hello, World!\n";
print $hello;
Save file as helloworld.pl
#include <iostream>
using namespace std;
int main()
{
cout << "Hello world!" << endl;
return 0;
}
Save file as helloworld.c
#!/usr/bin/python
print("Hello, World!")
Save file as helloworld.py
Run Snort
sudo snort
Run Snort with preprocessors configured
sudo snort -v -c /etc/snort/snort.conf
Location of Snort.conf file
/etc/snort/snort.conf
Location of alert log file
/var/log/snort/alert
Location of snort log file
/var/log/snort/snort.log
Check Snort version
sudo snort -V
Edit local rules
sudo nano /etc/snort/rules/local.rules