PoiNtEr->: November 2011

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Wednesday, November 23, 2011

Hacker’s Diary “10”

 

Hack 5 Protect Your Logs from Tampering

So Welcome guys to second section of hacker’s diary .So today we see how we can protect our log files.

By the time you must be thinking why it is important to protect log file ??

well an attacker more likely leave telltale sign of his action in various logs.This is a very valuable audit that should be protect so that it can help us to figure out how the attacker got in

,or where the attack came from .

So the big question is if Attacker gains ROOT privileges then how to stop him from removing the  traces of his misbehavior?

One useful attribute for protecting log files is append-only. When this attribute is set, the file cannot be deleted, and writes are only allowed to append to the end of the file.

To set the append-only flag under Linux, run this command:

# chattr +a filename

Obviously, an intruder who has gained root privileges could realize that file attributes are being used and just remove the append-only flag

from our logs by running chattr -a. To prevent this, we need to disable the ability to remove the append-only attribute. To accomplish this

under Linux, use its capabilities mechanism.

power_up_linux_with_sysctl_var_optimization

The Linux capabilities model divides up the privileges given to the all-powerful root account and allows you to selectively disable them. In order to prevent a user from removing the append-only attribute from a file, we need to remove the CAP_LINUX_IMMUTABLE capability. When present in the running system, this capability allows the append-only attribute to be modified. To modify the set of capabilities available to the system, we will use a simple utility called lcap (http://packetstormsecurity.org/linux/admin/lcap-0.0.3.tar.bz2).

To unpack and compile the tool, run this command:

# tar xvfj lcap-0.0.3.tar.bz2 && cd lcap-0.0.3 && make

Then, to disallow modification of the append-only flag, run:

# ./lcap CAP_LINUX_IMMUTABLE

# ./lcap CAP_SYS_RAWIO

The first command removes the ability to change the append-only flag, and the second command removes the ability to do raw I/O. This is needed so that the protected files cannot be modified by accessing the block device they reside on. It also prevents access to /dev/mem and /dev/kmem, which would provide a loophole for an intruder to reinstate the CAP_LINUX_IMMUTABLE capability. To remove these capabilities at boot, add the previous two commands to your system startup scripts (e.g., /etc/rc.local). You should ensure that capabilities are removed late in the boot order, to prevent problems with other startup scripts. Once lcap has removed kernel capabilities, they can be reinstated only by rebooting the system.


Note:lcap only work for linux kernel version <2.6.But I am still trying to figure out a way through which I can make it work for new kernel versions also.If you have any idea please share here.

Wednesday, November 16, 2011

Memory Representation Of int data type in C Language

In computer science, an integer is a datum of integral data type, a data type which represents some finite subset

of the mathematical integers. Integral data types may be of different sizes and may or may not be allowed to contain

negative values.Int may be signed or unsigned both have different memory representation.numbers are represented in binary

only without extra symbols, requiring a method of encoding the minus sign. The four best-known methods of extending the binary

numeral system to represent signed numbers are: sign-and-magnitude, ones' complement, two's complement, and excess-K.
1. Memory representation of:

unsigned int a=7;


It is 16-bit data type and all 16 bits are data bit. Well we are here assuming that our microprocessor uses

little-endian method.So before moving any further first have a look on Endianness.


Memory representation:



 

23

Note: same memory representation will be of:

unsigned short int a=7;

 

 

 

 

 

2. Memory representation of:

int a=7 or signed int a=7;


It is 16 bit data type.
15 bit: data bit
1 bit: signed bit
Binary equivalent of 7 is 111
for 16 bit we will add 13 zero in the left side i.e. 00000000 00000111
Here
A is 00000111
B is 00000000


Memory representation:


signed p int

Note: same memory representation will be of:

short int a=7 or signed short int a=7;

 

 

 

 

 


3. Memory representation of :

int a= -7 or signed int a= -7;


It is 16 bit data type.
Binary equivalent of 7 is 111
for 16 bit we will add 13 zero in the left side i.e. 00000000 00000111
since a is negative number so it will first convert in the 2’s complement format before stored in the memory.

1’s Complement of a: 11111111 11111000

+ 1

______________________

2’s Complement of a: 11111111 11111001


Memory representation:



signed n int

Note: same memory representation will be of:

short int a=-7 or signed short int a=-7


Reference:


1:http://cquestionbank.blogspot.com


2:http://c-pointer.blogspot.com


3:http://en.wikipedia.org/wiki/Signed_number_representations

Tuesday, November 15, 2011

Hacker’s Diary 1

Secure Mount Point

WassUp guys !!…Well I am studying too many things about network security and Operating system so I decided to share

that with everyone .So the main aim of my hacker’s diary series is to tell people ways to remain more secure and surf internet freely without any fear of getting attacked .And everyone know what is networking …its all computer coming together and sharing things…with some sharing…and some stealing..  this is one of my own definition but still I don’t have any copy write on that .

so lets start with hard drive. We all known most of our data is stored in our hard drives and it is the primary way of interacting with a unix (or window) machine.So it is desirable to limit what a intruder (I) can access (Open-mouthed smile) if he gains access on your computer.

So one easy way of doing that is  the use of restrictive mount point.

A mount option is a flag that controls how the filesystem may be accessed. It is passed to the operating system kernel's code when the filesystem is brought online. Mount options can be used to prevent files from being interpreted as device nodes, to disallow binaries from being executed, and to disallow the SUID bit from taking affect (by using the nodev, noexec, and nosuid flags). Filesystems can also be mounted read-only with the ro option.

These options are specified from the command line by running mount with the -o flag. For example, if you have a separate partition for /tmp that is on the third partition of your first IDE hard disk, you can mount with the nodev, noexec, and nosuid flags, which are enabled by running the following command:

# mount -o nodev,noexec,nosuid /dev/hda3 /tmp

An equivalent entry in your /etc/fstab would look something like this:

/dev/hda3 /tmp ext3 defaults,nodev,noexec,nosuid 1 2

There are a number of ways that an attacker can still circumvent these mount restrictions. For example, the noexec option on Linux can be bypassed by using /lib/ld-linux.so to execute binaries residing on such filesystems. At first glance, you'd think that this can be remedied by making ld-linux.so nonexecutable, but this would render all dynamically linked binaries unexecutable. So, unless all of the programs you rely on are statically linked (they're probably not), then the noexec option is of little use in Linux. In addition, an attacker who has already gained root privileges will not be significantly hampered by filesystems mounted with special options, since these can often be remounted with the -o remount option. But by using mount flags, you can easily limit the possible attacks available to a hostile user before he gains root privileges

.IRIX.filesystem

Tuesday, November 8, 2011

Know your Google meme.

check out these awesome tweaks by Google...
Do a barrel roll - http://bit.ly/uT7a9E
Google Sphere - http://bit.ly/uXfgyO
Epic Google - http://bit.ly/uGANwB
Google Gravity - http://bit.ly/nLGzd1
Tilt - http://bit.ly/vNtlSn
Google Loco - http://bit.ly/urU8vW
Google Gothic - http://bit.ly/v2VhZm
Google Pacman - http://bit.ly/s1nNin
Google Guitar - http://bit.ly/uiJKH1
Google Pirate - http://bit.ly/tNQmEa
Google Rainbow - http://bit.ly/uNc4cy
Google Reverse - http://bit.ly/vL87YT

Saturday, November 5, 2011

Types of Shell in Linux



Shells plays an important role in Linux and Unix system. Everything that is happening on your distro is either because of the shell or the kernel. Moreover, a backend  shell is initialized as soon as you made a login . There are lots of shells in the Unix and Linux system. Let’s try to know more about them :

What is a shell ?

Shell is the software installed on your system that works as command-line interpreter i.e. it takes the commands you type, interpret them and gives them to operating system (kernel) through system calls to execute. There are many different shells available to choose from in Linux.

C Shell : C shell was created by Bill Joy, while he was studying at University of California, Berkeley. He released it under BSD license, the syntax of C shell is similar to C programming language hence the name C shell.

TC Shell: An improved version of C shell, provides some additional features like command line completion and editing. In most of Linux systems /bin/csh is linked to /bin/tcsh and it alternatives, so when you try to start the C shell, TC shell gets started.

C shell linked to its alternatives

Korn Shell (ksh): Korn shell was developed by David Korn at AT&T Bell Laboratories. It contains may features of C shell and Bourne shell.

Bourne Shell(sh): The default shell in many Unix systems developed by Stephen Bourne of AT&T Bell Laboratories.

GNU Bourne-Again Shell (bash): Bash shell is default shell in most of Linux distributions. Its a free and open source clone of bourne shell. It was developed by Brian Fox for the GNU project. Its the most feature rich shell available and is compatible with bourne shell.

To find out all the shells installed on your system type “$cat /etc/shells”. Your default shell is defined /etc/passwd file.

To switch to a different shell on your system just type the name of that shell (as in /etc/shells) and hit enter.


Z Shell(zsh):  Well The Z shell (zsh) is a Unix shell that can be used as an interactive login shell and as a powerful command interpreter for shell scripting. Zsh can be thought of as an extended Bourne shell with a large number of improvements, including some features of bash, ksh, and tcsh. It includes features like automated spell correction, editing  multiple line command within a single buffer and many more.

Finally My shell....

Vishal Mishra…..I am Back !

Its been a long time since I blogged something actually I got busy with my work but now I am kind of free So my advance new Year resolution is “one post each day”..

Well I think when you are busy you should take out few second out of it to relax and think of things you had done and praise yourself for it ,it will give you

positive vibe to deal the further stress.NOw you all must be thinking  where heck  I was busy!! Well I am in final year of my graduation and now things are becoming tougher

which seem quite easy before and so many things are going around like placement,seminar,major project etc.So I can say that last year is really stressful for every graduate

and same is happening with me also …no big deal though .

Well so what I am up to these days ….

1:Making New Operating system in C

2: Giving  Seminar on Sixth sense technology {all credit to pranav mistry ,I did best I guess} 

               i-iz-busy-at-work-lookin-at-something-

3: Shell application to update facebook status

4:VGA Programming

5:Reading Intel X86 manuals

6:Learning Assembly language {all hacker’s must try this}

7:TCP/IP programming

8:Last but not least Blogging also from now On…..

 

So soon i ‘ll be updating about these things so keep looking and if you have  any query I will be glad to ans that …