Netbus 2 0 Server And Client Architecture
IP Spoofing:-The term IP (Internet Protocol) address spoofingrefers to the creation of IP packets with a forged (spoofed) sourceIP address with the purpose of concealing the identity of the senderor impersonating another computing system.Why it works?IP-Spoofing works because trusted services only rely on network addressbased authentication. Since IP is easily duped, address forgery isnot difficult.The main reason is security weakness in the TCP protocol known assequence number prediction.How it works?To completely understand how ip spoofing can take place, one mustexamine the structure of the TCP/IP protocol suite. A basic understandingof these headers and network exchanges is crucial to the process.Internet Protocol (IP):It is a network protocol operating at layer 3 (network) of the OSImodel. It is a connectionless model, meaning there is no informationregarding transaction state, which is used to route packets on a network.Additionally, there is no method in place to ensure that a packetis properly delivered to the destination.
Examining the IP header, we can see that thefirst 12 bytes (or the top 3 rows of the header) contain various informationabout the packet. The next 8 bytes (the next 2 rows), however, containsthe source and destination IP addresses. Using one of several tools,an attacker can easily modify these addresses – specificallythe “source address” field.Transmission Control Protocol (TCP):It is the connection-oriented, reliable transport protocol in theTCP/IP suite. Connection-oriented simply means that the two hostsparticipating in a discussion must first establish a connection viathe 3-way handshake (SYN-SYN/ACK-ACK).
Reliability is provided bydata sequencing and acknowledgement. TCP assigns sequence numbersto every segment and acknowledges any and all data segments recievedfrom the other end. As you can see above, the first 12 bytes of theTCP packet, which contain port and sequencing information.TCP sequence numbers can simply be thought of as 32-bit counters.They range from 0 to 4,294,967,295. Every byte of data exchanged acrossa TCP connection (along with certain flags) is sequenced. The sequencenumber field in the TCP header will contain the sequence number ofthe.first. byte of data in the TCP segment. The acknowledgement numberfield in the TCP header holds the value of next.expected.
sequencenumber, and also acknowledges.all. data up through this ACK numberminus one.TCP packets can be manipulated using several packet crafting softwaresavailable on the internet.The AttackIP-spoofing consists of several steps. First, the target host is choosen.Next, a pattern of trust is discovered, along with a trusted host.The trusted host is then disabled, and the target's TCP sequence numbersare sampled. The trusted host is impersonated, the sequence numbersguessed, and a connection attempt is made to a service that only requiresaddress-based authentication. Boldbeast call recorder.
If successful, the attacker executesa simple command to leave a backdoor.Spoofing can be implemented by different ways as given below -Non-Blind Spoofing:- This type of attack takes placewhen the attacker is on the same subnet as the victim. The sequenceand acknowledgement numbers can be sniffed, eliminating the potentialdifficulty of calculating them accurately.Blind Spoofing:- Here the sequence and acknowledgementnumbers are unreachable. In order to circumvent this, several packetsare sent to the target machine in order to sample sequence numbers.Both types of spoofing are forms of a common security violation knownas a Man In The Middle Attack. IP Address:-Definition:-'An Internet Protocol (IP) address is a numerical identification(logical address) that is assigned to devices participating in acomputer network utilizing the Internet Protocol for communicationbetween its nodes'.- WikipediaThe Internet Protocol (IP) has two versions currently in use which are IPv4 and IPv6.This article represents to IPv4 version only.In general, an IP address is a 32-bit decimal number that is normallywritten as four numbers between 1 to 255 (8 bits or 1 byte each),each seperated from the other by a decimal point.
This standard isknown as 'Dotted Decimal Notation'.e.g.- 117.200.77.110IP addresses are divided into number of ranges/classes as given in the table below-ClassRangeA0.0.0.0 to 127.255.255.255B128.0.0.0 to 191.255.255.255C192.0.0.0 to 223.255.255.255D224.0.0.0 to 239.255.255.255E240.0.0.0 to 255.255.255.255e.g.- IP Address 192.168.24.114 belongs to Class 'C'.How to find out IP Address of your system?1) Connect to the Internet.2) Launch MS-DOS Command Prompt.3) Type 'netstat -n', Press Enter.You will get the output similar to following. TCP Flags:- C E U A P R S FC 0x80 Reduced (CWR)E 0x40 ECN Echo (ECE)U 0x20 UrgentA 0x10 AckP 0x08 PushR 0x04 ResetS 0x02 SynF 0x01 FinTCP Options:-0 End of Options List1 No Operation (NOP, Pad)2 Maximum Segment Size3 Window Scale4 Selective ACK ok8 TimestampChecksum:- Checksum of entire TCP segment and pseudo header (parts of IP header)Offset:- Number of 32-bit words in TCP header, minimum value of 5. Multiply by 4 to get byte count.RFC 793:- Please refer to RFC 793 for Transmission Control Protocol (TCP) Specification. Source Port:- an optional field, when meaningful, it indicates the portof the sending process, and may be assumed to be the port to which areply should be addressed in the absence of any other information. Ifnot used, a value of zero is inserted.Destination Port:- Destination Port has a meaning within the context of a particularinternet destination address.Length:- Length is the length in octets of this user datagram including thisheader and the data. (This means the minimum value of the length iseight.)Checksum:- Checksum is the 16-bit one's complement of the one's complement sum of apseudo header of information from the IP header, the UDP header, and thedata, padded with zero octets at the end (if necessary) to make amultiple of two octets.RFC 768:- Please refer to RFC 768 for User Datagram Protocol (UDP) Specification.
Privacy Attacks:-Here attacker uses various automated tools which arefreely available on the internet. Some of them are as follows:1) Trojan:- Trojan is a Remote Administration Tool(RAT) which enable attacker to execute various software and hardware instructionson the target system.Most trojans consist of two parts -a) The Server Part:- It has to be installed on the the victim's computer.b) The Client Part:- It is installed on attacker's system. Trojan Horse:-What is a Trojan?' A, or Trojan, is a term used to describe malware that appears, to the user,to perform a desirable function but, in fact, facilitates unauthorized access tothe user's computer system'. Wikipedia'A Trojan horse is an apparently useful program containing hidden functions that can exploitthe privileges of the user running the program, with a resulting security threat.'
6) To add a new host go to the menu 'Host' and thenclick 'New'. This is as shown in figure (left).Here you should enter the proper Destination(e.g.
'My Computer'),IP Address(eg. 72.232.50.186), TCP Port(by default 20034), Username/Password(exactlysame as that of 'NetBus Server') for target computer.Click on 'OK' to finish the addition of new host.7) Now you are ready to connect with target(victim's) computer.To do so, select the host from main window then go to 'Host' menu and then click 'Connect'.8) After client get connected with server(target computer), you can use any of the features of 'NetBus Trojan' as listed above.You can see all these tools on 'Toolbar' of NetBus Client.
Hacking Tools:-Port Scanners:-Nmap:- This tool developed by Fyodor is one of thebest unix and windows based port scanners. This advanced portscanner has a number of useful arguments that gives user a lotof control over the process.Home:- Release:- Nmap 5.50Download:- A Windows-only port scanner, pinger, andresolverSuperScan is a free Windows-only closed-source TCP/UDP portscanner by Foundstone. It includes a variety of additional networkingtools such as ping, traceroute, http head, and whois.Home:- Release:- SuperScan v4.0Download:- Scanner:- A fast windows IP scanner andport scanner. Angry IP Scanner can perform basic host discoveryand port scans on Windows.
Netbus 2 0 Server And Client Architecture Guide
Its binary file size is very smallcompared to other scanners and other pieces of information aboutthe target hosts can be extended with a few plugins.Home:- sourceforge.netLatest Release:- IPScan 3.0-beta3Download:- Unicornscan is an attempt at a User-landDistributed TCP/IP stack for information gathering and correlation.It is intended to provide a researcher a superior interfacefor introducing a stimulus into and measuring a response froma TCP/IP enabled device or network. Some of its features includeasynchronous stateless TCP scanning with all variations of TCPflags, asynchronous stateless TCP banner grabbing, and active/passiveremote OS, application, and component identification by analyzingresponses.Home:- Release:- Unicornscan 0.4.7-2Download:- Fingerprinting Tools:-Nmap:- This tool developed by Fyodor is one of thebest unix and windows based active os fingerprinting tool.Home:- Release:- Nmap 5.50Download:- A passive OS fingerprinting tool.
P0f isable to identify the operating system of a target host simplyby examining captured packets even when the device in questionis behind an overzealous packet firewall.P0f can detect firewallpresence, NAT use, existence of load balancers, and more!Home:- Release:- p0f v2 (2.0.8)Download:- Active OS fingerprinting tool. XProbe isa tool for determining the operating system of a remote host.They do this using some of the same techniques as Nmap as wellas some of their own ideas. Xprobe has always emphasized theICMP protocol in its fingerprinting approach.Home:- sourceforge.netLatest Release:- Xprobe2 0.3Download:- Crackers:-Cain and Abel:- The top password recovery toolfor Windows. This Windows-only password recovery tool handlesan enormous variety of tasks.
It can recover passwords by sniffingthe network, cracking encrypted passwords using Dictionary,Brute-Force and Cryptanalysis attacks, recording VoIP conversations,decoding scrambled passwords, revealing password boxes, uncoveringcached passwords and analyzing routing protocols.Home:- Release:- cain & abel v4.9.40Download:- the Ripper:- A powerful, flexible, andfast multi-platform password hash cracker. John the Ripper isa fast password cracker, currently available for many flavorsof Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purposeis to detect weak Unix passwords. It supports several crypt(3)password hash types which are most commonly found on variousUnix flavors, as well as Kerberos AFS and Windows NT/2000/XPLM hashes. Several other hash types are added with contributedpatches.Home:- Release:- John the Ripper 1.7Download:-:- A Fast network authentication crackerwhich support many different services. When you need to bruteforce crack a remote authentication service, Hydra is oftenthe tool of choice. It can perform rapid dictionary attacksagainst more then 30 protocols, including telnet, ftp, http,https, smb, several databases, and much more.Home:- Release:- THC-Hydra v5.4Download:- Windows password auditing and recovery applicationL0phtCrack, also known as LC5, attempts to crack Windows passwordsfrom hashes which it can obtain (given proper access) from stand-aloneWindows NT/2000 workstations, networked servers, primary domaincontrollers, or Active Directory.
In some cases it can sniffthe hashes off the wire. Security Auditor92s Research AssistantSARA is a third generation network security analysistool thatOperates under Unix, Linux, MAC OS/X or Windows. Thefirst generation assistant, the Security Administrator's Tool forAnalyzing Networks (SATAN) was developed in early 1995.It became the benchmark for network security analysisfor several years.However, few updates were provided and the tool slowlybecame obsolete in the growing threat environment.Home:- Sniffers:-Ethereal:- This (also known as Wireshark) isa fantastic open source network protocol analyzer for Unix andWindows. It allows you to examine data from a live network orfrom a capture file on disk. You can interactively browse thecapture data, delving down into just the level of packet detailyou need. Ethereal has several powerful features, includinga rich display filter language and the ability to view the reconstructedstream of a TCP session.
It also supports hundreds of protocolsand media types.Home:- Release:- Wireshark 1.0.4 (Ethereal)Download:-:- A powerful wireless sniffer. Kismetis a console based 802.11 layer2 wireless network detector,sniffer, and intrusion detection system.
It identifies networksby passively sniffing, and can even decloak hidden networksif they are in use. It can automatically detect network IP blocksby sniffing TCP, UDP, ARP, and DHCP packets, log traffic inWireshark/TCPDump compatible format, and even plot detectednetworks and estimated ranges on downloaded maps.Home:- Release:- Kismet-2008-05-R1Download:- The classic sniffer for network monitoringand data acquisition. It is great for tracking down networkproblems or monitoring activity. There is a separate Windowsport named WinDump. TCPDump is the source of the Libpcap/WinPcappacket capture library.Home:- Release:- TCPDUMP 4.0.0Download:- Ettercap is a terminal-based network sniffer/interceptor/loggerfor ethernet LANs.
It supports active and passive dissectionof many protocols (even ciphered ones, like ssh and https).Data injection in an established connection and filtering onthe fly is also possible, keeping the connection synchronized.Many sniffing modes were implemented to give you a powerfuland complete sniffing suite. Plugins are supported. It has theability to check whether you are in a switched LAN or not, andto use OS fingerprints (active or passive) to let you know thegeometry of the LAN.Home:- Release:- Ettercap NG-0.7.3Download:- A suite of powerful network auditing andpenetration-testing tools. This popular and well-engineeredsuite by Dug Song includes many tools. Dsniff, filesnarf, mailsnarf,msgsnarf, urlsnarf, and webspy passively monitor a network forinteresting data (passwords, e-mail, files, etc.). Arpspoof,dnsspoof, and macof facilitate the interception of network trafficnormally unavailable to an attacker (e.g, due to layer-2 switching).sshmitm and webmitm implement active monkey-in-the-middle attacksagainst redirected ssh and https sessions by exploiting weakbindings in ad-hoc PKI.
Overall, this is a great toolset. Ithandles pretty much all of your password sniffing needs.Home:- Release:- dsniff-2.3Download:- Tools:-GnuPG / PGP:- Secure your files and communicationwith the advanced encryption. PGP is the famous encryption programby Phil Zimmerman which helps secure your data from eavesdroppersand other risks. GnuPG is a very well-regarded open source implementationof the PGP standard (the actual executable is named gpg). WhileGnuPG is always free, PGP costs money for some uses.
:- The premier SSL/TLS encryption library.The OpenSSL Project is a collaborative effort to develop a robust,commercial-grade, full-featured, and open source toolkit implementingthe Secure Sockets Layer (SSL v2/v3) and Transport Layer Security(TLS v1) protocols as well as a full-strength general purposecryptography library. The project is managed by a worldwidecommunity of volunteers that use the Internet to communicate,plan, and develop the OpenSSL toolkit and its related documentation.
A full-featured SSL VPN solution. OpenVPNis an open-source SSL VPN package which can accommodate a widerange of configurations, including remote access, site-to-siteVPNs, WiFi security, and enterprise-scale remote access solutionswith load balancing, failover, and fine-grained access-controls.OpenVPN implements OSI layer 2 or 3 secure network extensionusing the industry standard SSL/TLS protocol, supports flexibleclient authentication methods based on certificates, smart cards,and/or 2-factor authentication, and allows user or group-specificaccess control policies using firewall rules applied to theVPN virtual interface.
OpenVPN uses OpenSSL as its primary cryptographiclibrary. Open-Source Disk Encryption Software forWindows and Linux. TrueCrypt is an excellent open source diskencryption system. Users can encrypt entire filesystems, whichare then on-the-fly encrypted/decrypted as needed without userintervention beyond entering their passphrase intially. A cleverhidden volume feature allows you to hide a 2nd layer of particularlysensitive content with plausible deniability about whether itexists. Then if you are forced to give up your passphrase, yougive them the first-level secret. Even with that, attackerscannot prove that a second level key even exists.