Connect With Me In Facebook

Welcome to DefendHackers, If u want to Apply for a Blogroll as a Author , With h4ckfreak Mail me @ suren.click@gmail.com

Mark Zuckerberg tells 8th graders “there’s no shortcuts” and to make friends

By h4ckfreak

Metasploit Quick Start Referennce Guide

Metasploit Quick Start Referennce Guide , By h4ckfreak

IP Security

IP Security By H4ckfreak.

15 Network Admin Apps for Android

15 Network Admin Apps for Android , By h4ckfreak

Break All OS Passwords Using KON

Break All OS Passwords Using KON , By h4ckfreak

Recover Or Reset Ur Windows Pwd Using Ubuntu

Recover Or Reset Ur Windows Pwd Using Ubuntu , By h4ckfreak

Security Blueprint For Ethical Hackers..

By h4ckfreak

Blocking IP Using IPSec

By h4ckfreak

Preventing DDos Attacks, Combat Steps abd Tools...

By h4ckfreak

Thursday, March 18, 2010

Cisco Best Overall Home Network


Cisco has announced the Grand Prize winner of its competition for the best overall home network using Cisco equipment. This competition is run among Cisco employees. The winner is Iwan Eberhart, Frauenfeld, Switzerland. His Home Network is shown in the figure below:
cisco home network
“I enjoy having the latest and greatest technologies at home, too,” he says. In fact, not a day goes by that Eberhart doesn’t use his home network for work, play, or both.
As you can see, Eberhart uses his home network for TV and Movies, Centralized Storage of his media collection, Sound and Music, IP Telephony, Home LAN gaming etc.
Eberhart’s prize-winning home network evolves continually as new technology becomes available. His next plan is to consolidate the three devices in his living room. One option is to use the KiSS Technology set-top box to stream local movies and MP3 files, which would enable Eberhart to relocate the media player to his bedroom. Or, if his service provider agrees, he might install the Microsoft IP/TV client on a new Xbox 360, which would let him move the set-top box to his bedroom.
He plans to use the prize money to buy more home network gadgets

How to Configure DHCP on Cisco 851 or 871 Router




DHCP stands for Dynamic Host Configuration Protocol. Basically it’s a mechanism which assigns IP addresses to computers dynamically. Usually DHCP is a service running on a server machine in the network in order to assign dynamic IP addresses to hosts. All Cisco 800 series models have the ability to work as DHCP servers, thus assigning addresses to the internal LAN hosts. Without a DHCP server in the network, you would have to assign IP addresses manually to each host. These manually assigned addresses are also called “static IP addresses”.
In this post I will show you how to configure a Cisco 851 or 871 router to work as DHCP server. The same configuration applies for other 800 series models as well.
Router> enable
Router# config t
! define an IP address pool name and range
Router(config)# ip dhcp pool LANPOOL
! define a network range for the addresses that will be assigned
Router(dhcp-config)# network 192.168.1.0 255.255.255.0
! define a dns name to assign to clients
Router(dhcp-config)# domain-name mycompany.com
! define a default gateway for the clients
Router(dhcp-config)# default-router 192.168.1.1
! define the dns server for the clients
Router(dhcp-config)# dns-server 100.100.100.1
! define a WINS server if you have one
Router(dhcp-config)# netbios-name-server 192.168.1.2
Router(dhcp-config)# exit
!The following addresses will not be given out to clients
Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10



Cisco Router 851 – 871 Interfaces and Basic Configuration

Monday 29 June 2009 @ 6:01 am
Cisco manufactures routers for all markets, ranging from SOHO up to large service provider models. The Cisco Router 800 series belongs to the lowest SOHO end. The most popular models in the 800 series are the 850 and 870 broadband access models which come with different types of WAN broadband interfaces (the difference between 850 and 870 is that the 870 models have higher throughput, support 10 VPN tunnels instead of 5 and also support VLANs with the proper IOS version). The 851 and 871 are equipped with a 10/100 Ethernet WAN interface which means that your ISP should provide you with a broadband modem offering an Ethernet connection towards the customer.
I’m getting a lot of questions about the interfaces of 851/871 routers and how they are arranged. I hope this post will clarify some things. The figure below shows the back panel of Cisco Router 851/871.
Ports FE0 up to FE3 under the LAN group can be used to connect internal computers or maybe to an internal switch to expand the number of internal ports (see points 1,2 in the figure above). These ports are actually Layer 2 switch ports, and not regular Layer 3 router ports. They are assigned by default to VLAN 1. You can create more VLANs and assign each port to a different VLAN (870 series), thus creating extra segmentation for your internal LAN. You can not configure IP addresses directly on the interface ports. The IP address must be configured on the Interface VLAN 1 (we will see example below).
Port FE4 is the WAN interface which must be connected to the ISP DSL broadband modem (see point 3 in the figure above). This port is a normal Layer 3 router port, which means you can configure IP address directly on the interface port.
Default Configuration for 851 – 871 Router
The Cisco 851 and 871 routers come with some preconfigured parameters (IP addresses etc) which might be in conflict with your current network topology. What I suggest is to erase the factory’s default startup configuration before you begin configuring your router for the first time. This allows you to start with a clean state and configure the router with all the features you need and leave off any that you don’t want. Connect with a console cable and after you get a command prompt execute the following:
Router> enable
Router# erase start
After you confirm the command, all the default configuration will be deleted. Power off the router device and then power on again. You will get a prompt as below:
Would you like to enter the initial configuration dialog [yes/no]
Type no and press Enter. This will give you a command prompt (Router>) and you are ready to configure your router from scratch.
Type show run to see the current configuration which looks like the following:
(some output omitted)
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
no ip address
duplex auto
speed auto
interface Vlan1
no ip address
Initial Interface Configuration
From the above output you can see that FE0 up to FE3 are shutdown and also there are no IP addresses configured to any ports. You need first to enable FE0 to FE4 and then configure IP address under the “interface Vlan 1” and also under the “interface FastEthernet4” port. Notice that you CAN NOT configure IP addresses under the “interface FastEthernet0″ up to “interface FastEthernet3″ ports. Those ports are Layer 2 switch ports and will inherit the IP address you assign under “interface Vlan1″.
Example:
Assume that the internal LAN has IP network range 192.168.10.0/24. Also, our ISP has assigned us a static public IP address of 200.200.200.1 . Let’s see the interface configuration below:
Router(config)# interface fastethernet 0
Router(config-int)# no shutdown
Router(config-int)# exit
Router(config)# interface fastethernet 1
Router(config-int)# no shutdown
Router(config-int)# exit
Router(config)# interface fastethernet 2
Router(config-int)# no shutdown
Router(config-int)# exit
Router(config)# interface fastethernet 3
Router(config-int)# no shutdown
Router(config-int)# exit
Router(config)# interface fastethernet 4
Router(config-int)# no shutdown
Router(config-int)# ip address 200.200.200.1 255.255.255.252
Router(config-int)# exit
Router(config)# interface vlan1
Router(config-int)# no shutdown
Router(config-int)# ip address 192.168.10.1 255.255.255.0
Router(config-int)# exit
Notice that we configured IP addresses only to fastethernet 4 and vlan1. By default, interfaces fastethernet 0 to 3 are assigned to VLAN1 so anything you connect to those interfaces (internal LAN hosts) will belong to vlan1 network range 192.168.10.0/24 and they must have as default gateway the address 192.168.10.1.

Prevent Spoofing Attacks on Cisco ASA using RPF


A common attack found on TCP/IP networks is IP spoofing. This is usually used for Denial-of-Service, Identity hiding, or even to bypass firewalls or Access-Lists security rules. The spoofing attack works like that:
  • A malicious attacker sends packets towards a target host.
  • The attacker disguises itself by inserting a fake source IP into the packet. This fake source IP address in the packet either does not exist at all or it might be a legitimate IP address of some other host located on some other network.
  • The reply traffic from the target will never reach the attacker because the attacker’s source address is bogus. Therefore the identity of the attacker remains unknown.
  • This can cause resource-exhaustion on the target host because it will create several “incomplete” TCP connections in its memory.
A Cisco ASA Firewall can identify a spoofed packet by using Reverse Path Forwarding (RPF). RPF can be enabled on a per interface basis. As soon as RPF is enabled on a specific interface, the ASA firewall will examine the source IP address (in addition to the destination address) of each packet arriving at this interface. Normally, any Layer 3 network device examines only the destination address of packets in order to know how to route the packet. By examining also the source IP address of the packet, the firewall can verify if the packet is spoofed or not. The firewall will try to find the reverse route (the path back towards the source) in its routing table. If a reverse route is not found on the interface where the packet arrived, it means that the packet is spoofed and will be dropped immediately.
Lets see the diagram below to clarify the concept of Reverse Path Forwarding:
From the diagram above, an attacker tries to spoof the inside network 192.168.1.0 by using a fake source IP in the packet (fake source IP 192.168.1.1). It sends the packet towards its target host which is 192.168.1.10 (destination address in packet).
On the ASA we have configured RPF on the outside interface as following:
Ciscoasa(config)# ip verify reverse-path interface outside
The ASA will examine the source address of the spoofed inbound packet and will see that source IP 192.168.1.1 belongs to its internal network. A packet with such a source IP should never arrive from the outside interface. Therefore the packet will be dropped. The ASA performs the RPF check by using its routing table. The routing table shows that network 192.168.1.0/24 is towards the inside interface of ASA (assume that we have already configured a static route for this internal network).

All About IP`S:





Getting Ip's:--
To see the ip all computers you are connected to (web servers, people attempting to hack into your computer).
Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.
Type netstat -r at the command prompt to see the ip of all computers you are connected to
In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.
When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are seperated by a : . Different programs use different ports, so you can work out which ip's are from which program.
Connecting to other computers and what ports are:--
Servers send information. Clients retrieve. Simple.
Windows comes with a built in program to connect to other computers called telnet.
To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system
Ports are doors into computers. Hosts are computer names
(ip number or a name that is translated into the ip automatically)
Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is:
11 :- Sends info on the computer
21 :- FTP (File transfer program)
23 :- Telnet (Login to the computers command line)
25 :- Smtp (Sends mail)
80 :- Http (Web pages)
There are thousands of different programs using different ports. You can get programs called portscanners which check a computer for all ports up to a certain number, looking for ways in. You can portscan a computer looking for ways-in.
Anyway, back to telnet.
Type www.yahoo.com as the host and port as 80 the click connect.
If nothing happens, you're in. Wow. You are connected to Yahoo's server.
You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about.
Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)
Allowing dos and regedit in a restricted Windows
See http://blacksun.box.sk/tutorials/format.php3?file=windows.html for some very cool tactics.
A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0
Save it as something.reg then run it. Simple.

Making undeletable, unreadable folders
Tested on Windows 95/98
By holding down alt, then typing numbers on the number pad (right of the keyboard) you can create special characters. If you hold down alt, then press 1, then let go, you got the ascii character 1. You try some randomn numbers. This goes all the way up to 255. Open a dos prompt, and type md (alt+1+9+4)someword. md is the dos command to make a directoy, now try and open the directory in Windows, you can't. To open it, type ren (alt+1+9+4)someword someword (ren is the dos command to rename)

Proxies
Proxies are computers that you connect through, hiding your computer. Most aren't anonymous, they give away your ip. Some are. Good anonymous proxies: mail.uraltelecom.ru:8080 and 194.247.87.4:8080.
Different programs require different ways of using proxies. To do it in internet explorer 5 go to tools, internet options, connections, settings. In the above proxies they are in the format host:port

Password files
If you lock yourself out of Windows stuff, all passwords are stored in files called *.pwl in C:windows. Download showpass.zip from hereto view all passwords stored. Or rename the files to .bak to delete passwords.
In Unix, passwords are normally stored at etc/passwd. This can be viewed using the cat command (prints a file to screen): cat etc/passwd. Make sure you're passwords are shadowed (not actually in etc/passwd). Also make sure they aren't in a file called shadow, especically not in a file called etc/shadow.

All about Telnet 101

Don't use this for illegal stuff::



Introduction:

Telnet is used to connect to remote machines through emulation. This means that
it can connect to a server, any server instantly because of it's ability to emulate (copy)
remote computers.

Lets Start:

In Windows, Telnet can be found by going to Start -> Run and then typing telnet.
The application should then pop up. If you don't have Windows, there are many Telnet alternatives for mac, linux etc. Since I don't know any,search the internet for Telnet for Linux or Telnet for Mac and you should find something instantly.


If you have a PC and are using Windows 98/95, 2000, Me, or XP continue...


As you can see, Telnet has 4 menu options. These are Connect, Edit, Terminal, and Help.

If you click Connect, you should see more options. Here they are.


Connect:

Remote System..
Disconnect

Exit

Names of servers you have been on.


To connect to a server, click Remote System...

This will then take you to a dialog box that has these fields:

Hostname:
Port:
TermType:

There should also be a Connect button and a Cancel Button.


Lets go over these & what you should put in them.





-Hostname-


The Hostname can be the address of the website your going to be connecting to:

http://www.oreos.com

or it can be the IP address. Keep in mind that you can only connect to servers and not to clients (other PCs)

an IP Address looks like this:

210.111.23.45




-Port-

Port can bb either the port number you wanna connect to on the server (Port 80 is the Internet, Port 23 is Simple Mail Protocol then there are some more ports for different things..)

or you can keep it Telnet and see what happens.




-TermType-

TermType is the type of Terminal telnet will be acting like.
This doesn't matter most of the time, so you can keep it to default or try other ones if you want.


When you have all this set up, you can Click Connect & see what happens.


Note: Sometimes many servers don't like anon people just logging on, so be careful when logging onto servers, because sometimes it might be some big company that likes bullying people or just SOMEONE who likes bullying people and then they might want to find you or trace you or something and I know for a fact you don't need that happening.

Another Note: When you go to a server and type something, such as a login name or a password, you might not see anything even though you are typing. this is a feature that telnet or the other server uses. It's for some kind of safety measure.

Ok that's all for the Connect Menu, lets go over the Terminal menu.

The terminal menu should have 3 options:

Prefernces
Start Logging
Stop Logging.

-Prefernces-

If you go to this, a dialog box will come up with various options. Here, you can change the
text color & background color of the program, and you can enable Local Echo, which shows
you everything you've typed, Blinking cursor if you want the cursor to blink check it, if not uncheck, Block cursor if you want the cursor to be shown as a block, VT100 Arrows, don't worry about these they are useless, Buffer Size, this allows you to set the number of lines of text you want to be shown before the screen starts to scroll, The Terminal emualtion type, always have this set on the default unless you know what the second one is and you know what your doing.


-Start Logging-

This logs everything you do on Telnet in a log file on your computer.


-Stop Logging-


This will stop logging processes.

Converting an IP address to an IP Number


IP address (IPv4 / IPv6) is divided into 4 sub-blocks. Each sub-block has a different weight number each powered by 256. IP number is being used in the database because it is efficient to search between a range of number in database.

Beginning IP number and Ending IP Number are calculated based on following formula:
Quote:
IP Number = 16777216*w + 65536*x + 256*y + z (Formula 1)

Quote:
where
IP Address = w.x.y.z

Quote:
For example, if IP address is "202.186.13.4", then its IP Number "3401190660" is based on the Formula 1.

Quote:IP Address = 202.186.13.4

So, w = 202, x = 186, y = 13 and z = 4

Quote:IP Number = 16777216*202 + 65536*186 + 256*13 + 4
= 3388997632 + 12189696 + 3328 + 4
= 3401190660

To reverse IP number to IP address,
Quote:
w = int ( IP Number / 16777216 ) % 256
x = int ( IP Number / 65536 ) % 256
y = int ( IP Number / 256 ) % 256
z = int ( IP Number ) % 256

where % is the mod operator and int is return the integer part of the division

How To Close Port 445 In Windows XP For Good


Even after you disable local file and print sharing, Windows XP still leaves port 445 open and listening for incoming connections. If you are not using local networking, this can pose a security risk. To close this port you need to make a quick change to an entry in the Windows registry.

NOTE: It is very important that if you do not feel comfortable editing the registry or have never done it before that you avoid doing this right away and learn more about the Windows registry. Changing the wrong setting or changing a setting incorrectly can cause Windows to not function correctly.

Please be advised that Vectro Security takes no responsibility for any damage caused to the operating system.

Here are the step-by-step instructions to close port 445 in Windows XP:

Click "Start"
Click "Run..."
Where it says "Open:" type "regedit"
Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
Find the value "TransportBindName" and right-click it to open up a menu of options.
Click "Modify" (it is in bold text)
Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
Click "OK"
Close the registry and reboot.
That takes care of it, now you are much safer from other machines on your local network, or if you are plugged into a cable modem without a router.

Renaming The Start Button:


To rename the start button, you will need a hex editor.
My preference is UltraEdit

Copy the \windows\explore.exe file to a new name (e.g. explorer_1.exe)
With the hex editor, open that file and go to offset 412b6
You will see the word start with blanks between each letter
Edit it be any 5 characters or less
Save the file
Boot to DOS
Copy the existing c:\windows\explorer.exe to explorer.org
Copy explorer_1.exe to explorer.exe
You will also need to replace the explorer.exe in the c:\windows\system32\dllcache file as well with the new one.
Note: If the partition is NTFS and you can't access the files from DOS:

Start Regedit
Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon.
Change the value of Shell from Explorer.exe to explorer_1.exe

How to Clear and Don’t Display Last User Name who Logged In On Windows Logon Screen


Windows operating system, including Windows Vista, Windows 7 and Windows Server, is designed in a way that the last user who logged into the system is remembered, and is displayed automatically on next log in, so that user has to just enter the password to log on. In the Welcome Screen, user account names are listed, or in the case of only single account available, automatically selected to prompt for password. In classic Windows logon box (including the Logon to Windows box after press Ctrl + Alt + Delete shortcut), the user name who logged in most recently is displayed as user name to log on.

The behavior to remember and display the last user name who logged in to the Windows system most recently is built into Windows operating system to allow user to login quickly by just entering password. However, some users may not like the feature as it will give away the identity of user who used the computer. In addition, on common shared PC, there will be additional steps to delete, remove and clear the user name before entering the correct own user ID. User who forgotten to change the user ID on display can accidentally lock other user out if trying too many incorrect password.
Windows provides a registry or group policy trick that instruct Windows not to remember and display the last user name who logged in. Follow the steps below to tweak the registry setting or group policy:
  1. Run Registry Editor (RegEdit).
  2. Navigate to the following registry key:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
  3. In the right pane, double click on DontDisplayLastName registry key value, and set its value data to 1.
Alternatively, the registry key above can be changed and modified via Local Security Policy Editor, as shown in guide below.
  1. Click on Start button, and type secpol.msc into Start Search box, and hit Enter to open the Local Security Policy Editor.
  2. Navigate to Security Settings -> Local Policies -> Security Options.
  3. In the right pane, double click on Interactive Logon: Do not display last user name.
  4. Select and set the radio button of Enabled.
  5. Click Apply or OK.
Once enabled, the name of the last user to successfully log on is not displayed in the Logon Screen.