Researchers at AlientVault have uncovered a new strain of Sykipot Trojan which has been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, the Trojan has been adapted by Chinese hackers in order to lift credentials from compromised systems in order to access classified military networks. The Trojan inadvertently targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what's been described as a 'smart card proxy' attack.
Read the full Story at the Register
A new critical flaw in Wi-Fi Protected Standard (WPS) has recently been uncovered by Security researcher Stefan Viehböck that leaves wireless routers open to attack. 
The inherent vulnerability lies in the design protocol that splits the 8 digit PIN in two halves which reduces its complexity and henceforth the time required to crack it. Simple permutations and combinations deduce that an 8 digit pin will create 100 million possible combinations and during his testing Stefan found it takes 2 seconds to test each combination, so bruteforcing was not a feasible option.
Unfortunately, after entering the first 4 digits of a pin, the protocol used by WPS confirms if they are correct or not, which means the pairs can be attacked separately. Also, the remaining 4 digits is just a checksum, so if an attacker has the first 4 digits, he just have to try ~1000 combinations to crack it open , which brings it to a total of 11000 different combinations to the correct pin which reduces the attack time into a matter of hours. You can find the documented PDF here and read the awesomeness.
I guess router manufacturers are up for a software fix, till then , I guess we all have to go back to MAC address .
You can also read how to Hack Wifi using Backtrack , How to detect if someone is using your WiFi or how to detect WiFi hotspots . If you are having an Android, you can also read about how to use your Android for Wardriving.
Okay folks :) Its that time of the year again when you can get high (me on red bull) and celebrate like there is no tomorrow (literally..2012 anyone ? ). Happy New Year everyone..I have taken a lot of resolutions for 2012, and I will make them true .. that's one more resolution for me.
As a roundup of 2011, I got hired at Tulip Telecom and now oversee the good, the bad and the nerdy side of security there along with network operations,ranted about the current security scene,wrote about Top Indian Hackers, I got my HTC wildfire (rooted and still kicking ass), got myself a new laptop , got interested into networking, hacked routers and did a lot of research on exotic fields if you have been following the Prohack FB page lately. I am sorry for absence of posts though, which can be attributed to me getting busy on a lot of side projects and on my Job. One of resolutions for 2012 includes giving more time to Prohack and I will see it through
.
Nevertheless, stay awesome ! and Have a safe, sane and awesome 2012 .
-Rishabh Dangwal
As a roundup of 2011, I got hired at Tulip Telecom and now oversee the good, the bad and the nerdy side of security there along with network operations,ranted about the current security scene,wrote about Top Indian Hackers, I got my HTC wildfire (rooted and still kicking ass), got myself a new laptop , got interested into networking, hacked routers and did a lot of research on exotic fields if you have been following the Prohack FB page lately. I am sorry for absence of posts though, which can be attributed to me getting busy on a lot of side projects and on my Job. One of resolutions for 2012 includes giving more time to Prohack and I will see it through
.Nevertheless, stay awesome ! and Have a safe, sane and awesome 2012 .
-Rishabh Dangwal
5 software I cant live without on my laptop (Windows) – A look inside the self confessed geeks laptop and mindset
Hello fellas,
I purchased a new HP DM-3210AU machine in October, an amazing piece of hardware and one of the highest rated netbook/sub notebook of all time, and yes, I am quite impressed with its performance and capabilities. I finished my share of Call of Duty 4 on it, prepared GNS3 Topologies over it with ease and the machine chomped away everything like a no brainer. In case, ou have been wondering where I had been, you might like to read about it or want to join the Facebook page where I post more frequently .
Well..continuing to my desktop,here is how it looks : ) .
Well..then out of blue (and I think it was Redbull) I decided to write an article on 5 software I cant live without on my new machine , which allows me to simultaneously multitask on it with ease and efficiency. Consider it as a follow up of Top 10 software I cant live without on my PC.
Windows Live Mail
Now here is one of the good things Microsoft has invented, the next generation of Outlook express, simple, easy to use, intuitive and FAST. Though you will argue why I don't use Mozilla Thunderbird over it , well..Mozilla thunderbird is almost takes the same amount of memory as its Windows counterpart, but is twice as slow in terms of interface, and speed matters to me much while checking emails, I do hope you will agree with me. Although I do hate the calendar feature of live (which is a pain due to various issues) but still, it does the primary job it was conceived for.
Virtual Wifi Router
Again, an amazing piece of software that frees you from the headaches of Android Adhoc wifi patching and the likes of purchasing buggy paid software like Connectify for creating wifi network with ease. I was fed up of creating adhoc networks on Windows 7 and check that my HTC Wildfire (Cyanogen mod 7, version 2.3.7) was not able to properly detect it, there came Virtual Wifi Router to the rescue and trust me, its the best Wifi Network sharing software you will ever get. Highly recommended !!
K-Lite Mega Codec Pack
Power user friendly yet easy to install , this codec pack will just blow you away, no need to install any other x-y-z player to do the job if your windows media player can play everything (i actually like to keep my laptop clean and use it with minimum software) from the most popular formats to arcane ones..and even allows for great amount of tweaking using its ffdshow interface. link it up with Virtualdub and you have a true gem. Included tools like Gspot, mediainfo and more add the cherry to the already delicious cake . Again, no need of VLC (unless you are into multicast streaming, to confess, i am not much of a VLC fan) and no need of anything else, one codec pack to rule them all : ) .
GNS3
I dont think I need to elaborate upon it, since the time I have joined Tulip Telecom, it has been a part and parcel o my life, simulation of complex network topologies and whacky late night experiments (you know about them if you have been following the facebook page) are all possible because of this open source tool. Be it Cisco or juniper, it handles it with ease and the best part is that its hackable, configurable and programmable till the last drop. I have my custom version running over windows (self compiled :) ), pair it with putty connection manager and you are good to go. Also, you might want to look at sample GNS3 tutorials I posted at Prohack or more at the Facebook page.
Google Chrome
Now again..love it or hate it, yet I find chrome as indispensible as a browser, I had issues with Mozilla Firefox (old memory bastard) and Internet Explorer 9 (old bastard), Opera is a favourite but again, I had some issues with it again (opera link issues, broken plugins) , so I finally settled on chrome for general browsing and acceptable response times, but when it comes to testing some web based apps, i jump to Opera for the same for its intuitiveness. Trust me, when it comes to choose a browser, i call it as a choice between evils. So go with the lesser one 
. You might also want to look at Google Chrome Easter eggs 
Well..that sums it up I will be back with some more ramblings of mine.
Till then,
Stay Gold..
Rishabh Dangwal
First of all..Happy Diwali to everyone :) The festival of light , may it brings the best out of you .
In the mean time, there have been a lot of commotion going behind the scenes .. lots of emails asking whether I have gone into some kind of digital hibernation .. So, I will be answering the most common questions here ..
Stay Amazing..
Rishabh Dangwal
 |
| Happy Diwali Everyone :) |
In the mean time, there have been a lot of commotion going behind the scenes .. lots of emails asking whether I have gone into some kind of digital hibernation .. So, I will be answering the most common questions here ..
Question : What are you doing these days ?
Answer : Networks..Networks..Networks..and lots of exotic research on some exotic devices..plus some thing related to android,android service codes,gns,cisco,juniper and random stuff about explosives.
Question : Explosives ?
Answer : No typo :) i am into it actually for quite a long time. Home made stuff rocks if you ask me. (and if you are careful)
Question : Okay..so, why no updates ?
Answer : Call it , lack of time (dedicated internet included) .. I am sooo busy in company work that I am not able to post some wonderful findings I have dug up.
Question : Why dont you reply to mails ?
Answer : I reply to each and every mail I get, no matter how "flabbergasting" it may seem to me and only if it gets past my "SPAM" filters.
Question : When you will be back in fulltime writing
Answer : Cant say, I write when I am free..and I will stick to it till I get on a vacation.
Stay Amazing..
Rishabh Dangwal
I came to know about HANS when one of my friends joined it,and eventually I was interested. Hence I thought some research shall suffice before joining one.
PS : bear with me, I am on my android and my thumbs hurt :| Also, in some places, the formatting might not be correct, android blogging issues .I actually visited their site http://www.indianhans.org had a look at it and found that it had -
- A non working Facebook login api system which actually logs you out when you do try to log in, tested it on chrome 14.0.835.163 m / Windows 7 (office PC after hours). Also, a flawed login system that allows you to login inside the side without email confirmation, also PHP code is vulnerable.
- Some outdated references to outdated CVE's and nothing of particular interest.
- Some 0days which have been patched up long time ago
- Whitepapers that on google hacking and mobiles which have been published like wildfire in late 2000's, again nothing of particular interest here
- The "Team" that comprises less of experts and more of management folks. No one with any background of security here.
- Link to Indian HANS youtube channel.
- Pretty crap and old flash games about hacking. LAME !
- Backtrack introduction (mainly) and no technical tutorials in short
- Zero original research.
Disillusioned, I wrote a mail to Indian HANS team and queried Indian HANS team regarding the services they provide and what they do -
Subject : Queries for Indian Hans team from a Security Enthusiastic
Dear Indian HANS Team,
I have some queries which I would like to be answered -
Can you provide links to your -
- What is the ultimate motive of HANS ? Are you consultants ? If YES then on what grounds ? If NO, then ,
--
- Original research
- ORIGINAL technical advisories/papers
- Tools that you wrote
- Code that you released
- Configurations of exotic software
- Exploits and modules
- 0day/0hour vulnerabilities
- Vulnerabilities what you found
- Cases of complexity that were solved
- CVE
- Documentation of exploits
- Original findings
- Which fellow infosec researchers are working at HANS? All i found was more of management guys (seriously?) volunteers,executives,technical experts,naive girls,inexperienced folks but no security folks or self confessed hackers with known security experience and expertise.
- What is the symbiotic influence of joining Indian Hans ? Or Why SHALL we join HANS ?
Warm Regards,
Rishabh Dangwal
Network Security Analyst
TheProhack.com | Rish.co.in
India
"0x72697368 was here, 2620796f75206172652077617374696e6720796f75722074696d65202e2e2064756d62617373"
and waited.
A day passed and the reply came.
Subject : reply to an abuse mailNow that was interesting, my mail has been treated as an abuse email, well..nevermind. A rather to-the-point approach may be confused with that. Well, what they said -
Warm Greets,
First of all I would like to say thanks, for being so concerned about our organization.
Following are the thoughts I would like to share about our organization.
1) Our motive is to fill the gap between the cyber victims and the security experts, as many times we felt that in spite of availability to many security experts in market still victims are not able to get there answers.
2) Yes, we are consultants/Knowledge Sharers as we guide the common measures to cyber victims and government bodies [maharasthra/Punjab police]such that they can overcome a cyber crime rate.
3) I have written 2 International Papers :
· In response to Google Hacking
· Future Email Security
And 2 national papers:
· Mobile Security and upcoming challenges
· Acknowledgement based System for Mobile Security.
4) I have not written any security tool/configurations yet But, I write other Business applications for Accenture as an Associate Software Engineer.
5) We have solved numerous cases which deals with daily cyber problems including ATM cloning case [chandigarh], Source code theft case [Pune], Abuse email, fake profiles, email threatening and other hundreds. www.youtube.com/theindianhans
6) Ya, you are right 90% of our Organization members have managerial skills, because we strongly believe that having only technical knowledge is not enough to cease the cyber crime rate, because solving a cyber crime is thinking out of the box process.
7) Joining a HANS, shows your commitment towards our society, that you have a zeal to help others with your knowledge and skills.
I also wish to bring to your notice without hurting your ego and sentiments that,
We are not competitors of any private owned body who work only for money. Many times we get such mails which prove that really HANS is doing a greats job. These kinds of mails show our Power of being united and our influence on other private organization. It is my humble requests kindly don’t compare our NGO with other private organizations as our motto is different. we don’t believe in writing the viruses, exploits, tools and other stuff because these things wont help a common man who is not IT literate, to overcome a cyber problem. I wont ask you same the questions as I have nothing to do with same. I hope I have given your answers without hurting you and your team members feelings. I highly apologize if I did so.
Thanks
Happy Hacking
HANS TEAM.
1) Our motive is to fill the gap between the cyber victims and the security experts, as many times we felt that in spite of availability to many security experts in market still victims are not able to get there answers.2) Yes, we are consultants/Knowledge Sharers as we guide the common measures to cyber victims and government bodies [maharasthra/Punjab police]such that they can overcome a cyber crime rate. I actually expected that HANS shall justify itself as a for-profit/not-for-profit organisation and why it requires money to join it when the elite organisations for example Null is a self sustained, free and aimed at the very thing HANS intends to achieve. helping naive people ? Ofcourse..thats why a lot of organisations has been growing like mushrooms (kaizen ?) and making money from it by joining it. The core thing is that i am 100% sure that volunteers / infosec reserachers wont learn anything new and will waste their time here.moving on ,
3) I have written 2 International Papers :·In response to Google Hacking·Future Email Security And 2 national papers:·Mobile Security and upcoming challenges·Acknowledgement based System for Mobile Security.Great..i disregard them as recycled content, already checked it. 4) I have not written any security tool/configurations yet But, I write other Business applications for Accenture as an Associate Software Engineer. that was fine with me. 5) We have solved numerous cases which deals with daily cyber problems including ATM cloning case [chandigarh], Source code theft case [Pune], Abuse email, fake profiles, email threatening and other hundreds. www.youtube.com/theindianhansAgain, they have solved a lot of cases and hundreds , i would regard it as weasel terms. no journal on how they were solved, the method, instrumental techniques, research employed, tools/techniquies deployed, the collaboration, nothing covered, nothing said, just distorted videos at youtube. Again..no references to it. 6) Ya, you are right 90% of our Organization members have managerial skills, because we strongly believe that having only technical knowledge is not enough to cease the cyber crime rate, because solving a cyber crime is thinking out of the box process.7) Joining a HANS, shows your commitment towards our society, that you have a zeal to help others with your knowledge and skills.How management can help decrease cybercrime rates is beyond me unless they really have the skills to get it in their heads. All aboard the failboat here.
I also wish to bring to your notice without hurting your ego and sentiments that,
We are not competitors of any private owned body who work only for money. Many times we get such mails which prove that really HANS is doing a greats job. These kinds of mails show our Power of being united and our influence on other private organization. It is my humble requests kindly don’t compare our NGO with other private organizations as our motto is different. we don’t believe in writing the viruses, exploits, tools and other stuff because these things wont help a common man who is not IT literate, to overcome a cyber problem. I wont ask you same the questions as I have nothing to do with same. I hope I have given your answers without hurting you and your team members feelings. I highly apologize if I did so.
thats nice of you,and encouraging, but since you dont write viruses,exploits,0days or anything remotely related with it, then -
- Why they are linked in your website at http://www.indianhans.org/index-4.html ?
- How do you decipher complex hack jobs them when most of your team is management one with no background of security
Anyways..i fired up my android and wrote a reply.
Subject - Re: reply to an abuse mail
Dear Indian Hans,
The email was not an intended as an abuse email as indicated by your subject, I would rather pass your defenses as plain excuses for hiding underlying incompetence since it requires Money to join and still no viable, updated information/code/application (as you said you develop it as associate software engineer for organisations , yet saying that you bridge the gap) , accurate information (I studied the Google hacking and mobile whitepaper, the stuff has been published before a million times, hence I would just regard it something to enhance resume) and would consider your organization nothing but a money making enterprise run by homebrew entrepreneurs without any credible research, what you solved in cases what nothing I shall say of technical callibre or "hacking ", its in more generic sense called as tech support for those who know nothing about cyber security, while earning fame and money in the process.
I earlier thought to join it, hence inquired about it in a rather direct & to the point manner,but your response, links, references and treatment of it as an abuse email (?) makes me guess its in my best interest to stay away and convey the same to intended audience.
Stay superb
-sent from my android-
call me harsh, but that is the reality. And I am waiting for the reply. Now, I can say that I too Intended to join a Security NGO (period) and I now I am thinking otherwise.
A while back I gave training on UTM devices and Security Issues with Amarjit Singh at Tulip Telecom , here are the slides of the session. It was an enjoyable session with emphasis on security awareness and discussing network security as a whole, and how we can protect them by deploying UTM devices and configuring them for maximum security. You can also read my previous posts on Unified Threat management Systems if you haven't read them already -
Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN
- Unified Threat Management Systems Explained
- Unified Threat Management Systems - Single User vs Multi User
- Comparison of Unified Threat Management Products
Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN
As usual , the presentation is uploaded at Slideshare and Scribd...Hope you enjoy it.
Hi all,
I was working over 7200 routers for HSRP and VRRP implementation, and thought why not to cover an article over it. I will be covering Static VRRP over Cisco routers in GNS3 and will be showing you how to test it. you can also read my basic GNS3 tutorial over Cisco routers if you wish
GNS 3 Tutorial – Basic Router password Configuration
A bit about VRRP from Cisco Documentation.
Here is the GNS3 topology I will be using for this tutorial
Now, fire up your GNS3 and start by configuring all the routers. Click on the console button over titlebar to start putty terminal.the first step is to configure telnet over routers R3.
(PS: I have kept the passwords simple for the sake of simplicity, don't try this habit in an actual scenario.)
Router R3
Router R3
If the password which gives you access is r4, then its configured correctly as of now. Now , lets shut unshut the primary serial interface from Router R3 .
I was working over 7200 routers for HSRP and VRRP implementation, and thought why not to cover an article over it. I will be covering Static VRRP over Cisco routers in GNS3 and will be showing you how to test it. you can also read my basic GNS3 tutorial over Cisco routers if you wish
GNS 3 Tutorial – Basic Router password Configuration
A bit about VRRP from Cisco Documentation.
The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP routers on a LAN, allowing several routers on a multiaccess link to utilize the same virtual IP address. A VRRP router is configured to run the VRRP protocol in conjunction with one or more other routers attached to a LAN. In a VRRP configuration, one router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails.In layman's terms, it allows for switching of routers in case a link fails or flaps. I have left some advanced parts from this tutorial, this is completely for those who have a general idea of Cisco CLI and want to learn how to configure fault tolerant VRRP over cisco routers.
Here is the GNS3 topology I will be using for this tutorial
Now, fire up your GNS3 and start by configuring all the routers. Click on the console button over titlebar to start putty terminal.the first step is to configure telnet over routers R3.
(PS: I have kept the passwords simple for the sake of simplicity, don't try this habit in an actual scenario.)
Router R3
Router>enOnce done, Lets configure the R3 router and assign IP address over it.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0
Router(config-line)#password r3
Router(config-line)#login
Router(config-line)#exit
Router(config)#int s0/0
Router(config-if)#ip add
Router(config-if)#ip address 1.1.1.1 255.255.255.252
Router(config-if)#no sh
Router(config)#int s0/1
Router(config-if)#ip address 2.1.1.1 255.255.255.252
Router(config-if)#no sh
Router(config-if)#
Router(config-if)#exit
Router(config)#
So far, router R3 has been configured. Do the same for all others. make sure to assign R4 and R5 same lan IP.
Router R4
Router>enand Interface IP's
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0
Router(config-line)#password r4
Router(config-line)#login
Router(config-line)#exit
Router(config)#int s0/0Router R5
Router(config-if)#ip add
Router(config-if)#ip address 1.1.1.1 255.255.255.252
Router(config-if)#no sh
Router(config)#int e1/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#
Router(config-if)#exit
Router(config)#
Router>enand Interface IP's
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line vty 0
Router(config-line)#password r5
Router(config-line)#login
Router(config-line)#exit
Router(config)#int s0/0Once done, its time to add some routes to the routers. After doing it, Ping everything to every lan/wan just to be safe and sure.
Router(config-if)#ip add
Router(config-if)#ip address 1.1.1.1 255.255.255.252
Router(config-if)#no sh
Router(config)#int e1/0
Router(config-if)#ip address 192.168.1.2 255.255.255.0
Router(config-if)#no sh
Router(config-if)#
Router(config-if)#exit
Router(config)#
Router R3
Router(config)#ip route 192.168.1.0 255.255.255.0 1.1.1.2
Router(config)#ip route 192.168.1.0 255.255.255.0 2.1.1.2 20
Router R4
Router(config)#ip route 2.1.1.0 255.255.255.0 192.168.1.2 20
Router(config)#ip route 2.1.1.0 255.255.255.0 1.1.1.1
Router R5
Router(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1 20
Router(config)#ip route 1.1.1.0 255.255.255.0 192.168.1.1
If it doesnt pings, then you might have screwed up some where.
Run "sh ip route" over router to check configuration.
Router 3
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial0/0
2.0.0.0/30 is subnetted, 1 subnets
C 2.1.1.0 is directly connected, Serial0/1
S 192.168.1.0/24 [1/0] via 1.1.1.2
Router R4
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
S 2.1.1.0 [1/0] via 192.168.1.2
[1/0] via 1.1.1.1
C 192.168.1.0/24 is directly connected, Ethernet1/0
Router R5
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 192.168.1.1
2.0.0.0/30 is subnetted, 1 subnets
C 2.1.1.0 is directly connected, Serial0/0
C 192.168.1.0/24 is directly connected, Ethernet1/0
Till here, basic configuration has been done. now we will configure VRRP over R4 on ethernet interface.
Now in very very simple terms,
- We will be tracking an interface (by giving it a track id) which in case if goes down the router shall switch states, in this case its the serial link from Router R3 to R4 (serial 0/0)
- We will be creating a group of routers (here R4 and R5),
- Assign a group ID to them (which is "1" btw) ,
- After that, we will create a Virtual gateway over both routers which will be always up in case any router goes down (and thats why we gave both routers IP's from same lan) .
- Then will select one of them as Master router and Rackup router (R4 in this case and R5 as Backup) and assign priority to them (higher is important, default is 100, 200 to R4, default to R5).
- We will specify a decreasing value which shall be subtracted from priority which will preempt it to switch to router with higher priority, which in this case is 110. As serial link from R3 to R4 fails, 110 will be subtracted from 200 and hence R5 will have a higher priority 100 > then priority of R4 which is 90, hence it will become the Master router.
- Test it :)
Router R4
Assign track id to Serial interface, which will be monitored by R4 .
Router(config)#track 1 interface serial 0/0 line-protocol
Router(config-track)#exit
Then configuring VRRP over it.
Router(config)#int e1/0
Router(config-if)#vrrp 1 ip 192.168.1.3
Router(config-if)#vrrp 1 priority 200
Router(config-if)#vrrp 1 preempt
Router(config-if)#vrrp 1 track 1 decrement 110
Router(config-if)#exit
Hence the final configuration upon "sh vrrp" will be
Ethernet1/0 - Group 1
State is Master
Virtual IP address is 192.168.1.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Track object 1 state Up decrement 110
Master Router is 192.168.1.1 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
Now we need to configure VRRP over Router 5
Router 5
Not much to do here except to enable preempt and VRRP..
Router(config)#int e1/0
Router(config-if)#vrrp 1 ip 192.168.1.3
Router(config-if)#vrrp 1 preempt
Router(config-if)#exit
hence final configuration of Router 5 will be
Ethernet1/0 - Group 1
State is Backup
Virtual IP address is 192.168.1.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.1.1, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.201 sec)
Congrats :) you have configured VRRP over your routers. Now to check , if its working or not, first traceroute your packet to 192.168.1.0 lan from Router R3
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 1.1.1.2 56 msec 88 msec *
Its going through our primary router :) now telnet from Router R3 to virtual gateway.
Router#telnet 192.168.1.3
Trying 192.168.1.3 ... Open
User Access Verification
Password:
Router>
If the password which gives you access is r4, then its configured correctly as of now. Now , lets shut unshut the primary serial interface from Router R3 .
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int s0/0
Router(config-if)#sh
Router(config-if)#exit
Router(config)#
*Mar 1 00:57:27.927: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
*Mar 1 00:57:28.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
Router(config)#exit
Router#
*Mar 1 00:57:38.483: %SYS-5-CONFIG_I: Configured from console by console
Router#
Good, now ping virtual gateway
Router#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/49/80 ms
its working fine, now traceroute the packet to 192.168.1.0 lan from Router R3
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 2.1.1.2 64 msec 68 msec 64 msec
2 192.168.1.1 44 msec 68 msec *
:)) its working too..now finally we login into virtual gateway from Router R3 and i assume we will login into Router R5, and then lets check out the VRRP configuration by running "sh vrrp" command.
Router#
Router#telnet 192.168.1.3
Trying 192.168.1.3 ... Open
User Access Verification
Password:
Router>sh vrrp
Ethernet1/0 - Group 1
State is Master
Virtual IP address is 192.168.1.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 192.168.1.2 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
which works :) as Router R5 is the Master Router for now. Now disconnect from Router R5 and unshut the serial interface from Router R3, login into virtual gateway again and then check out the VRRP configuration by running "sh vrrp" command.
Router#exit
[Connection to 192.168.1.3 closed by foreign host]
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int s0/0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#
*Mar 1 01:08:41.739: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
*Mar 1 01:08:42.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to upexit
Router#
*Mar 1 01:08:46.955: %SYS-5-CONFIG_I: Configured from console by console
Router#telnet 192.168.1.3
Trying 192.168.1.3 ... Open
User Access Verification
Password:
Router>sh vrrp
Ethernet1/0 - Group 1
State is Master
Virtual IP address is 192.168.1.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Track object 1 state Up decrement 110
Master Router is 192.168.1.1 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
Router>
Excellent..VRRP has been fully configured as the Router R4 is again the Master Router :)
Congrats..you have successfully configured the VRRP over Static on Cisco Routers and fully tested it for fault tolerance .
till then
Stay Gold :))
till then
Stay Gold :))
Hi all,
I am sorry I have been inactive due to my job, i actually got free this weekend and there we go, i was at home. At home I am having BSNL connection, and for those who dont know what BSNL is, its the AT&T of India, bad service , too much blank spots and connections which flap/drop/disconnect like there is no tomorrow. Worst, I was on my android, trying to get the latest of cyanogen nightlies . I was frustrated by the services of BSNL. Hence I decided to mess with the router itself.
BSNL router on closer inspection is manufactured by SemIndia and distributed by ITI. It follows the tracks of using firmware of different routers (Broadcom to be specific, BCM6338 stands for Broadcom router firmware version 96338, deployed in US robotics ones and some other popular routers). mine is DNA-A211-1 , one of most popular ones in India.
and then its just configured accordingly wrt ISP. This time, I left the network part, as i do it all the time in my office with Cisco, focused more on the router and firmware itself.
Warning :
I am not responsible for getting your router trashed, getting wings and trying to kill you. try on your own risk, I am not responsible for your stupidity.
I didn't had a PC (trashed due to burnt ram), so I have to do everything on my android, so pardon for small screen area, understand my plight. T-netted into Router
(PS : screencaps of android may be a bit distorted as shootme app was not working properly over nightly #120)
the first step was to know what was into it, so typed the usual help.
lots of commands :) ran swversion to get the version and see what was this upto.
With some hunting , i came to know that "sh" command runs over my router , ran it and voila, familiar interface of busybox snaps in.
great..now thats worth something. My android has it too :)) seeing the version made me tick , it was running an older version of busybox. For those who don't know hat busybox is, its a multicall binary. Tried ls, but it didnt worked, hence tried echo *, listed everything :)
bingo..tried cat /etc/passwd and there we go again.
after that, i thought why not to check what other directories have. got into CVS and got information regarding CVS and pserver, noteworthy one is the credentials of pserver
pserver:sunila@192.168.128.19:
not much of an interest as they are of a private LAN, googled to find it was configured by Sunil A, employee at SIEMIndia. Again,opened Repository
SemIndia/Engineering/Products/
maybe a private repo at SIEM. neverthless..
moved on to /etc
lots of directories here..as a rule of thumb I opened default.cfg
Generic stuff, but what caught my eye was this
<ppp_conId1 userName="multiplay" password="bXVsdGlwbGF5"
This might come in handy (use your creativity :)) ) . But then I thought that why not to access the router from web interface. I did it.
Went to management and downloaded the backupsettings.conf file,
opened it and there we go,
I was not able to find the above credentials in it, hence I came to a conclusion that they must be somewhat of higher privilege level.
Moving on..I thought why not to try to create an arbitrary file . Tried
echo ‘rishrockz’ >> rdx
on every directory (I was not able to determine the file permissions as the version of busybox doesn’t has ls or stat ) Finally came to know that /var is writable. Tried creating a file there
echo ‘rishrockz’ >> rdx
file was created : )))))
and then
cat /var/rdx
: ))))
Congrats, you have run/done it :) )
Now I thought why not to upgrade busybox/upgrade firmware/upload scripts over the router, tried tftp
didn’t worked. Then I checked if the tftp daemon was running as a service, it was. yet somehow I was not able to run it. :(
Strange. I thought forget it (small screen keyboard and android research limitation -> frustration) . Well.. next time I will be thinking of going to compile programs (http://people.debian.org/~
In the mean time, for those who are wondering what this machine has, here is the bootup log.
- Observation 1 # - code can be run over the router , but files must be copied using echo (-ne with append option) or tftp. Since busybox is there, we can easily insert a kernel module to be run.
- Observation 2# - the webs directory has a lot of html files, maybe manipulated for xss attacks (i didnt covered it as its not my domain, some better guys can do it)
- Observation 3# - private CVS credentials of Siemindia pserver. insider attack ? :D kidding. pserver is already much insecure, but since i have seen a lot of organisations using stock/easily guessable passwords for their outer router/firewalls/vpn servers, its not a tough nut to crack.
- Observation 4# (most important) - BSNL SUCKS !
Till then .. Stay Gold
-
Rishabh Dangwal
winAUTOPWN and bsdAUTOPWN are minimal Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi- threaded portscan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN. A lot of these exploits are written in scripting languages like python, perl and php. Presence of these language interpreters is essential for successful exploitations using winAUTOPWN/bsdAUTOPWN.
Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.
Download
Read more here
Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.
Download
Read more here
Subscribe to:
Posts (Atom)
