In metasploit there’s a plugin admin/backupexec/dump. This plugin uses the default credentials to login to Veritas backupexec agent and download an arbitrary file. The catch is it downloads it in the MTF (Microsoft Tape Format) file. You need a utility called NTBackup to restore this file. Metasploit authors have conveniently made this available for us at http://metasploit.com/tools/msbksrc.tar.gz.
However, if you compile this file you get an error:
msqic.c:814: error: conflicting types for ‘bques’
This happens because the function prototype is missing.
Goto line 169 of msqic.c file in the source code and add the following line:
int bques(char);
Once you add this, you should be able to make the client and should be able to extract the file from the .mtf file.

Long time since I posted anything here …. but it’s just been those times been busy as a bee. So securing Cisco routers is a big deal especially since the routers (especially the edge routers) can be critical to any organizations infrastructure. I am not a Cisco guru but am only a student. However, I thought I should create a list that could help me perform security reviews of routers.
Security of routers is important as attackers could add static routes, advertise bad BGP neighbours on edge routers, create inbound tunnel into the intranets and such. Therefore, it’s imperative that adequate efforts be put in to secure Cisco routers.

I thought I’ll put in my first attempt at creating a small checklist:

1. Use SSH for non-console access (“line vty” command should not have telnet in it)
2. Use class 5 passwords, do *not* use class 7 passwords as they’re easily reversed (“enable secret”) alongwith the use of strong passez
3. Limit virtual terminal access by using an ACL
      access-list 100 permit 10.10.10.10 log
      access-list 100 permit 10.10.10.11 log
      access-list deny any log
      line vty 0 4
       access-class 100 in
4. Disable Proxy ARP on each interface (“no ip proxy arp”)
5. Disable CDP as it can be used for information disclosures (“no cdp run”)
6. Use AAA (TACACS+ or RADIUS) (“aaa new-model”, “aaa authentication”, etc.)
7. Use “access-list ACL_NAME deny ip any any log” at the end of each ACL
8. Disable http server (“no ip http server”)
9. Keep the IOS versions updated
10. Set centralized logging using a syslog (“logging internal_ip_address”)
11. Configure NTP to keep the time synchronization (“ntp server 129.6.15.28”)
12. Disable TCP and UDP small services e.g., echo, chargen, discard, etc. (“no service tcp-small-servers” and “no service udp-small-servers”)
13. Put RFC 1918 (ingress filtering) protections using ACLs
       access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
       access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
       access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
       access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
14. Put some more filtering for common IPs
       access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
15. Use SNMPv3 with ACLs if you must (“snmp-server v3 auth priv”)
16. Use SSHv2 (“ip ssh version 2”)
17. Try to use EIGRP instead of RIP/OSPF (“ip authentication mode eigrp N md5”)
18. Use MD5 authentication for RIP/OSPF if you must use these protocols (RIPv2/OSPF)
    (“ip rip authentication mode md5”)
19. For edge routers using BGP authentication (if possible)
       router bgp 10
        neighbor 10.10.10.10 password Cr4zY$%^
20. Configure BGP route flap dampening that prevents BGP oscillations (“bgp dampening”)
21. Use warning banners that could be used for legal purposes for prosecuting hackers

Come end of semester and the project deadlines start impending! The situation I am in is one of great thrill and rush! For the CS558L I’m doing this project in which I have to implement an automated worm fingerprinting mechanism but not only that combining it with ITrace I want to make Worm attacks and DDoS attacks a thing of past!
The scheme in plain English is to detect automatically if your network is being attacked by looking at the traffic and if so communicate this information to whoever you are forwarding this packet to! The ICMP messages that will be forwarded will carry information about who sent this traffic and other such information (including the signature of attack traffic). The receiver with all this information could gather the source of attacks. If all the routers followed this scheme then we will be able to reconstruct the entire path of the attack so the entry point of the attack could also be sealed….(hopefully leading to a Worm and DDoS attack-free internet)!!!
Really hopeful…aren’t I??? 😉
But again this technique has the same single flaw as the other techniques in that it needs co-operation between ISPs.
I am currently coding this scheme in the Linux Kernel 2.6.11.7 and this is my first tryst with linux kernel programming…let’s see what future holds for me!

I started downloading rainbow tables LM Hashes for all symbols. They were 120 GB big and were available for download via torrent. But I’d been stuck at 92.2% of the download forever thinking that there were no seeders. As it turns out, the problem was in the torrent file. The torrent for the 120 GB LM Hashes all symbols can be obtained from 120 GB LM Hashes [all english characters] Rainbow Tables.

Yesterday the whole day was spent in trying to go through the Nutch source code. Chris and Ashish helped me out alongwith this link
Dissecting the Nutch Crawler. This showed me that :
The file Fetcher.java has a reference to the “content” variable (which is of type Content). I found that initially only the URLs are stored during the crawl, then a request is sent. Then based on the MIME type of the content returned, the ParserFactory class creates a parser (html parser, pdf parser etc.). The code for these parsers can be found at nutch-0.6/src/plugin/. These plugins do the parsing and get the content as a “Parse” object. Using the Parse.getText() method (which we also felt was interesting) we can get the text content of any page!!!!!

The introduction of low-cost flying alternatives in the Indian skies is a good thing for the Indian consumers as one would reckon. However, the consumers only stand to gain if they get a service which at least gets them their money worth.
Sadly though, the quality of service provided by these low-cost airlines is also “low-grade”. The business principle seems sound that people who want food/refreshments in flight buy it but that does not necessarily mean that one gets hard pressed to board the flight itself. The airline management needs to rethink that low-cost does not mean high tension. My flight experience was as follows:
I was to board the flight from Delhi – Mumbai at around 9:00 pm. However, until 10:30 pm there were no announcements which made me ponder about the very existence of the flight itself. At about 11:00 pm it was announced that the entry would be from Gate # 3. The people rushed in like a horde of animals trying to get into a DTC (Delhi Transport Corporation) bus. Then a technical snag – the key was unable to open the gate # 3 – occurred to make the matters worse. The gates were changed to Gate # 1 resulting into a new frenzy of people trying to reach gate # 1. In what ensued, there were a series of announcements for passengers to board the flight, however, there was a slight problem. The officials on Gate # 1 were not ready to let passengers through. The flights like “Air Deccan” have given a new meaning to the term “fight to the finish” as your fight to get a seat in the flight never ends!

Now I’ve no problems considering that the population of India is huge. However, I do have a problem when seemingly intelligent (?) people do not display basic intelligence. Air Deccan issues unique numbers on it’s boarding passes when people check-in. Why these numbers are not used for seat assignments is a question that only Air Deccan can answer. Apparently, they use these numbers to identify which passengers have / have not boarded the flight.

Unitl these companies realize that cheap tickets should not mean cheap quality the consumers will continue to remain at a loss in these airlines which are advertized as a “high value for money”.

I came across the interesting Skype4Com API that could aid users to dial several numbers using skype.
To install Skype4Com simply unzip the contents of the archive and execute the following command:

c:\> regsvr32 Skype4Com.dll

Upon executing this you can use the Skype4Com API using .Net (C#, VB Script) and even Python.
One can even generate DTMF tones to dial in to 1-800-numbers and automate the process so you can directly get through the initial wait times and directly speak to the customer representative.