Adrielle Our Daughter born into Heaven

The following poem was written by my wife for our daughter Adrielle

The day we knew you were on your way
We were so delighted and happy
Sent from the highest heavens above
Truly you were God’s gift of love
Perfect of God’s creation you were my baby
You were a reflection of your Daddy
Six months I carried you in my womb
Never thought I’d have to place you in a tomb
I think of your tiny hands and feet
My darling you looked so sweet
Our arms are empty our hearts are sad
You’ll always be missed by your mom and dad
Our hearts are filled with sorrow
Wish Jesus would let me borrow
A day of you in my life
Is all I ask of Him amidst this strife
How I yearn to hold you
Want to whisper I love you
Want to hug you and kiss you
Want to nurse you and rock you
Your eyes were closed when you were born
I wonder if they were black or deep brown
Dada spoke to you every night
As he kissed us both good night
Do you still remember his voice
To be born into heaven was God’s choice
Heaven is now your home
And baby you are not alone
The multitude of angels give you company
As you praise and sing hymns many
You have the lap of Jesus to play
And Mamma Mary to help you sway
My dear baby Adrielle
Darling you are a sweet angel
All I now do is to think of you
Waiting in hope someday to meet you
Will you be there at Heaven’s gates to welcome us
Once our days are done and we are buried here in dust
And then in Heaven ill hold you, hug you and kiss you
Play with you and tell you all the things I wanted to
Till then my daughter Adrielle
Watch over us like our guardian angel
Knowing that we always love you
And forever we will miss you.

Exploit development

Now that you have done your search or some friend of yours has told you about this link and you reached here, you expect some stuff on exploit development and that is what you would get here. I have a presentation put together based on the sample chapter of Writing exploits III that is available on the Metasploit website.

The presentation would give you the basic knowledge of exploit development and not make you an expert in this subject. To become an expert you will need to read a lot of documents and white papers some good white papers are available at http://www.uninformed.org/ skape and HD write on this site and have some interesting documents in place.

You can download the presentation from the following like

http://rapidshare.com/files/10008721/

Exploit_development_using_Metasploit_framework.pdf.html

Have fun in your exploit development , lets make the world a better place

I have a WebCam (Am i safe)

“I got a new flashy webcam”. “Hey that is not great I have a laptop with an integrated webcam isn’t that cool”. These are a few things you get to hear these days with kids on the block. I am sure some parents, just to make there kids happy get them all they want but really have no clue what that stuff does or how it works.

Now the kids know how to use it but do not know how stuff works. I am not here to tell that kids these days don’t know how stuff works but most of them just know how to use all the stuff that is available in the market.

Now let us get to the point. I have a webcam/camera that can be connected to my computer and I can show my pictures live or cached to the beautiful world out there. Now I know I said I can show, well what if someone wants to see me? He/She needs to ask me for my permission to see my live feed from the cam. But can access whatever I have hosted on some site, say a recorded video on may webpage. Sounds good doesn’t it.

I know all out here, if not all most of them use some or the other chat services that is out there (Yahoo, MSN, Etc, etc.). Most of the chat services provide us with the feature of video conferencing and we love to see people when we talk. How would you feel if you were seen even without you knowing about it? I know you are feeling uneasy about that thought. I too did feel the same when I thought about it.

There are claims that the software with the name sneak a peek (sap) can view webcams without the user knowing it, of users who use yahoo messenger. I have never tried this software as of now and I don’t intend to try it. I have also read on the Wild Wild World out there that it is a scam to make money and it does not work. (I do not know whom to believe now)

There are two software’s that claim to do that but the one that most people come across is the one that just is going to make you anonymous when viewing someone’s cam on yahoo messenger (You still need to get permission from the user to view the cam). But on the other had the software that I am talking about claims to let you view the cam with out the users knowledge. Below are some images from the site of the software.

Kids and parents out there need to be careful what you use. There are people who get a high out of seeing people in there most private of places. As most of the people are connected to the net (WWW) most of the time and they have there messengers running by default on the system, some one could just assess the webcam and see you when you don’t intend anyone to see you.

Parents on the other hand make sure that you have a proper security (Information security) in place for the computers that you or your kids use. Do not think that it is a home computer and no one would want to access that.

Make sure you understand what a personal firewall is and how to configure it.
Make sure you know what the ISP (Internet service provider) protects you from and were to report any abuse
Make sure you educate yourself and your children on how stuff works and what people do out there in the Wild Wild World
Make sure you have the latest patches/software on your system so that someone does not break into your system and access it.

Conclusion:
I am not saying do not use the webcam, nor am I saying that you have been seen by people without your permission. But saying be careful while using the gadgets that are available out there. We never know what new gadgets do other than making our life more interesting and fun.

Privacy? is it true !!!!!!!!!

Let’s talk privacy. How would you feel if someone in the world kept a watch on you and all that you do all the time? I know no one would like it. I am not talking about God who keeps a watch on us all the time. God is fair that is why no one ever feels that his/her privacy is breached. What if instead of God it was a machine or a grid of machines that keep a watch and record all that we do or say, now I don’t think you would be feeling anything fine about it. Because we humans are not fair and it was the rules and policies that we made/make created something called as privacy. If we never had any secrets or if our governments, organizations did not want to hide anything from the world or each other we need not have anything in private.

I know you use Google to search the web, Google logs all the keywords that you search and maintains it in a permanent database to track and analyze user behavior and preference. Now when Google logs this data do you think they would not log your IP address and other details like the browser that you use, oh did I miss the operating system. Is that breach of privacy?

When you send an email from your office it s sent via the office email server. Now the smart ones are thinking that is known to all. Oh how did your boss know what you were doing in the office and what emails do you send and receive. The emails are scanned for key words and stuff like that (All organizations do not have that practice) so does it stop the organizations from seeing what you do? Did you ever read what you signed when you joined the organization? (Someone will rush back home and read it)

Your data is backed up in a central server. You are so happy you will never loose data and so is someone else who can see all your data. We know in today’s world data is all important. What if your data that is backed up to a central server can be accessed by anyone with the appropriate privileges? Have you thought about it before letting your system being backed up? You could have had information that belongs to you and only you. But now that the information is residing on an alien system you have no control over it and anyone can do anything with it.

Our lovely yahoo, hotmail and other web-mail services. We all use it to keep in touch with our dear ones. Did you know that those emails are scanned for sensitive data and some key words (I can’t write the key words out here, how do we know that this blog is not scanned for it). If any of the key words are found it will be reported to the 3 letter acronyms organizations and background verification process is executed. If you are found clean you are good to go and no action is taken. If you are found to have connection with any of the unwanted element of the society, the hunt begins.

I don’t know if I should really write about the telephone conversations that we have with our loved ones. Is it been recoded by the service provider? just because the government asked them for it.

Do we really have privacy or is it an illusion that is drawn in front of our eyes. May be yes may be no, but do we know the truth about it or are we just trying and believing so that we can be at peace. May be we will never know.

Detecting Wireless Access Points based on its MAC

I hope you have read my previous post about detecting wireless access points. Now as promised let me give another method of detecting wireless access points. I remember some time back seeing on the website of Microsoft that they were able to detect the wireless location and so on, I am not sure about the complete stuff as I did not go to look into it a lot.

But they did use the MAC address of the access point or the wireless device to detect the make of the device and so on. We can use the same method to detect a wireless access point via the Ethernet network.

This Information is Education purpose only.

Background

MAC stands for Media Access Control. Every Original equipment Manufacturer (OEM) has a range of MAC address that they need to us so as to not have two devices with the same MAC address i.e. every device/system on the network has unique MAC address. The Vendors MAC addresses details are registered the details can be found in the following website http://standards.ieee.org/regauth/oui/index.shtml

Approach

We can use the MAC address detail to detect the wireless access points. It is as simple as that. I know, how do we do it? Is the question in your mind. To cut the story short we can use a tool called as APtools (http://winfingerprint.sourceforge.net/aptools.php). This tool will help you get the MAC address list (ARP table) from your switch or the router and compare it with the MAC address that it knows and can detect/identify the access point.

Thank you for this tool vacuum. If not for this tool we would have to manually compare the MAC.

Conclusion

The script kiddies will just use these tools with out even knowing what they are doing. But the better hacker will learn the technology behind the tool and use that knowledge to teach the world the new things and make the world a better and more secure place.

Story of my Life

I am sure that you would have heard the song Video killed the Radio starts. Sad but true, that is the story of my life. The difference is that this business and these so called business men/women kill me everyday.

There was this day when I was asked for some information. I was so excited and was ready to help as I am always (This is the reason why they kill me). As the person that I am I tried and gave the information that was needed. I thought it was done and all was well.

Surprise Surprise it was not good, the reason was not that the information was wrong or I had not done my part, I did not even dream that the reason was because I did not sugar coat the email, what a joke. They expected me to write nice words and sentences in the email so that the person who reads the mail feels good. (Now why should I sugar coat the words when I was asked for specific information)

What bothers me is, why is it necessary to sugar coat the words when you can be to the point and give the information that is asked out of you. (I would agree if I was writing an email or a letter to a person who is in a bad mood and I was supposed to make the person feel good) I know there will be some people who will not agree to my point of view. But I know why you think so. Because you try and make people feel good just by sugar coating the words, but you don’t mean a single word that you say.

Life would be much simpler and better if only we could be more genuine at heart then at our brains. It would have been much better if we could be straight to the point then to play games and make people feel something that we don’t mean.

I will not change even if the world changes for God made me in his image and I do not want to anger my God. I will be the person who remains at the heart and not go to the brain and this will be till the end of time no matter people take advantage of me for what I am. You laugh at me for I am different, I laugh at you for you all are the same (I don’t know who quoted that first)

Detecting Wireless Access points

I was recently asked about how we can detect a wireless access point via the ethernet network and I remembered OS fingerprinting will help. Then i saw that tools like Nessus and Nmap would help. So I put together a document that explains the steps to detect the wireless access points via the Ethernet network (LAN). Some parts of the document are taken from "Using Nessus to detect wireless access points".

This information is provided for educational propose only

Background
Every device/system that is connected to the network would have a protocol stack implemented on it (TCP/IP). The implementation of the protocol stack defers from device to device and or vendor to vendor. Using this documented difference we could identify the remote device/system.

Approach

Keeping the protocol stack implementation in mind we could use tools like Nmap and Nessus to identify the remote device/system. (Thanks to Fyodor for a wonderfull tool like Nmap)

Using Nmap we can execute port scanning and active OS fingerprinting with the options –sT which will result in identifying the open ports on the remote device/system. Using the –O option of Nmap we can actively fingerprint the remote device/system. Based on the result we can analyze and identify the remote device/system to be an WAP or not. We may need to use the –P0 option of Nmap if the ICMP protocol is disabled on the network.

Nessus has a plugin ID #11026 to detect WAP’s and it is named “Access Point Detection”, it was originally written and submitted by John Lampe. This plugin will execute four different techniques which are includes the above Nmap method. The methods that Nessus executes are as follows:
• NMAP TCP/IP Fingerprinting
• HTTP Fingerprinting
• FTP Fingerprinting
• SNMP Fingerprinting

To detect WAP’s nessus needs to be configured in the following way:

• Perform an update of the Nessus plugins to make sure you have the latest version of plugin #11026. This is accomplished by running the nessus-update-plugins command
• Configure a new scan by selecting plugin #11026 (Access Point detection) in the “General” family
• Enable a port scan for ports 1-100. If you want to decrease speed, you could also try scanning ports 21 and 80
• Make sure that “Safe Checks” are DISABLED
• Make sure that “Enable Dependencies at Runtime” is ENABLED, otherwise OS fingerprinting will break as well as some of the SNMP probes

I hope Nessus remains free for the life to come :)

Hope these steps help you in your activities. I would be posting more information on detecting wireless access points via the LAN. The next time will be a different technique, just to give you a heads up it is MAC based.

The Beginning

As the days pass, I try and forget the past. The past that was full of s!@#!@#!@$ and look forward for a better tomorrow. Today I woke up for that new day when I felt all new from inside just to know that it was always in my hands to change what I felt.

Now I have partner in my life who understand me and I understand her, she makes me feel like I am that perfect man she always wanted. But deep down i too know no one is perfect and we all come with our weakness and drawbacks. I try and tell her that every day but she somehow makes me to believe that that is not true and there can be people who are perfect.

All my life I have been a hacker, I know people think that hacking is bad thing. Now for all those people who think hacking is a bad thing let me say " NO its not", Cracking is a bad thing. Now its up to you to go and figure out the rest, I cannot spoon feed you, I am not used to doing that or taking that.

I know people who access this page would think that the blog says its going to talk about security, but you find nothing about security now, I will be posting stuff about security soon but I wanted to start it with how I feel how my life goes on, if I am not mistaken I have also written that you would know about hackers life and you can use the experience to make a better tomorrow. I know my life some day will help people to lead a better life, now I don’t mean that you don’t lead a good life. It is just that my experiences may help some one on earth to may be overcome certain obstacles that all of us face in our life one day or another.

All the hackers who came to see this blog, there will be stuff about hacking, information security and all that soon out here so keep dropping by and keep saying “Hi”.