Hackosis

I got hacked not too long ago, so I decided to setup snort patched with snortsam to stop the intruders. This acually works very well.

They got in by brute forcing a log in page for the web mail interface. The intruders also used the compose mail page to send spam after they broke in.

I wrote my own snort rule to detect and block brute forcing and sending spam through the web mail (It will only block if you have snortsam properly setup). This rule blocks anyone that does an HTTP POST more than 30 times within 60 seconds (I believe it is a ratio – average of 2 times per second).

HINT: Replace X.X.X.X with the IP of your web server. Take out the “fwsam: src, 5 minutes;” if you are not using snortsam (you should be ;p). Replace 123456789 with your own custom ID and make it large so it doesn’t conflict with default snort rules.

Have you wrote any custom snort rules or do you have a suggestion to improve this rule? Show us in the comments.

Emerging Threats hosts the only open snort rule set.

Emerging Threats is funded by National Science Foundation and the Army Research Office.

You can download the rule sets separately or all at once.

Check out the perl script to automatically update your iptables, Honeywall and Smoothwall configurations, and the inline snort config.

Confused? Read the Emerging Threats documentation site.

What is Snort?

SNORT® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.

If you use snort and don’t already know about Emerging Threats I am sure it will help you out on your intrusion detecting escapade. If you have any tips for using Emerging Threat’s rules let us know in the comments.

You have multiple computers, and your desk is cluttered with keyboards, mice, and monitors? You desperately need more space, and you are tired of moving your hands the long way from one keyboard to the next? Do not worry any more – rescue is here in form of synergy.

Synergy is a nifty little program which allows you to share your mouse and keyboard with other computers on your network. Just move the mouse out of your screen and it magically appears on the screen of the next computer allowing you to type there. Additionally, you can share cut and paste selections, so you can cut something on one screen/PC, move the mouse to the other screen and paste your selection there . Synergy is available for Windows (XP, NT), GNU/Linux, Mac OS X, and Unix. And the best thing is you can even mix different operating systems. Sounds interesting? So let’s see how it works.

Synergy is composed of a server (synergys) and a client part (synergyc) which communicate with each other over a network to exchange keyboard and mouse events. The server is started on the main PC whose keyboard and mouse should be shared, and the client is started on each machine which should use the input devices of the server. In the configuration file, you define which screen is to the left, right, top, or bottom of each monitor. (like in other multi-monitor setups). If the mouse is moved over an edge, the control events are sent over the network to the host which is defined in the configuration.

Get it

There are binary packages available at the synergy sourceforge page, but if you are using a OS with package management system I recommend checking if it is available there first. Install synergy on every machine which should participate in the input sharing.

Read the rest of this entry …

Infinity Exists features many ‘how to’ videos to quench your inner thirst for exploit information. Topics include lock picking, password cracking, email spoofing, SQL injection, and much more.

What are you waiting for? Go check out the videos!

By using a web host that has PHP you can bypass almost any web filter and access blocked sites by using a proxy script named Glype.

From the Glype site:

Glype Proxy is a free web-based proxy script written in PHP. It allows webmasters to quickly and easily set up their own proxy site. There is a huge market for these proxy websites that allow both anonymous browsing and bypassing network filters at school, college or work.

Despite the huge popularity of these sites, the choice of scripts available is limited with most either incomplete or problematic. Glype Proxy is intended to be a fast and reliable alternative to the widely used PHProxy (now discontinued) and CGIProxy.

The process of installation couldn’t be any simpler:

1. Upload the contents of the ‘upload’ folder inside of the Glype download to a secret directory on your webserver. It is a very good idea to add password protection to this directory (thanks Roland)

.

2. Navigate to the appropriate URL where you installed Glype. Ex. http://yourdomain.com/mysecretdirectory/index.php. You should see a screen similar to this:

   

3. Type the URL in the box and browse away!

Now you know how simple it is to bypass any web proxy with your very own! Note that Glype also has many other configurable options such as themes (the default is horrid), blacklist/whitelist, plugins, and more.

If you have different PHP proxy scripts that you use, let us know in the comments. How do they compare to Glype?

MySQL is an excellent open source database system. Replication is a great way to keep data redundant in case of a server crash. However, replication should not take the place of backups in case of data corruption or mis-entered data – as this data will also be replicated to the slave.

MySQL replication takes place in a master-slave configuration. Be aware that by using the configuration – only changes made on the master are replicated to the slave. Any changes on the slave will not be replicated to the master.

Following the steps below, you can have MySQL replication setup in no time at all.

Source: MySQL Dev Site
Read the rest of this entry …

Nothing is worse than entering repetitive, monotonous commands into a router to accomplish a simple task. By using PHPTelnet we can create a script that will make use of a web form to provision (create pvc or a Private Virtual Circuit) DSL customers in a Cisco router. The script will also write to a log file for security and troubleshooting purposes. This script could be used for many other tasks as well as it is very easy to modify.

NOTE: Depending on your setup, you may need to make modifications to the script.

First, I will focus on the PHP script, and then the web form.

The first part of the script will call in the PHPTelnet.php file. And grab the variables from our web form with the POST method.

require_once "PHPTelnet.php";

$telnet = new PHPTelnet();

$vpi = $_POST['VPI'];
$vci = $_POST['VCI'];
$spd = $_POST['SPD'];

This next section deals with logging the requests to a file named ‘log.txt’. Make sure you manually create the file first.

//Log actions to file
$logfile="log.txt";
$fh = fopen($logfile, 'a') or die("ERROR: can't open file");
$stringData = $_SERVER['REMOTE_ADDR']." added ".$vpi."/".$vci." ".date("m-d-y.h:i")."\n";
fwrite($fh, $stringData);
fclose($fh);

Initiate the connection. Make sure to modify the IP address, username, and password.
Read the rest of this entry …

Freenet is a relatively new P2P project in which members act similar to that of a cluster, donating hard drive space and bandwidth. It is similar to the Tor network in the fact that connections are encrypted and re-routed through other members of the network.

What’s different about Freenet is that you also dedicate parts of your hard drive for file storage. What is even more interesting is that you have no control over what is stored in your ‘data store’. Less popular files are deleted to make room for more popular files. The files are encrypted so that you ‘might’ not be held responsible for what lies within your data store.

Freenet is not only for storing files, but also allows you to create Freenet websites called ‘Freesites’. Also usenet, email, and more is possible on the Freenet.

Freenet is open source and runs anywhere Java runs. Windows, Linux, or Mac should work fine. After installing the interface is accessible through a web browser. Remember, Freenet is still in alpha stage so there may be some bugs.

Read more and download at the Free Network Project website.

Open source, cross platform Vidalia is a Tor GUI that runs on Windows, Linux, and Mac.

Simply put, Vidalia makes it really easy to setup, configure, turn on and off, and configure relays for the Tor network. Complete with bandwidth graphs and network maps, Vidalia should have everything you need to get started and stay on the Tor network.

After installing Vidalia, it is as simple as pointing your browser’s proxy setting to 127.0.0.1:8118 to start using the Tor network.

You can even choose which country to originate your connection from. Don’t get too frisky now. ;)

Vidalia Homepage | Vidalia Downloads | Vidalia Screenshots | Vidalia Support

Why spend $100 on a WiFi repeater when you can make your own $10 super duper WiFi antenna? Retaliate.

Items needed:

• 35-mm foam (like the kind desktop and laptop PCs usually come with)
• Solid-core copper wire
• Small brass plate
• Multiple BNC connectors

Follow the instructions in the video to get started:

Do you have any more nifty WiFi hacks? Let us know in the comments. { via tech.nocr.at }