DNS Rebinding Attack Using Rebind

Rebind is a tool that implements the multiple A record DNS rebinding attack. Although this tool was originally written to target home routers, it can be used to target any public (non RFC1918) IP address.

Rebind provides an external attacker access to a target router's internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router's WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker.

Important Links

Download rebind

Tested Routers (Affected + Not affected)

Rebind FAQ

Defcon Slides



Kind of interesting vector and I guess many are vulnerable out there.


Read more...

Hack Attack The Networks With Yersinia

Yersinia is a network attack tool that takes advantages of inherent weaknesses of several protocols to attack the network using different attack vectors. Yersinia can prove as a solid tool for analyzing and testing the deployed networks and systems for possible weaknesses.

The protocols implemented for testing using Yersinia are:

• Spanning Tree Protocol (STP)
• Cisco Discovery Protocol (CDP)
• Dynamic Trunking Protocol (DTP)
• Dynamic Host Configuration Protocol (DHCP)
• Hot Standby Router Protocol (HSRP)
• IEEE 802.1Q
• IEEE 802.1X
• Inter-Switch Link Protocol (ISL)
• VLAN Trunking Protocol (VTP)

Yersinia supports number of attacks in all of the above listed network protocols and hence can be used (or misused) to test any network.

The tool works on several operating systems such as OpenBSD 3.4 (with pcap libraries >= 0.7.2), Linux 2.4.x and 2.6.x, Solaris 5.8 64bits SPARC, Mac OSX 10.4 Tiger (Intel), etc.

Installation on ubuntu: Fire up the terminal and type:

sudo apt-get install yersinia

To download yersinia for other distros, go through the Download section of yersinia.


Read more...

Screen Recording Software Solutions For Linux

Windows users have several options to choose from when it comes to the desktop recording (and only paid ones are good generally) but Linux users have fewer options but robust, simple, and best of all, free and open source desktop screen recording tools that we can trust on.

Below are some of the screen recording tools you might want to try:

recordMyDesktop

recordMyDesktop is a desktop session recorder for GNU/Linux written in C. recordMyDesktop itself is a command-line tool and few GUI frontends are also available for this tool. There are two frontends, written in python with pyGtk (gtk-recordMyDesktop) and pyQt4 (qt-recordMyDesktop). recordMyDesktop offers also the ability to record audio through ALSA, OSS or the JACK audio server. Also, recordMyDesktop produces files using only open formats. These are theora for video and vorbis for audio, using the ogg container.

Installation under debian and ubuntu:

sudo apt-get install gtk-recordmydesktop

XVidCap

XVidCap is a small tool to capture things going on on an X-Windows display to either individual frames or an MPEG video. It enables you to capture videos off your X-Window desktop for illustration or documentation purposes.It is intended to be a standards-based alternative to tools like Lotus ScreenCam.

sudo apt-get install xvidcap

Istanbul

Istanbul is a desktop session recorder for the Free Desktop. It records your session into an Ogg Theora video file. To start the recording, you click on its icon in the notification area. To stop you click its icon again. It works on GNOME, KDE, XFCE and others. It was named so as a tribute to Liverpool's 5th European Cup triumph in Istanbul on May 25th 2005.

sudo apt-get install istanbul

Vnc2Flv

Vnc2flv is a cross-platform screen recording tool for UNIX, Windows or Mac. It captures a VNC desktop session (either your own screen or a remote computer) and saves as a Flash Video (FLV) file.

Wink

Wink is a Tutorial and Presentation creation software, primarily aimed at creating tutorials on how to use software (like a tutor for MS-Word/Excel etc). Using Wink you can capture screenshots, add explanations boxes, buttons, titles etc and generate a highly effective tutorial for your users. It requires GTK 2.4 or higher and unfortunately is just a freeware(could not find any source code for it).

Screenkast

Screenkast is a screen capturing program that records your screen-activities, supports commentboxes and exports to all video formats.

If you got any more suggestions, please drop the comment. :)


Read more...

Download Youtube Videos From Command-Line With Youtube-dl

youtube-dl is a small command-line program to download videos from YouTube.com and few more sites. All it requires is the Python interpreter version 2.5 or higher, and it is not platform specific.

This small tool is simple and offers everything you would love to have, but not the GUI. It supports several websites listed as below:

Supported sites

YouTube.com.
YouTube.com playlists (playlist URLs in "view_play_list" form).
YouTube.com searches
YouTube.com user videos, using user page URLs or the specifc "ytuser" keyword.
metacafe.com.
Google Video.
Google Video searches ("gvsearch" keyword).
Photobucket videos.
Yahoo! video.
Yahoo! video searches ("ybsearch" keyword).
Dailymotion.
DepositFiles.
blip.tv.
vimeo.
myvideo.de.
The Daily Show / Colbert Nation.
The Escapist.
A generic downloader that works in some sites.

You can download the tool from GitHub. For more information about the tool, check the documentation. The standalone executable for windows is also available for download from the same github repository.


Read more...

Rootbeer - High Performance GPU Computing in JAVA

Good news for JAVA guys that the high performance GPU compiler has been released that aims to bring high performance GPU computing to the Java Programming Language with the minimal effort from the developer.

Rootbeer is more advanced than CUDA or OpenCL Java Language Bindings. With bindings the developer must serialize complex graphs of objects into arrays of primitive types. With Rootbeer this is done automatically. Also with language bindings, the developer must write the GPU kernel in CUDA or OpenCL. With Rootbeer a static analysis of the Java Bytecode is done (using Soot) and CUDA code is automatically generated.

Rootbeer was created using Test Driven Development and testing is essentially important in Rootbeer. Rootbeer is 20k lines of product for and 7k of test code and all tests pass on both Windows and Linux. The Rootbeer test case suite covers every aspect of the Java Programming language except:
1. native methods
2. reflection
3. dynamic method invocation
4. sleeping while inside a monitor.

This means that all of the familar Java code you have been writing can be executed on the GPU.

GitHub of Rootbeer


Read more...

nmbscan - Network Shares Scanner Based On NMB/SMB/NetBIOS Protocol

NMB Scanner scans the shares of a NetBIOS/SMB network, using the NMB/SMB/NetBIOS protocols. It is useful for acquiring information on a local area network for such purposes as security auditing.

It can obtain such information as NMB/SMB/NetBIOS/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/NetBIOS/Windows domain name, and master browser. It can discover all the NMB/SMB/NetBIOS/Windows hosts on a local area network by using the hosts lists maintained by master browsers.

You can download the version 1.2.6 of nmbscan tool from HERE.

After downloading, extract the files by typing:

mkdir nmbscan && tar -xvf nmbscan-1.2.6.tar.gz --directory nmbscan

Running nmbscan shows pretty much of information about the usage.

samar@Techgaun:~/Downloads/nmbscan$ ./nmbscan 
nmbscan version 1.2.6 - Techgaun - Sat Mar 31 00:04:15 NPT 2012

usage :
 ./nmbscan -L
  -L show licence agreement (GPL)

 ./nmbscan {-d|-m|-a}
  -d show all domains
  -m show all domains with master browsers
  -a show all domains, master browsers, and hosts

 ./nmbscan {-h|-n} host1 [host2 [...]]
  -h show information on hosts, known by ip name/address
  -n show information on hosts, known by nmb name

You can figure out the command line switches as per your necessity while using the tool. I hope this tool counts as useful for you. :)


Read more...

KDE Version 4.8 Is Released With Updated Plasma Workspaces, Apps n Platforms

On 25th January 2012, KDE has released 4.8.0, containing compelling new features and improvements to the Plasma Workspaces, the KDE Applications and the KDE Development Platform. Version 4.8 is intended to provide many new features, and improved stability and performance.

Major KDE improvements in this version are:
Adaptive Power Management - Kwin optimizations, the redesign of power management, and integration with Activities.

Faster, More Scalable File Management - KDE v. 4.8 includes Dolphin with its new display engine, new Kate features and improvements, Gwenview with functional and visual improvements.

Enhanced Interoperability & Introduction of Touch-Friendly Components

Check the official announcement


Read more...

Batch Image Processing Using GIMP

I've previously enlisted few tools regarding batch image resizing in windows. However they are limited to windows only and I was searching for something which was cross-platform. With some search, I found that GIMP loaded with David's Batch Processor would let us resize the images easily.

DBP (David's Batch Processor) is a simple batch processing plugin for the Gimp - it allows the user to automatically perform operations (such as resize) on a collection of image files. Its main advantage is that the user does not have to learn a scripting language. Like the Gimp itself, DBP relies on a graphical interface. The user creates a list of images, and sets up the processing required for each image. The results of the current settings can be displayed. Once the required sequence of operations has been set up, DBP performs the same processing on each image in turn. The images can be colour corrected, resized, cropped, and sharpened, then renamed and saved to a different file in a specified image format.

Check official website for more information on installation and downloads.


Read more...

Bulk Image Resizing Tools For Windows

You will most likely find a situation when you need to resize multiple images at once. One example is while uploading pictures taken from high megapixel digital cameras. I had the same situation and googled to find few useful softwares for windows which I am going to list here.

1) Picture Resizer: An easy-to-use and free standalone tool for batch resizing of JPG pictures and photos. The tool is using high-quality resizing method, where color of each pixel is a weighted average of all covered pixels from the original image. Linear interpolation is used when zooming in. The algorithm is optimized to work with gamma-corrected pictures.

2) Fotosizer: Fotosizer is a free batch photo/image resizer tool. It lets you resize hundreds of photos in a matter of minutes in a quick and easy way. With Fotosizer, you can shrink JPEG image files, along with other supported formats, and dramatically reduce internet transfer times, enabling you to quickly and easily prepare your image collections to be published on the web.

3) Imagisizer: Imagisizer is absolutely the easiest, straight forward, image resizer and
converter around. It supports major image formats such jpg, png, gif and bmp. You need .NET framework for this tool to work which is bundled along with most moder Windows OS I guess.

4) PhotoResizer: Simple tiny sized batch resizing tools supporting multiple formats in input but only jpeg as output.

I hope some of these tools count useful for you as well like they did to me.


Read more...

Lists of Various Steganographic Tools

Steganography is the art and science of hiding information such that only the sender and recipient can read that hidden piece of information. While the cryptography is focussed on making message unreadable, steganography focusses on data hiding and hence combination of both can give better security in most cases.

As mentioned earlier, steganography is the art of hiding information and can be done in many ways. For instance, simplest forms of steganography would be toinsert each character of hidden message in the Nth position of each word in a sentence so that recipient takes Nth letters of each words to reconstruct the message. While this was very basic example, steganography has no bounds and one can hide messages within images, audios, videos, source codes, etc and this involves some sort of creation to increase the obscurity of the hidden message. Wikipedia entry gives far much deeper information on steganography tool and I would like to recommend you to read it.

To make digital steganography easier, numerous tools have been developed and I'm listing some of them here.

1) Hide in Picture: Hide In Picture is a program that allows you to conceal files inside bitmap pictures, using a password. The pictures look like normal images, so people will not suspect there is hidden data in them.

2) wbStego: wbStego4 offers steganography in bitmaps, text files, HTML files and PDF files. It is has two very user-friendly interfaces and is ideal for securely transmitting data online or adding copyright information, especially with the copyright information manager.

3) Hide4PGP: Hide4PGP is a freeware program distributed as source code in ANSI C and precompiled executables for DOS (any version but 1.x), OS/2 (Warp and up), and the Win32 console (9x and NT). It's purpose is to hide any data in a way that the viewer or listener does not recognize any difference. It supports BMP, WAV and VOC file formats.

4) MP3Stego: Hide files within mp3 files. MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream.

5) TextHide: Simple text steganography

6) GifShuffle: gifshuffle is used to conceal messages in GIF images by shuffling the colourmap, which leaves the image visibly unchanged. gifshuffle works with all GIF images, including those with transparency and animation, and in addition provides compression and encryption of the concealed message.

7) Snow: snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.

8) Camouflage: Camouflage allows you to hide files by scrambling them and then attaching them to the file of your choice. This camouflaged file then looks and behaves like a normal file, and can be stored, used or emailed without attracting attention.

9) OpenPuff: OpenPuff is a professional steganography tool, with unique features you won't find among any other free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data covert transmission. Its very advanced tool with support to images, audios, videos, flash, adobe.

10) SteganRTP: Steganography tool which establishes a full-duplex steganographic data transfer protocol utilizing Real-time Transfer Protocol (RTP) packet payloads as the cover medium. The tool provides interactive chat, file transfer, and remote shell access. A network steganographic tool.


Read more...

Mass Youtube Videos Download Using BYTubeD under Firefox

Before going for vacation, I wanted to download some youtube videos and I wanted to download them in bulk but I had no idea. Tried searching firefox addons site and found an addon known as BYTubeD that allows me to perform bulk downloads from youtube.

BYTubeD is a Bulk YouTube video Downloader. It can be used to download all/selected YouTube videos on any page which has some links to YouTube videos, by clicking the BYTubeD menu item in the Tools menu or in the context menu (i.e. right click menu).

Get BYTubeD in Firefox.


Read more...

Stay connected to social networks with Yoono

Yoono is an easy to use application that brings all major social networking sites under a single application. The best thing about Yoono is that it is available for all major platforms and operating systems.

It is available as Desktop app for windows, linux and MAC and also the portable version of the application is available. Moreover, it is available as Browser addon for Firefox and Google Chrome. And both the paid and free(with ads) versions of this app are available for iPhones. So the users can choose any version of Yoono according to their convinience and preferences.

Some of the features of Yoono are:

- Stay connected with major social networking sites Twitter, Facebook, Foursquare, LinkedIn, YouTube, Flickr, GoogleBuzz, Yammer, Friendfeed, MySpace and more...all in one place.

- Update your status and share links, images and video from the page you're viewing across all your networks simultaneously.

- Easily sync the status and update your status across all the sites at once.

The software is available for downloads at yoono.com.

Firefox users can download the addon from HERE as well.

Google chrome users can download the addon from HERE as well.


Read more...

Tools For Customizing Ubuntu Into Your Custom Distro

Hello everybody, I'm listing some of the tools that can be used to customize the ubuntu distro and create your own flavour of ubuntu. I'm saying ubuntu specifically because I've tested them on ubuntu but some work for all debian based distro and maybe some work for all linux distro.

If you want to customize the ubuntu distro, you need an ISO file of the ubuntu of your preferred version. For the terminal lovers, the following two links are very helpful:

Ubuntu Live CD Customization
Ubuntu Install CD Customization

Now for those people who hate terminal and would like to the same thing using GUI, I'm listing here few of the tools that you can use.

1) Ubuntu Customization Kit: UCK is a tool that helps you customizing official Ubuntu Live CDs (including Kubuntu/Xubuntu and Edubuntu) to your needs. You can add any package to the live system like, for example, language packs, applications, etc.

2) RemasterSys: This script creates a livecd of the installed system. You can either make a distributable livecd or backup of your system. The resulting iso file can be used on any other PC that still meets the original minimum requirements of Ubuntu or Debian. Things like the graphics card and other hardware will be configured and setup automatically and you do not have to use identical hardware. Ubuntu's live boot tool, casper, currently blacklists Nvidia and AMD proprietary drivers so they will not be available on the live system and will need to be reinstalled after installation of your custom system.

3) Reconstructor Engine: Reconstructor is a GNU/Linux distribution customization and creation toolkit. It allows for the customization of the Ubuntu GNU/Linux distribution. Customizations include boot logo image and text color, wallpaper, themes, icons, applications, and more. Personally, I didn't like this one very much. Check this site.

4) Live Magic: Live-helper is a collection of programs that can be used to build Debian Live system images. The philosophy behind live-helper is to provide a collection of small, simple, and easily understood tools that can be used in your own program to automate building of a Live system.

5) Live Scripts: Linux Live is a set of shell scripts which allows you to create your own Live Linux from an already installed Linux distribution. The Live system you create will be bootable from CD-ROM or a disk device, for example USB Flash Drive, USB Pen Drive, Camera connected to USB port, and so on. People use Linux Live scripts to boot Linux from iPod as well.

6) Revisor For Fedora: Revisor enables you to customize and compose your own Fedora based installation and live media. It does so by presenting you a GUI with all options you can click your way through, a command-line interface and extended configuration files for more advanced users. Features that Revisor has vary from customizing the packages available during the installation and/or installed on the live media, to fully customizing the desktop environment for the live media.

I hope these helps. :)


Read more...

Shutter : Advanced Screenshot Tool For Linux

The default screenshot tool in linux(I'm using ubuntu 10.10) does not have much features as some of you might have desired but there exists yet another tool known as Shutter that has lots of functionalities as a screenshot tool. Shutter is a feature rich screenshot tool available for many flavours of linux distribution.

With shutter, you can take a screenshot of a specific area, window, your whole screen, or even of a website – apply different effects to it, draw on it to highlight points, and then upload to an image hosting site, all within one window. There are numerous plugins written in Perl and bash included within the shutter as plugins and you can give different sexy looks to your screenshot. So for a blogger, writer and screen-sharer, this tool is a must if you are using linux.

To install shutter, either open the software centre according to your distro, search for shutter and install from there. For ubuntu, you can alternatively type the following from your terminal to install shutter:

sudo apt-get install shutter

To open shutter, click on Applications -> Accessories -> Shutter. Then you can use various features of shutter to take screenshots of window, selection, websites and full screen and then edit your screenshot, hide the sensitive areas and apply effects of your choice to the screenshots.

Some sample screenshots of the tool itself:

GUI of shutter:

Screenshot of website:

Screenshot of selection:

Read more...

Qt4 Development Using Monkey Studio

Monkey Studio is a free and open-source crossplatform Qt 4 IDE. It is developed using the Qt library itself, meaning it will run on any platform supported by Qt 4. This allows you to work on the same project on multiple platforms using the same IDE. Monkey Studio uses the Qt Project file (.pro) to manage the project, and there are no extra files created.

With a active forum and wiki, Monkey Studio IDE offers pretty cool features for developing Qt4 Apps. Its noticeable features are:

- Monkey Studio also features * Advanced, customizable code editor, based on QScintilla.
- Syntax highlighting for more than 22 programming languages
- Templates wizard - create files or projects from templates
- Code restyling - quickly fix/update style of your code using AStyle
- Qt Designer integration
- Qt Assistant integration

To install MonkeyStudio in ubuntu, open the terminal and type:

sudo apt-get install monkeystudio

For downloads for other platforms and more information, visit official website.


Read more...

Nixory - A Light Antispyware Tool

Nixory is a light and handy open source antispyware tool aimed at removing malicious tracking cookies. It currently supports Mozilla Firefox, Google Chrome and Internet Explorer and it runs on all major OS including Windows, Linux and MacOSx.

For more information and download, visit nixory sourceforge page.

Read more...

Putty with Tab using MT-Putty

If you are familiar with SSH, you've most likely used Putty for SSH logins, tunnelling, etc. One bad thing about putty is we need to open separate windows for each connection but TTY Plus has developed MTPuTTY as solution for this.

MTPuTTY (Multi-Tabbed PuTTY) is a small free utility enabling you to wrap unlimited number of PuTTY applications in one tabbed GUI interface. You are still continue using your favorite SSH client, but you are no longer messing around with PuTTY windows - each window will be opened in a separate tab. However, as of now, it is for only windows system.

Features:

All PuTTY features
Supports all PuTTY protocols - SSH, Telnet, Rlogin, Raw. Supports PuTTY session. You can control and change PuTTY command line parameters. You can run PuTTY configuration from within the program.

Automation
Can automatically login the remote servers and "type" your passwords. Can run any script after login. Can "type" a script in several PuTTY tabs simultaneously.

Easy to use
Clear tabbed user interface. Servers are grouped in a sidebar. Taskbar to quick access to basic program tasks. Any PuTTY tab can be detached and converted into a general PuTTY window.

Smart code
Native Win32 code - no need to have any libraries (like .NET, VB etc). Multithreaded automation tasks - freezing in one PuTTY tab will not freeze the other ones.

Download MTPuTTY


Read more...

Real time video capturing and benchmarking with FRAPS

Fraps is a universal Windows application that can be used with games using DirectX or OpenGL graphic technology. This application software can be used for real time video capturing and benchmarking.

In its current form Fraps performs many tasks and can best be described as:

Benchmarking Software - Show how many Frames Per Second (FPS) you are getting in a corner of your screen. Perform custom benchmarks and measure the frame rate between any two points. Save the statistics out to disk and use them for your own reviews and applications.

Screen Capture Software - Take a screenshot with the press of a key! There's no need to paste into a paint program every time you want a new shot. Your screen captures are automatically named and timestamped.

Realtime Video Capture Software - Have you ever wanted to record video while playing your favourite game? Come join the Machinima revolution! Throw away the VCR, forget about using a DV cam, game recording has never been this easy! Fraps can capture audio and video up to 2560x1600 with custom frame rates from 1 to 120 frames per second!

Download Free Version

Read more...

Open Source Anti-theft Solution For MAC, PCs and Phones

Prey is an open source application that helps us track the lost laptops or phones. Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It's lightweight, open source software, and free for anyone to use.

In order to understand more about the project, visit the Official website.

Also try this video tutorial for configuring the Prey application.

I hope it becomes useful for you. :)



Read more...

Wally: Advanced Utility To Change Wallpaper

Wally is a Qt4 wallpaper changer using multiple sources like files, folders, FTP remote folders, Flickr, Yahoo!, Panoramio, Pikeo, Ipernity, Photobucket, Buzznet, Picasa and Smugmug images. It is available in many languages. Supported Linux window managers are GNOME, KDE 3, KDE 4, Xfce 4, BlackBox, FluxBox, Window Maker, and FVWM.

Features
· Runs on Win32, Linux and MacOSX platforms
· History support
· Many wallpaper layouts available on all platforms
· EXIF data available over picture and in system tray tooltip
· Save downloaded photos
· Proxy support

Wally Download Page

It is available in ubuntu repository so you can install easily from ubuntu software center.



Read more...