Hey guys,
I have created a blog on Wordpress and have imported all the blogs from here. It would be good if you could follow me from there.
Wordpress Blog: xpl0it.wordpress.com
Sorry for the inconvenience.
Thanks for all the support :)
I have created a blog on Wordpress and have imported all the blogs from here. It would be good if you could follow me from there.
Wordpress Blog: xpl0it.wordpress.com
Sorry for the inconvenience.
Thanks for all the support :)
Recently, a few months ago, on the 30th of June, 2009, Cop-Tech Forum was launched. It is a joint initiative of Pune Police, NASSCOM (The National Association of Software and Services Companies) and the DSCI (Digital Security Council of India).
Purpose:
The main objective behind this forum was to increase sharing of ideas and knowledge on cyber security between the Police and the IT Industry. As Commissioner of Police, Dr. Satya Pal Singh, phrased it: "Cop-Tech is solemnization of the marriage between the Police and the IT Industry". It is an initiative which calls for contribution of the IT professionals to help develop the Police force to serve the people better.
Pratap Reddy, an IPS officer who was an advisor (cyber security) to NASSCOM, listed down the things which Cop-Tech has to take care of:
Pic:
Pratap Reddy (2nd from Right)
Dr. Satya Pal Singh (Lighting the lamp)
There was a good suggestion from one of the attendees. What he suggested was to look at the whole Cyber Crime as a business. A business which would involve 3 steps, including the actual crime and the monetization of that crime (like selling the data/information, selling the method to perform the crime in form of exploits, etc). If in some way, one of the 3 steps could be interfered and cause hamper, the whole cyber crime process would fall. But, since this Cop-Tech forum has a narrow scope (as of now) to those listed above, this suggestion was left for future scope. There were many other inputs from the audience volunteering for Image and Video Analysis, Forensics, etc.
In short, it was good to see a bunch of around 60-70 individuals as well as a few groups like Null to have participated in this and who are ready to contribute. But, looking at the facts of Pune being the "IT hub of India" or the Silicon Valley of the East, 60 - 70 was a very small number. Till date, people have always questioned the government for not doing a good job, but when it comes to helping/contribution/volunteering, only a bunch of people are there at the disposal of the government, even when the government has taken the first step. This is a humble request to all IT Professionals to help the Police and the Cyber Cell to make it better so that they are able to serve us in a better way.
To get in touch with CopTech and Cyber Cell Pune, you can pay a visit to Cyber Cell branch at Sadhu Vasvani Road, Camp, Pune-1.
Dr. Satya Pal Singh's Blog: http://drsatyapalsingh.blogspot.com/
Purpose:
The main objective behind this forum was to increase sharing of ideas and knowledge on cyber security between the Police and the IT Industry. As Commissioner of Police, Dr. Satya Pal Singh, phrased it: "Cop-Tech is solemnization of the marriage between the Police and the IT Industry". It is an initiative which calls for contribution of the IT professionals to help develop the Police force to serve the people better.
Pratap Reddy, an IPS officer who was an advisor (cyber security) to NASSCOM, listed down the things which Cop-Tech has to take care of:
- Develop the Control Room of Pune Police to make it state-of-art which can cater to all those who dial 100 in a proper, structured way. This would also involve Fleet Management to keep track of police vehicles on the field
- Cyber crime, computer security awareness among the students, non-IT professionals and the citizens in general
- Usage of CCTVs from different locations. This would also involve Video and Image Analysis. For this, IT professionals who work in this area were called for help.
- Training the Police staff in Cyber Security, Cyber Crime Investigation, Forensic Investigation, Computer Security in general, trainings on using of different tools (like GPS). This is to ensure that the state-of-art devices which would be used in the Control Rooms would be used efficiently and effectively by the policemen
- Forensic Investigation. There are many cases which are shutdown since Police do not have proper evidence or direction to work on. Here, the IT professionals can help (voluntarily) in Forensic Investigation
After this, the discussion was thrown out to the audience who are ready to contribute to this CopTech Forum. It was good to see a number of professionals from Infosys, Delloit, IBM, Null Security Community, Press, etc, who were ready to help in their own way. An Infosys guy was ready to design, develop, code and implement a database system for Cyber Crime cell and Control Room. As is going on for many months now, Null Security Community is already into spreading security awareness among the citizens of Pune, which has now extended to Banglore. They were also interested in helping for Cyber Crime Investigations and Forensics.
Pic:
Pratap Reddy (2nd from Right)
Dr. Satya Pal Singh (Lighting the lamp)
There was a good suggestion from one of the attendees. What he suggested was to look at the whole Cyber Crime as a business. A business which would involve 3 steps, including the actual crime and the monetization of that crime (like selling the data/information, selling the method to perform the crime in form of exploits, etc). If in some way, one of the 3 steps could be interfered and cause hamper, the whole cyber crime process would fall. But, since this Cop-Tech forum has a narrow scope (as of now) to those listed above, this suggestion was left for future scope. There were many other inputs from the audience volunteering for Image and Video Analysis, Forensics, etc.
In short, it was good to see a bunch of around 60-70 individuals as well as a few groups like Null to have participated in this and who are ready to contribute. But, looking at the facts of Pune being the "IT hub of India" or the Silicon Valley of the East, 60 - 70 was a very small number. Till date, people have always questioned the government for not doing a good job, but when it comes to helping/contribution/volunteering, only a bunch of people are there at the disposal of the government, even when the government has taken the first step. This is a humble request to all IT Professionals to help the Police and the Cyber Cell to make it better so that they are able to serve us in a better way.
To get in touch with CopTech and Cyber Cell Pune, you can pay a visit to Cyber Cell branch at Sadhu Vasvani Road, Camp, Pune-1.
Dr. Satya Pal Singh's Blog: http://drsatyapalsingh.blogspot.com/
Scenario 1: You forgot(or don't want) to go offline and you are projecting your screen on projector with some serious discussion in a busy conference room and bang! an old friend messages you on messenger "Hi Sexy"
Scenario 2: You are sitting with someone say Mr. A and another friend say Mr. B sends you a message about Mr. A. You know what kind of message I'm talking about
These kind of sudden and uninvited chat messages can disturbing at times. So in one of my previous organization we had a protocol for chatting. I found it very helpful and slowly many of my friends have started following it.
Here's how it goes, PLEASE try to follow the same when chatting with me and may be others too. This will make the online life bit comfortable for you and your friends
[?] To start a conversation, send a question mark only. Yes a simple " ? " only. This can mean anything as per your understanding like "Can we chat?" or "are you there?".
Now the answer to this question can be yes no or later
[Y] So if the answer is YES, the person replies " y ". Which means "I'm comfortable chatting with you at this moment, tell me"
[N] If the answer is NO for reasons like "I'm busy", or "Can't chat" or whatever, the person replies " n ". If you get a " n " DO NOT send any more message, not even "OK, I'll ping you later" It like saying DO NOT DISTURB
[5] or for that matter any number like " 10 " - "15 " means busy right now, lets talk after 5 (or 10-15) minutes. This comes very handy when you want to chat but because you are preoccupied in something which you can't leave in between.
[ ] If in case there is no reply from the other side, there can be 2 reasons. Too busy to say a " n " or not near the computer. The best option in this case is treat it as " n " and DO NOT disturb
Looking at so many shortcuts, we devised another shortcut. It was " b " this time which means BYE that comes at the end of conversation.
I strongly recommend all my friends to use this protocol while starting a chat with me. Share the protocol with your friends and see the difference.
Original Post: http://blog.rohit11.com/2009/02/chat-protocol.html
Thanks to Rohit Shrivastva, from whose blog I copied this.
Scenario 2: You are sitting with someone say Mr. A and another friend say Mr. B sends you a message about Mr. A. You know what kind of message I'm talking about
These kind of sudden and uninvited chat messages can disturbing at times. So in one of my previous organization we had a protocol for chatting. I found it very helpful and slowly many of my friends have started following it.
Here's how it goes, PLEASE try to follow the same when chatting with me and may be others too. This will make the online life bit comfortable for you and your friends
[?] To start a conversation, send a question mark only. Yes a simple " ? " only. This can mean anything as per your understanding like "Can we chat?" or "are you there?".
Now the answer to this question can be yes no or later
[Y] So if the answer is YES, the person replies " y ". Which means "I'm comfortable chatting with you at this moment, tell me"
[N] If the answer is NO for reasons like "I'm busy", or "Can't chat" or whatever, the person replies " n ". If you get a " n " DO NOT send any more message, not even "OK, I'll ping you later" It like saying DO NOT DISTURB
[5] or for that matter any number like " 10 " - "15 " means busy right now, lets talk after 5 (or 10-15) minutes. This comes very handy when you want to chat but because you are preoccupied in something which you can't leave in between.
[ ] If in case there is no reply from the other side, there can be 2 reasons. Too busy to say a " n " or not near the computer. The best option in this case is treat it as " n " and DO NOT disturb
Looking at so many shortcuts, we devised another shortcut. It was " b " this time which means BYE that comes at the end of conversation.
I strongly recommend all my friends to use this protocol while starting a chat with me. Share the protocol with your friends and see the difference.
Original Post: http://blog.rohit11.com/2009/02/chat-protocol.html
Thanks to Rohit Shrivastva, from whose blog I copied this.
Installing Skype on Fedora is a pain in the neck. And making the sound work on skype is a bigger pain! After migrating from Ubuntu to Fedora, things have become really difficult! In this post, I explain (thanks to mdim, a user on fedoraforum.org) how to install Skype on Fedora 11.
The first few steps are a copy paste of what mdim wrote on the forum:
Step 1:
Login as root in the terminal
Code:
And provide your root password.
Step 2:
Download the libsigc++20-2.0.17-1.i386.rpm package:
Code:
Step 3:
Run the command:
Code:
Step 4:
Create directory /opt/libs32/ if you don't have it yet:
Code:
Step 5:
Copy libsigc-2.0.so.0 and libsigc-2.0.so.0.0.0 to /opt/libs32/ directory:
Code: Step 6:
Install everything that has anything to do with Qt4:
Code: Step 7:
Download the skype-1.4.0.118-fc5.i586.rpm rpm package from http://www.skype.com/intl/en/downloa.../linux/choose/ and enter command in terminal:
Code: Step 8:
Now give the path to those libraries:
Step 9:
Now you can run skype by typing:
Code: IMPORTANT NOTE:
In some cases, there is this error which is encountered on the last step (Step 9).
warning: skype-2.0.0.72-fc5.i586.rpm: Header V3 DSA signature: NOKEY, key ID d66b746e
And when Skype is executed, another error is encountered:
skype: error while loading shared libraries: libXss.so.1: cannot open shared object file: No such file or directory
For this, you would require the file libXss.so.1
Step 10:
Enter the following command in the terminal and then start skype.
Code:
yum install libXss.so.1
Special thanks to mdim and the post http://forums.fedoraforum.org/showthread.php?t=174114
The first few steps are a copy paste of what mdim wrote on the forum:
Step 1:
Login as root in the terminal
Code:
su -
And provide your root password.
Step 2:
Download the libsigc++20-2.0.17-1.i386.rpm package:
Code:
wget http://fedora.osmirror.nl/extras/5/i386/libsigc++20-2.0.17-1.i386.rpm
Step 3:
Run the command:
Code:
rpm2cpio *.rpm | cpio -idmv
Step 4:
Create directory /opt/libs32/ if you don't have it yet:
Code:
mkdir /opt/libs32
Copy libsigc-2.0.so.0 and libsigc-2.0.so.0.0.0 to /opt/libs32/ directory:
Code:
cp ./usr/lib/libsigc-2.0.so.0 /opt/libs32/
cp ./usr/lib/libsigc-2.0.so.0.0.0 /opt/libs32/
Install everything that has anything to do with Qt4:
Code:
yum install qt4*
Download the skype-1.4.0.118-fc5.i586.rpm rpm package from http://www.skype.com/intl/en/downloa.../linux/choose/ and enter command in terminal:
Code:
rpm -i --force --nodeps skype-1.4.0.118-fc5.i586.rpm
Now give the path to those libraries:
Code:
export LD_LIBRARY_PATH="/opt/libs32/"
Now you can run skype by typing:
Code:
skype
In some cases, there is this error which is encountered on the last step (Step 9).
warning: skype-2.0.0.72-fc5.i586.rpm: Header V3 DSA signature: NOKEY, key ID d66b746e
And when Skype is executed, another error is encountered:
skype: error while loading shared libraries: libXss.so.1: cannot open shared object file: No such file or directory
For this, you would require the file libXss.so.1
Step 10:
Enter the following command in the terminal and then start skype.
Code:
yum install libXss.so.1
Special thanks to mdim and the post http://forums.fedoraforum.org/showthread.php?t=174114
First day into my VAPT - Vulnerability Assessment and Penetration Testing, (Hacking, in short) was a blunder. I had not contacted my mentor that I was going to start from 15th of April. I forgot :D. Neither did I know his time of arrival to the office, so that I could reach just on time to talk to him and get the project details.
Anyways, reached xyz (the company for whom I work) at around 9:10 am. I contacted my mentor, Mr Danny Nagdev just before reaching their. He asked me to come at 10, since he was in a meeting. Passed my time on Level 9, started my laptop, and began playing Burnout Paradise ... believe me, its a superb game, with all the stunts and races and what not ... cool cars, great graphics ... ok, later, back to the topic.
I was re-directed to another office of xyz, after meeting Mr. Danny, where the security administrator used to work from. Finally, after having a chai with Mr. Namit Kasliwal, the Security Administrator of xyz, I got my project. I did have a choice of skipping office since that was the first day, but I started off with my job, due to 2 reasons, 1) no friends on the campus and 2) i am a workaholic.
The Project:
I was asked to Hack into the xyz servers. Yo. That would be fun! Lets start off. The project was going to be a Black Box type, i.e. the company would provide me with no information, its me who has to find out everything! Imagine, EVERYTHING!!!! Fine, lets go ahead.
Starting off with the Project:
The company people were good enough to provide me with an ethernet cable to connect to their internal network. Good, atleast that would help me find some more information about them!
The only thing I knew about the company (other than its name, and the 2 people I met), was the website. After connecting to the local internet, I found the basic information:
- the subnet I was connected to (IP address and the subnet mask)
- the DNS used by the company
- the default gateway
After this, the logical step was to find out the final gateway of the company, i.e. the final server which connected xyz the world, the Internet. So, for that, I did a traceroute to the google and orkut servers and from there. Traceroute gives you a list of all the hops on the way to the servers. Looking (DNS Lookup) up each one of them, I came to know of the last internal ip address which would take all the requests of xyz to the Internet. Hence, found the NAT Server!
The next step which I took, was in the Internet side. I queried the Whois database for information on the company's website. Finding a few fields which were unknown to me, I went on to look for details of the fields which are included in the Whois query answer. I found this wonderful site http://www.apnic.net/db/ref/attributes/attributes-inetnum.html which listed all the fields and their descriptions. Having queried the Whois database, I found a lot many details about the company, like the Name of the contact person for the website, the address of the registrant, phone numbers, email addresses, and the most important, the DNS records!! I dont know why the whois database is open for all; well, good for people like me ;).
For the Whois query, I used www.samspade.org for the same. I haven't tried finding how it queries the Whois database, but I did find out how to query the samspade whois database.
www.samspade.org/whois?query=;server=auto. This URL would take you to the Whois page of the IP/Domain.
Also, from the Whois query, I came to know that xyz hosted its website on a public domain, and it wasnt in their servers ... wow ... pretty intelligent!
Having found the DNS records from the Whois page, the next step was to find the subdomains and the other domains, if registered.
Since it was the first day, I din't want to go into much of details, and so used the tools on the page http://member.dnsstuff.com/pages/tools.php to get more information on the web server. Using the Whois wouldnt have made much of a difference, since all the whois queries would return the same answer!
Used all the tools available on that page to check what all information I get my hands on.
After all this, I sat surfing their website, looking for more information about the company; their products, services, addresses .... anything, everything.
There is a pretty good addon to firefox, "Extract Links". It would extract all the links from the specified page and print it on a new tab, separating all the links and the domains. Through this, I found various sub domains of the company xyz. Pretty neat. I dint have to use much of the DNS tools to get the sub domains ;)
There is one more addon, External IP Address. This shows the public IP Address which you are using to connect to the Internet. Through this, I got the IP Address range which the company xyz uses! Simple, huh ;)
Lastly, having certain restrictions on surfing the web, I found the page www.torproject.org. I installed a client for this and started surfing without any problems! Yo! :D
Cheers :)
Anyways, reached xyz (the company for whom I work) at around 9:10 am. I contacted my mentor, Mr Danny Nagdev just before reaching their. He asked me to come at 10, since he was in a meeting. Passed my time on Level 9, started my laptop, and began playing Burnout Paradise ... believe me, its a superb game, with all the stunts and races and what not ... cool cars, great graphics ... ok, later, back to the topic.
I was re-directed to another office of xyz, after meeting Mr. Danny, where the security administrator used to work from. Finally, after having a chai with Mr. Namit Kasliwal, the Security Administrator of xyz, I got my project. I did have a choice of skipping office since that was the first day, but I started off with my job, due to 2 reasons, 1) no friends on the campus and 2) i am a workaholic.
The Project:
I was asked to Hack into the xyz servers. Yo. That would be fun! Lets start off. The project was going to be a Black Box type, i.e. the company would provide me with no information, its me who has to find out everything! Imagine, EVERYTHING!!!! Fine, lets go ahead.
Starting off with the Project:
The company people were good enough to provide me with an ethernet cable to connect to their internal network. Good, atleast that would help me find some more information about them!
The only thing I knew about the company (other than its name, and the 2 people I met), was the website. After connecting to the local internet, I found the basic information:
- the subnet I was connected to (IP address and the subnet mask)
- the DNS used by the company
- the default gateway
After this, the logical step was to find out the final gateway of the company, i.e. the final server which connected xyz the world, the Internet. So, for that, I did a traceroute to the google and orkut servers and from there. Traceroute gives you a list of all the hops on the way to the servers. Looking (DNS Lookup) up each one of them, I came to know of the last internal ip address which would take all the requests of xyz to the Internet. Hence, found the NAT Server!
The next step which I took, was in the Internet side. I queried the Whois database for information on the company's website. Finding a few fields which were unknown to me, I went on to look for details of the fields which are included in the Whois query answer. I found this wonderful site http://www.apnic.net/db/ref/attributes/attributes-inetnum.html which listed all the fields and their descriptions. Having queried the Whois database, I found a lot many details about the company, like the Name of the contact person for the website, the address of the registrant, phone numbers, email addresses, and the most important, the DNS records!! I dont know why the whois database is open for all; well, good for people like me ;).
For the Whois query, I used www.samspade.org for the same. I haven't tried finding how it queries the Whois database, but I did find out how to query the samspade whois database.
www.samspade.org/whois?query=
Also, from the Whois query, I came to know that xyz hosted its website on a public domain, and it wasnt in their servers ... wow ... pretty intelligent!
Having found the DNS records from the Whois page, the next step was to find the subdomains and the other domains, if registered.
Since it was the first day, I din't want to go into much of details, and so used the tools on the page http://member.dnsstuff.com/pages/tools.php to get more information on the web server. Using the Whois wouldnt have made much of a difference, since all the whois queries would return the same answer!
Used all the tools available on that page to check what all information I get my hands on.
After all this, I sat surfing their website, looking for more information about the company; their products, services, addresses .... anything, everything.
There is a pretty good addon to firefox, "Extract Links". It would extract all the links from the specified page and print it on a new tab, separating all the links and the domains. Through this, I found various sub domains of the company xyz. Pretty neat. I dint have to use much of the DNS tools to get the sub domains ;)
There is one more addon, External IP Address. This shows the public IP Address which you are using to connect to the Internet. Through this, I got the IP Address range which the company xyz uses! Simple, huh ;)
Lastly, having certain restrictions on surfing the web, I found the page www.torproject.org. I installed a client for this and started surfing without any problems! Yo! :D
Cheers :)
Finally! I have been able to install Microsoft Office 2007 on my Linux (Ubuntu 8.10 Intrepid Ibex). This was the only lacking feature in my Ubuntu, a good office solution. Though I hate Microsoft, I like its Office solution.
So, have been searching and trying, searching and trying out various ways to install Office on Ubuntu, and finally, am successful! Shockingly, it’s pretty easy to install Office 2007 on Linux! 
1) Install Wine:
Wine is required. This is the basic requirement. If you dont have Wine, you cant install Office! It is currently in a development release. If you don’t have it already, here’s a quick guide.
Enter the following commands in the Terminal:
wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -
sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.list
sudo apt-get update
sudo apt-get install wine
2) Install winetricks:
Winetricks is a small shell script which allows you to install a large variety of library and support files, and is available here. To download directly, type the following command:
wget http://www.kegel.com/wine/winetricks
chmod +x ./winetricks
3) Use winetricks:
This will setup all neccesary libraries that Office will need to run.
./winetricks gdiplus riched20 riched30 msxml3 msxml4 msxml6 corefonts tahoma vb6run vcrun6 msi2
4) Download Office
If you read this post, you’ll see some wonderful resources for downloading Office 2007 (just in case you can’t find your cd). If you have your own Microsoft office, you can use that too. No need to download it again.
wget -c http://download.microsoft.com/download/7/c/4/7c49b09b-d6f9-431d-9738-4c00aff11fc7/Enterprise.exe
5) Install Office
To use your own copy of Office, enter the command:
wine
If you downloaded (w.r.t Step 4), enter the command:
wine ./Enterprise.exe
Enjoy!
This install worked absolutley perfectly for me! Please feel free to comment if this worked for you, if you have any questions or comments, or if you need any help.
Thanks to: http://kennethreitz.com/office-2007-in-linux/
http://www.programmerfish.com/roffice-2007-in-linux
Purchase Microsoft Office 2007 Professional at a good price from eCostSoftware UK.
Many of you might have experienced the "highly hyper" behaviour of the touchpad while working on Linux on Dell XPS M1530. It seems there is a configuration problem for the touchpad.
Here, I rectify the touchpad problem in Ubuntu. The same solution can be used for other Linux distributions too.
1) Open the boot file: /boot/grub/menu.lst
Command Line Interface:
sudo nano /boot/grub/menu.lst
[sudo] password for username:
Graphical User Interface:
Press ALT + F2
Enter: gksu gedit /boot/grub/menu.lst
Enter the root password when asked.
2) Change the following line:
Before:
# defoptions = quiet splash
After:
# defoptions = quiet splash i8042.nomux=1
3) Run this command in a terminal (Accessories > Terminal)
# sudo update-grub
# [sudo] password for xxxx:
4) Restart the machine .... DONE! :)
For other distributions, instead of # defoptions, you might have to edit the kernel boot line.
Here, I rectify the touchpad problem in Ubuntu. The same solution can be used for other Linux distributions too.
1) Open the boot file: /boot/grub/menu.lst
Command Line Interface:
sudo nano /boot/grub/menu.lst
[sudo] password for username:
Graphical User Interface:
Press ALT + F2
Enter: gksu gedit /boot/grub/menu.lst
Enter the root password when asked.
2) Change the following line:
Before:
# defoptions = quiet splash
After:
# defoptions = quiet splash i8042.nomux=1
3) Run this command in a terminal (Accessories > Terminal)
# sudo update-grub
# [sudo] password for xxxx:
4) Restart the machine .... DONE! :)
For other distributions, instead of # defoptions, you might have to edit the kernel boot line.
