Danny Tech Security

[ New DTS PDF Cover Page ] For past few weeks I been reviewing, learning coding, and trying out the new android tablet. I decided that instead of using the same logo cover page image I'm going to change it every season. Below is a cut up of the DTS cover page picture. The new PDF tutorials will begin May 3, 2011. Up coming tutorial for tomorrow .... How to install and configure Nagios.

This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I did not want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, RaginRob, stasik, and Solar Designer. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum. The PDF cover both getting the SAM from inside windows and from the BackTrack CD, DVD, or USB flash drive. The SAM is the Security Accounts Manager database where local usernames and passwords are stored. For legal ...

OWASP attempts to make videos of presentations made by there members and at there conferences concerning application security whenever possible. The slides for most of these presentations are available, linked to the conference agendas. In episode 2 it illustrates SQL Injection, discusses other injection attacks, covers basic fixes, and then recommends resources for further learning.  Here are a couple of links on how to secure your SQL server SQL Injection Prevention Cheat Sheet XSS (Cross Site Scripting) Prevention Cheat Sheet

In the Linux Distribution BackTrack 4 it has the Social Engineering Toolkit otherwise known as SET. The homepage for SET is http://www.secmaniac.com/ and there is more useful information there. I am particularly impressed by the new java applet function is SET which allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. To see this operation in action Click Here . If you want to install it on your own machine then there will be a tutorial on how to set this up on Saturday.

Let's say you have limited access at a work place and manager wants if a user has access for something that they requested and you don't have the proper access to check. Today I will show you how to check access on limited access. The way that this example is setup is by virtual environment from Windows 2003 Server to Windows XP. Tools Virtualbox (free edition) running in local environment rdesktop (free) vmware (trial) Windows Server 2003 Enterprise Edition (Student Version 180 days trial) running in a remote location The picture above is typical Windows Server login. It just shows that I am running server OS. Ok let's move on. We are going to check on a user on " DTSAdmin " At the command prompt type " net user DTSAdmin /domain " it will gather from the server a lot of good information as shown in the picture above. If you don't type the " /domain " syntax the computer is going to think that user name is at t...

The Problem   As you notice when upgrading to Ubuntu 10.04, Ubuntu 10.10, or using the latest BackTrack4. There is an issue with the latest kernel build of 2.6.35-35 which does not allow setting a specific channel and also it will not allow to perform packet injection in the Aircrack-ng suite.  For a solution please read the PDF. Title: Fixed Channel -1 File Name: Fixed Channel -1.pdf File Type: PDF File Size: 1.6 MB Download Now

The new kernel 2.6.35-25 has issues when wireless cards are put into monitor mode. To check the current kernel version on your system use the " uname -r " command and that would display the current kernel. For example if you use airodump-ng it would say " fixed channel mon0: -1 " like seen in the screen-shot below.   This Saturday I will show step by step to solve the " fixed channel mon0: -1 ". Why is this a big issue, this affects other applications that require monitor mode such as Kismet which also means when a user want to do a packet injection the card can't provide that function. On the tutorial for this Friday I will show you how to patch this problem with a Atheros wireless card. The following Linux Distro's have 2.6.35-25 kernel Ubuntu 10.04 Ubuntu 10.10 Backtrack 4 R4 Any other Linux distro that is keep up to date. If your still using previous versions of Ubuntu or BackTrack then this does not affect you, but i...