Davinder Tutorials

This blog is all about Cyber Security and IT

Friday, February 8, 2019

How to remove Pip install module error in Python

  February 08, 2019    






When you are trying to import third party module in your python program , you normally face a challenge like :









For this , no need to worry .





Just go to the your Python IDLE, Right click on the icon . Check the file location.













Go to the file location : Search for script folder









After that copy the location and paste in cmd









Change directory of cmd and install the package









Now you can easily install any package which you want .






  

  No Comments

Thursday, February 7, 2019

Guessing a Name Game in Python

  February 07, 2019    


secreat = "Webha"
Guess =""
Guess_count = 0
i = 3

while secreat != Guess and Guess_count <= 2:
print("You have " + str(i) + " attempts Left ")
Guess = input("Enter your GF name : Hint word is of 5 char \n")
Guess_count += 1
i -= 1
if secreat == Guess:
print("Yes your GF name is : Webha !! you Win")
else:
print("you lost ")






  

  No Comments

Question Answering using python if-else

  February 07, 2019    


# Question Ans using if else

name = input (" Can you please tell me who are you  \n " )

print ("Hey welcome " + name + "\n")
ans = input("Could you please tell me more about you Enter :yes/no \n")

if ans == "yes":
     age = input("Tell me your age:\n")
     int_age = int(age)

     if int_age <= 30:
        print("Don't lie" + name + "\n")
     else:
        print("Get Married , You are   " + age + "\n")

else:
    print("Get lost if you don't want to tell anything")





  

  No Comments

Wednesday, February 6, 2019

Advanced Calculator in Python

  February 06, 2019    


#advanced calculator

num1 = float(input("Enter your first number: "))
op = input("Enter the operator: ")
num2 = float(input("Enter the second number : "))
if op == "+":
    print(num1 + num2)
elif op == "-":
    print(num1 - num2)
elif op == "/":
    print(num1 / num2)
elif op == "*":
    print(num1 * num2)

else:
    print("Invalid Operator")

















   / / / / / / /

  No Comments

Saturday, January 26, 2019

File Structure in Linux

  January 26, 2019    







Most of the people who are new to Linux are confused about directories and File structure on Linux. When you boot any Linux distribution ‘root partition’ is mounted at /. Every files and folder are mounted under /. You don’t find any drive name like (C, D) etc in Linux(if it is not dual booted). Moreover In Linux, program are located in different directories. For examples less command is located under /usr/bin directory. Therefore the directory structure of Linux/Unix is intimidating especially for the users who have migrated from windows.





Difference between Linux and Windows File Structure





In windows almost all the program files are installed in ‘program file” by default unless user specify the specific directory. In Linux directory system are categories on the basis of structure of program. For example configuration files are in /etc, all binary files are in /bin or /usr/bin or /usr/local/bin and so on.





Windows file Structure





\\Folder\\subfolder\\file.txt





Linux File Structure





1/Folder/subfolder/file.txt




The basic difference is:
Linux/Unix always use forward slash to denote filesystem hierarchy whereas windows use backslash.





Understanding File system in Linux/Unix









/bin: 





  • Contains the executable programs that are part of the Linux operating system.
  • Many Linux commands such as cat, cp, ls, more, and tar are located in /bin.
  • Example ls, cat, cp.




/dev:





  • All the devices like input devices, sound card, modems are stored.
  • It is a virtual directory that contains devices files.
  • Example : /dev/udp, /dev/urandom, /dev/sda1




/etc





  • Contains config folder of entire operating system.
  • All the global setting like ssh, telnet, and smtp/pop3 mail servers.
  • Also contains system’s password file like group lists, user skeletons, and cron jobs.
  • Example: /etc/resolv.conf, /etc/logrotate.conf




/home





  • Default directory for users to store the personal files.
  • Example /home/saugat, /home/sachit




/sbin





  • contains binary executables typtically used by system admnistrator only available to root.
  • Mostly used for system maintenance purpose
  • Commands such as mount, shutdown, umount, reside here
  • Example: /sbin/halt/ /sbin/ip6tables




/usr





  • contains shareable and read only data
  • contains binaries, libraries, documentation and source code for second level program




/usr/bin : Contains executable files for many Linux commands. It is not part of the core Linux operating system.
/usr/include : Contains header files for C and C++ programming languages
/usr/lib : Contains libraries for C and C++ programming languages.
/usr/local : Contains local files. It has a similar directories as /usr contains.
/usr/sbin : Contains administrative commands.
/usr/share : Contains files that are shared, like, default configuration files, images, documentation, etc.
/usr/src : Contains the source code for the Linux kernel.
/var
Includes user specific files such as mail message, database of installed programs, log files etc.





/var/cache: Storage area for cached data for applications.
/var/lib: Contains information related to the current state of applications. Programs modify this when they run.
/var/lock: Contains lock files which are checked by applications so that a resource can be used by one application only.
/var/log: Contains log files for different applications.
/var/mail: Contains users emails.
/var/opt: Contains variable data for packages stored in /opt directory.
/var/run: Contains data describing the system since it was booted.
/var/spool: Contains data that is waiting for some kind of processing.
/var/tmp: Contains temporary files preserved between system reboots
/tmp





  • All the temporary files are store here.
  • The files under this directory are deleted when system is rebooted.
  • For example: when new program is installed it use /tmp/ to put files during installation that won’t be needed after the program is installed.




/mnt





  • Default location for mouting devices like cdrooms, floppy disk dries, USB memory sticks etc.
  • Example : /mnt/cdroom




/proc





  • contains information about system process
  • virtual file system that contains information about file system.
  • Example /proc/cpuinfo, /proc/swaps




/lib





  • share libraries are stored(perl, python, C, etc.)
  • /lib/ are also a kernel modules
  • Example: ld-2.11.1.so, libncurses.so.5.7




/opt





  • Config file for add on Application software are found here.
  • Third party application should be installed in this directory.




/root





  • Home directory of system administrator.’root’.
  • Root user has write privilege under this directory




/boot





  • Contains everything required for boot process.
  • Stores data that is used before the kernel begins executing user-mode program.
  • Example: /boot/boot.b, /boot/chain.b, /boot/config-kernel-version

  No Comments

Working with Databases in Metasploit

  January 26, 2019    


When you’re running a complex penetration test with a lot of targets, keeping
track of everything can be a challenge. Luckily, Metasploit has you covered
with expansive support for multiple database systems.
To ensure that database support is available for your system, you should
first decide which database system you want to run. Metasploit supports
MySQL and PostgreSQL; because PostgreSQL is the default, we’ll stick with
it in this discussion.













To start export the result >>





Use keywords -oX (mean output in XML)









This will create a XML file with name ResultNmap.XML


  

  No Comments

Nmap with -sS and -Pn

  January 26, 2019    


nmap has a quite a few options, but you’ll use just a few of them for the most part.
One of our preferred nmap options is -sS. This runs a stealth TCP scan
that determines whether a specific TCP-based port is open. Another preferred option is -Pn, which tells nmap not to use ping to determine whether a system is running; instead, it considers all hosts “alive.” If you’re performing Internet based penetration tests, you should use this flag, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
Now let’s run a quick nmap scan against our target machine using
both the -sS and -Pn flags.














As you can see, nmap reports a list of open ports, along with a description
of the associated service for each.
For more detail, try using the -A flag. This option will attempt advanced
service enumeration and banner grabbing, which may give you even more
details about the target system. For example, here’s what we’d see if we were
to call nmap with the -sS and -A flags, using our same target system:










   / / / / / / / / / / / /

  No Comments

Scanner FTP Auxiliary Modules

  January 26, 2019    


anonymous





The ftp/anonymous scanner will scan a range of IP addresses searching for FTP servers that allow anonymous access and determines where read or write permissions are allowed.





msf > use auxiliary/scanner/ftp/anonymous
msf auxiliary(anonymous) > show options

Module options:

   Name     Current Setting      Required  Description
   ----     ---------------      --------  -----------
   FTPPASS  mozilla@example.com  no        The password for the specified username
   FTPUSER  anonymous            no        The username to authenticate as
   RHOSTS                        yes       The target address range or CIDR identifier
   RPORT    21                   yes       The target port
   THREADS  1                    yes       The number of concurrent threads




Configuring the module is a simple matter of setting the IP range we wish to scan along with the number of concurrent threads and let it run.





msf auxiliary(anonymous) > set RHOSTS 192.168.1.200-254
RHOSTS => 192.168.1.200-254
msf auxiliary(anonymous) > set THREADS 55
THREADS => 55
msf auxiliary(anonymous) > run

[*] 192.168.1.222:21 Anonymous READ (220 mailman FTP server (Version wu-2.6.2-5) ready.)
[*] 192.168.1.205:21 Anonymous READ (220 oracle2 Microsoft FTP Service (Version 5.0).)
[*] 192.168.1.215:21 Anonymous READ (220 (vsFTPd 1.1.3))
[*] 192.168.1.203:21 Anonymous READ/WRITE (220 Microsoft FTP Service)
[*] 192.168.1.227:21 Anonymous READ (220 srv2 Microsoft FTP Service (Version 5.0).)
[*] 192.168.1.204:21 Anonymous READ/WRITE (220 Microsoft FTP Service)
[*] Scanned 27 of 55 hosts (049% complete)
[*] Scanned 51 of 55 hosts (092% complete)
[*] Scanned 52 of 55 hosts (094% complete)
[*] Scanned 53 of 55 hosts (096% complete)
[*] Scanned 54 of 55 hosts (098% complete)
[*] Scanned 55 of 55 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(anonymous) >




ftp_login





The ftp_login auxiliary module will scan a range of IP addresses attempting to log in to FTP servers.





msf > use auxiliary/scanner/ftp/ftp_login 
msf auxiliary(ftp_login) > show options

Module options (auxiliary/scanner/ftp/ftp_login):

   Name              Current Setting                     Required  Description
   ----              ---------------                     --------  -----------
   BLANK_PASSWORDS   false                               no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                                   yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false                               no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false                               no        Add all passwords in the current database to the list
   DB_ALL_USERS      false                               no        Add all users in the current database to the list
   PASSWORD                                              no        A specific password to authenticate with
   PASS_FILE         /usr/share/wordlists/fasttrack.txt  no        File containing passwords, one per line
   Proxies                                               no        A proxy chain of format type:host:port[,type:host:port][...]
   RECORD_GUEST      false                               no        Record anonymous/guest logins to the database
   RHOSTS                                                yes       The target address range or CIDR identifier
   RPORT             21                                  yes       The target port (TCP)
   STOP_ON_SUCCESS   false                               yes       Stop guessing when a credential works for a host
   THREADS           1                                   yes       The number of concurrent threads
   USERNAME                                              no        A specific username to authenticate as
   USERPASS_FILE                                         no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false                               no        Try the username as the password for all users
   USER_FILE                                             no        File containing usernames, one per line
   VERBOSE           true                                yes       Whether to print output for all attempts




This module can take both wordlists and user-specified credentials in order to attempt to login.





msf auxiliary(ftp_login) > set RHOSTS 192.168.69.50-254
RHOSTS => 192.168.69.50-254
msf auxiliary(ftp_login) > set THREADS 205
THREADS => 205
msf auxiliary(ftp_login) > set USERNAME msfadmin
USERNAME => msfadmin
msf auxiliary(ftp_login) > set PASSWORD msfadmin
PASSWORD => msfadmin
msf auxiliary(ftp_login) > set VERBOSE false
VERBOSE => false
msf auxiliary(ftp_login) > run

[*] 192.168.69.51:21 - Starting FTP login sweep
[*] 192.168.69.50:21 - Starting FTP login sweep
[*] 192.168.69.52:21 - Starting FTP login sweep
...snip...
[*] Scanned 082 of 205 hosts (040% complete)
[*] 192.168.69.135:21 - FTP Banner: '220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.69.135]\x0d\x0a'
[*] Scanned 204 of 205 hosts (099% complete)
[+] 192.168.69.135:21 - Successful FTP login for 'msfadmin':'msfadmin'
[*] 192.168.69.135:21 - User 'msfadmin' has READ/WRITE access
[*] Scanned 205 of 205 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ftp_login) >




As we can see, the scanner successfully logged in to one of our targets with the provided credentials.





ftp_version





The ftp_version module simply scans a range of IP addresses and determines the version of any FTP servers that are running.





msf > use auxiliary/scanner/ftp/ftp_version
msf auxiliary(ftp_version) > show options

Module options:

   Name     Current Setting      Required  Description
   ----     ---------------      --------  -----------
   FTPPASS  mozilla@example.com  no        The password for the specified username
   FTPUSER  anonymous            no        The username to authenticate as
   RHOSTS                        yes       The target address range or CIDR identifier
   RPORT    21                   yes       The target port
   THREADS  1                    yes       The number of concurrent threads




To setup the module, we just set our RHOSTS and THREADS values and let it run.





msf auxiliary(ftp_version) > set RHOSTS 192.168.1.200-254
RHOSTS => 192.168.1.200-254
msf auxiliary(ftp_version) > set THREADS 55
THREADS => 55
msf auxiliary(ftp_version) > run

[*] 192.168.1.205:21 FTP Banner: '220 oracle2 Microsoft FTP Service (Version 5.0).\x0d\x0a'
[*] 192.168.1.204:21 FTP Banner: '220 Microsoft FTP Service\x0d\x0a'
[*] 192.168.1.203:21 FTP Banner: '220 Microsoft FTP Service\x0d\x0a'
[*] 192.168.1.206:21 FTP Banner: '220 oracle2 Microsoft FTP Service (Version 5.0).\x0d\x0a'
[*] 192.168.1.216:21 FTP Banner: '220 (vsFTPd 2.0.1)\x0d\x0a'
[*] 192.168.1.211:21 FTP Banner: '220 (vsFTPd 2.0.5)\x0d\x0a'
[*] 192.168.1.215:21 FTP Banner: '220 (vsFTPd 1.1.3)\x0d\x0a'
[*] 192.168.1.222:21 FTP Banner: '220 mailman FTP server (Version wu-2.6.2-5) ready.\x0d\x0a'
[*] 192.168.1.227:21 FTP Banner: '220 srv2 Microsoft FTP Service (Version 5.0).\x0d\x0a'
[*] 192.168.1.249:21 FTP Banner: '220 ProFTPD 1.3.3a Server (Debian) [::ffff:192.168.1.249]\x0d\x0a'
[*] Scanned 28 of 55 hosts (050% complete)
[*] 192.168.1.217:21 FTP Banner: '220 ftp3 FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.\x0d\x0a'
[*] Scanned 51 of 55 hosts (092% complete)
[*] Scanned 52 of 55 hosts (094% complete)
[*] Scanned 53 of 55 hosts (096% complete)
[*] Scanned 55 of 55 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ftp_version) >

   / / / /

  No Comments

Friday, January 25, 2019

Malvertising

  January 25, 2019    

Malvertising, or malicious advertising, is the use of online, malicious advertisements to spread malware and compromise systems. Generally this occurs through the injection of unwanted or malicious code into ads. Malicious actors then pay legitimate online advertising networks to display the infected ads on various websites, exposing every user visiting these sites to the potential risk of infection. Generally, the legitimate advertising networks and websites are not aware they are serving malicious content.

How does malvertising work?


Malicious actors hide a small piece of code deep within a legitimate looking advertisement, which will direct the user’s machine to a malicious or compromised server. When the user’s machine successfully makes a connection to the server, an exploit kit hosted on that server executes. An exploit kit is a type of malware that evaluates a system, determines what vulnerabilities exist on the system, and exploits a vulnerability. From there, the malicious actor is able to install malware by utilizing the security bypass created by the exploit kit. The additional software could allow the attacker to perform a number of actions including, allowing full access to the computer, exfiltrating financial or sensitive information, locking the system and holding it ransom via ransomware, or adding the system to a botnet so it can be used to perform additional attacks. This entire process occurs behind the scenes, out of sight of the user and without any interaction from the user.

The Most Popular Exploit Kit


One of the most popular exploit kits currently in use is the Angler Exploit Kit. Angler employs a number of evasion techniques in order to avoid being detected. For example, the URL of the landing page the user’s computer connects to, where the exploit kit is hosted, is often generated dynamically. This makes it difficult to detect because the URL is constantly changing. Angler also has the functionality to determine if it is being run inside of a virtual machine, thus making it difficult for cybersecurity analysts to perform analysis on it. Finally, multiple layers of obfuscation exist in Angler, built on top of each other with various encoding schemes (base64, RC4, etc.) to hide the code that executes when the vulnerable user visits the server.

Angler uses a variety of vulnerabilities in Adobe Flash, Microsoft Silverlight, and Oracle Java. These are all extremely common extensions running on many popular web browsers. When the user’s computer visits the server hosting the exploit kit, the system is scanned to determine which versions of the above software are running on the user’s browser. From there, Angler picks the best vulnerability for exploiting the victim.

   /

  No Comments

Friday, November 30, 2018

Types of Windows Events

  November 30, 2018    

We have 5 types of security events in windows >

Error : When some kind of service failed to execute or there is some loss of information

Warning : This event is generated when there is some problem going to happen in future .  Like  disk space utilization message .

Information : This type of event is generated when there is some informative message , like application services are running accurately

Success audit : This type of  event generated when user successfully logged in to a system

Failure audit : When there is failure in login attempt .

Main security Events













































IDLevelEvent LogEvent Source
App Error1000ErrorApplicationApplication Error
App Hang1002ErrorApplicationApplication Hang
BSOD1001ErrorSystemMicrosoft-Windows-WER-
SystemErrorReporting
WER1001InformationalApplicationWindows Error Reporting
EMET12WarningErrorApplicationApplicationEMET

Hackers need access to your systems just like any other user, so it’s worth looking for suspicious login activity. Table 2 shows events that might show a problem. Pass-the-Hash (PtH) is a popular form of attack that allows a hacker to gain access to an account without needing to know the password. Look out for NTLM Logon Type 3 event IDs 4624 (failure) and 4625 (success).

Table 2 – Account Usage




















































IDLevelEvent LogEvent Source
Account Lockouts4740InformationalSecurityMicrosoft-Windows-Security-
Auditing
User Added to Privileged Group4728, 4732, 4756InformationalSecurityMicrosoft-Windows-Security-
Auditing
Security-Enabled group Modification4735InformationalSecurityMicrosoft-Windows-Security-
Auditing
Successful User Account Login4624InformationalSecurityMicrosoft-Windows-Security-
Auditing
Failed User Account Login4625InformationalSecurityMicrosoft-Windows-Security-
Auditing
Account Login with Explicit Credentials4648InformationalSecurityMicrosoft-Windows-Security-
Auditing

High-value assets, like domain controllers, shouldn’t be managed using Remote Desktop. Logon Type 10 event IDs 4624 (Logon) and 4634 (Logoff) might point towards malicious RDP activity.

  

  No Comments

Subscribe to: Posts (Atom)