Thursday, November 13, 2008

Reverse Proxy...

So what exactly is a Reverse Proxy? Before what a reverse proxy is , lets start by explaining what a forward proxy or proxy is and how it works.
A forward proxy acts a gateway for a client’s browser, sending HTTP requests on the client’s behalf to the Internet. The proxy protects your inside network by hiding the actual client’s IP address and using its own instead. When an outside HTTP server receives the request, it sees the requester's address as originating from the proxy server, not from the actual client.So in essence a proxy has capability of NAT and also implements additional features like caching etc...

A Reverse Proxy proxies on behalf of the backend HTTP server not on behalf the
outside client’s request, hence the term reverse. It is an application proxy for servers using the
HTTP protocol. It acts as a gateway to an HTTP server or HTTP server farm by acting as the
final IP address for requests from the outside. The firewall works tightly with the Reverse Proxy
to help ensure that only the Reverse Proxy can access the HTTP servers hidden behind it.
From the outside client’s point of view, the Reverse Proxy is the actual HTTP server.
In other terms it can be a Proxy with capability of a firewall in specific a "Web application Firewall"
http://www.sans.org/reading_room/whitepapers/webservers/302.php
Posted by at No comments:

Wednesday, November 5, 2008

Hacker Test

"HackerTest.net is your own online hacker simulation.

With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge.

HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor!

Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level.

Will you crack HackerTest.net?_"

I completed 20 Levels and it took more than 1 hour to complete...Here are the Tips to go to the next level

Level 1 : null
Level 2 : l3l
Level 3 : #000000
Level 4 : SAvE-as hELpS a lOt
Level 5 : hackertestz
Level 6 : User: phat PW: jerkybar3 (http://www.hackertest.net/images/included.gif)
Level 7 : images/included.gif
Level 8 : User: zadmin pw: stabbins (http://www.hackertest.net/images/phat.psd)
Level 9 : Password: gazebruh base64(Z2F6ZWJydWg) ( http://www.hackertest.net/gazebruh.php)
Level 10 : shackithalf (S...hack....h...a...l....f)
Level 11 : rofl.php
Level 12 : puta.php (http://www.hackertest.net/images/logo.jpg + Zoom)
Level 13 : 4xml.php (http://www.hackertest.net/images/lvl13.gif + Zoom)
Level 14 : totally.php > last frame 6 of gif ( 6 frame )
Level 15 : http://www.hackertest.net/unavailable/
Level 16 : http://www.hackertest.net/unavailable/images/bg.jpg
Level 17 : http://www.hackertest.net/unavailable/Ducky.php
Level 18 : level18.shtml (put your IP address as passowrd)
Level 19 : level19.shtml ( put any word )
Level 20 : gazebruh2.htm (http://www.hackertest.net/images/level20_pass.gif frame 6 )
Posted by at No comments:

Tuesday, November 4, 2008

Enabling Monitor mode in Intel 5100

If you are interested in carrying out Wireless LAN Penetration testing, this is something you must be interested in.If you really need to sniff the data which is not meant for your wireless LAN.

Fortunately the ubuntu driver "iwlagn" comes with the feature ;) enabled.

My wireless config :-
But if you use the command "sudo iwconfig wlan0 mode monitor" its throwing up and error
"Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Device or resource busy."

After playing around a bit I figured out that this was due to the fact that I was associated with my wireless network. Once i disconnected, the command worked and i was able to sniff the wireless in Monitor mode.

A small video of WPA hack:

Posted by at 1 comment:

Installing OS...

This was easy, I choose XP while ordering the laptop for all obvious reasons known to public !!! Only question in my mind was what's other than XP ?
I have been using SuSE for last 8 years and I love it , but it so happened that ubuntu 8.10 was released the day I got the laptop, and also I was waiting for OpenSuSE 11.1 to release.

So I have downloaded the ISO and written in 24x speed, but the installation failed asking me to write the CD with a lower speed.So i choose 16x and installation went smoothly.

To my surprise on the contrary to the details i have gathered from Internet, all hardware was detected and installed perfectly.Of course i had minor glitches i was not able to enable 3D on the Radeon 3470 card in-spite of installing the proprietary drivers.But Graphics worked prettily well out of the box with the maximum resoultion.I was a little worried about the intel 5100 wireless card , but Wireless worked like a charm.

Since i was not able to work on compiz with the Radeon card i decided to using the onboard Intel Chipset and compiz started working well without crash to date.

Using System->Preferences->Appearances to enable Compiz.

My compiz config -Compiz-Config.txt

I was able to install the Compiz Config Manager using the follwing command.

sudo apt-get install compizconfig-settings-manager

once you install the Compiz Manager you can import the config file given in the above link.
Posted by at No comments:

My first own laptop

I have done a lot of research to come to this conclusion.After all those pain taking research i am really satisfied with the result.I zeroed in own Thinkpad T400.I fell in love with the looks of the laptop...Black..is always beauty :).

I had only two requirements in mind...Should be able to run multiple OS'es seamlessly in Vmware player and a good graphics card for gaming and Compiz.

Here is the configuration...
  • Processor: Intel Core 2 Duo Processor P8400 (2.26GHz 1066MHz 3MBL2) 25W
  • Operating system: XP/ Ubuntu 8.10
  • Display type: 14.1 WXGA+ TFT, w/ LED Backlight Build in Camera
  • System graphics: ATI Mobility Radeon 3470 with 256MB
  • Total memory: 3 GB PC3-8500 DDR3 SDRAM 1067MHz SODIMM Memory (2 DIMM)
  • Hard drive: 160 GB Hard Disk Drive, 7200rpm
  • Optical device: DVD-RW Combo 24X/24X/24X/8X Max, Ultrabay Slim (Serial ATA)
  • Wireless card: Intel WiFi Link 5100 (AGN)
  • Battery: 6 cell Li-Ion Battery
The Performance and the Battery life rocks !!! I couldn't find any other Laptop with this configuration with $1200. I was particularly pleased with the Processor and the Memory and they share a healthy , probably the best in its class FSB of 1066Mhz.Also I was really interested in speed than size ..I choose 160 GB 7200 RPM instead of a higher capacity 5400 RPM HDD.

Ubuntu 8.10 screenshot...



you can read the review here ..

http://www.pcmag.com/article2/0,2817,2330565,00.asp
Posted by at No comments:

My first blog

Hmmm....well, hope this start continues..this will be the pace i'll be writing about what am doing on the field of security. I am certainly not an expert but this column is not meant to a flow of information from an expert.But i think what i am writing here will help me share and gain with all off those people alike.

Now to the contents....I am preparing my CISSP for last 6 months and you can find information and discussion about many of the topics covered in CISSP. Also iam on my way taking a Certified Ethical Hacker certification. So you can expect lots more about tools and technologies used in the field of security.

Currently am working on the following topics-
  1. Wireshark and Protocol Analysis
  2. CISSP
  3. CEH
  4. OWASP and Tools
  5. Wireless hacking
  6. IDS/IPS (Snort)
Posted by at No comments:
Subscribe to: Posts (Atom)