Learning Metasploit Exploitation And Development

Learning Metasploit Exploitation and Development is an excellent book for understanding and working with Metasploit. This will be definitely help beginners as well as security professionals in learning new tips and tricks on using Metasploit better.

Check this book out here:
 http://www.packtpub.com/learning-metasploit-exploitation-and-development/book 

 

Updating your blackberry OS

 Updating your blackberry OS
So after a great mess, wasting a lot of money I finally figured it how to update my blackberry OS or reinstall one.

So here is the process to help everyone out their struggling with their phones.

1. Install the blackberry desktop software from here.
2. Install the blackberry os for your mobile from here. 
3. Please enable the Show Hidden Files from the Tools options for windows.
4. Now I tried this on Windows XP. Go to C:\Program Files\Common Files\Research In Motion\AppLoader and remove the Vendor.XML file.
5. Next go to C:\Documents and Settings\YOUR_USERNAME\Application Data\Research In Motion\BlackBerry\Loader XML and remove the vendor.xml file again present here.
6. Go to C:\Program Files\Common Files\Research In Motion\AppLoader and click on Loader.exe
7. Follow the steps by clicking next and you should be good to go :)

My Python Tkinter Experience- Building a small calculator with Tkinter

My Python Tkinter Experience- Building  a small calculator with Tkinter (*Still working on it)

from Tkinter import *
import tkMessageBox
import sys
class scanner:
    list1 = []
    def __init__(self,parent):
#        f = Frame(parent)
#        f.pack(padx=300,pady=100)
#        Label(root, text="__main__").pack(padx=0, pady=1)
        self.entrytext = StringVar()
        self.entrytext1 = StringVar()
        Label(root, text="first name", width=10).grid(row=0,column=0)
        Entry(root, textvariable=self.entrytext, width=10).grid(row=0,column=1)
        Label(root, text="last name", width=10).grid(row=1,column=0)
        Entry(root, textvariable=self.entrytext1, width=10).grid(row=1,column=1)
        Button(root, text="ADD", command=self.add).grid()
        Button(root, text="SUBTRACT", command=self.subtract).grid()
       
    def add(self):
        global a
        global b
        self.a=int(self.entrytext.get())
        self.b=int(self.entrytext1.get())
        print "result is", self.a+self.b
#        self.entrytext.delete(0,END)
#        tkMessageBox.showinfo(title='popup', message="hi "+self.entrytext.get())


    def subtract(self):
        global a
        global b
        self.a=int(self.entrytext.get())
        self.b=int(self.entrytext1.get())
        print "result is", self.a-self.b
   
   
root= Tk()
root.geometry("300x300")
calc = scanner(root)
root.mainloop()

The “Indestructible” TDL Botnet

So this time we are dealing with a botnet which has been termed “Practically Indestructible” by Kaspersky Labs. Although this statement really sounds surprising but facts are facts and cannot be changed. The TDL malware family currently has TDL 4 (fourth generation) as its latest inventions. It dates back from the Aleuren rootkit which started back in 2006 and has lately earned the name of “the most sophisticated threat today”. It specializes in the tricks in the box to remain hidden and evade antivirus detection. To add more to the problems, the communications are totally encrypted. It contains a rootkit component for malicious user control and is capable of forming botnets for carrying various offensive attacks like Ddos, spamming, spyware etc.  This bot is well known for hiding in the master boot record of the system and gains control during the booting process. One of the first versions were detected by Kaspersky Labs were in 2008 as Rootkit.Win32.Clbd.a similar to the names of the driver clbdriver.sys, clbdll.dll, which deliver the main payload. It has been specially designed for profit since the authors pay $20-$200 per 1000 bots of infected machines. These are then rented out to others as a botnet for malicious purposes as defined above. It is equipped to wipe off any other malwares which may be previously there on the infected computer to avoid competition from other malwares.

TDL Communications

The communications in TDL 4 take place using the Kad Network. The kad network is a peer to peer network which implements the Kademlia P2P Protocol which is a distributed hash table for decentralized peer to peer networks. The nodes communicated with themselves using UDP in a virtual or overlay network formed by the participant nodes. The TDL attackers may as well manipulate the nodes.dat file to segregate TDL infected bots from other computers on the Kad network. The TDL is also known for downloading other malwares, pornographic and copyright stuff onto the infected machines. The best part of the communications being on a peer to peer network is that there is no centralized server and the communications are distributed in nature. So if any one server gets caught in the act or blacklisted we still have a lot of nodes up in there.

Infection Analysis/Modus Operandi

The TDL is known to be spread by fake blogs, pornographic websites and malicious URLs. The trojan has also been found in peer to peer downloads, torrent files, software crack exe’s and a lot of good websites which have been owned in the act and planted with these exploit downloads.

Functionality of the TDL

·         Generating web traffic

·         Installing pay per install software

·         Generating sales lead for other websites

·         Manipulating web search results to redirect users to malicious sites

·         Displaying bogus pop up advertisements

·         Downloading other malicious softwares, malwares to increase infection on the system

·         Protecting the registry keys and files which might be critical

·         Injecting malicious code in various system processes as well as hiding networking ports

TDL BSOD Incidences

MS10-015 / KB977165 patches by Microsoft caused the relative virtual addresses to be changed for certain APIs thereby calling invalid addresses. This in turn caused blue screen of deaths for the systems having infected driver files such as atapi.sys. To add in to the confusion the user was stuck in an infinite loop of system restarts since the system failed to start on because of the infected driver file. Even the safe mode option did not work and the infected user was left alone to reinstall the infected driver to restore his usability.

Few of the common drivers which got infected by TDL other than atapi.sys are - iastor.sys idechndr.sys ndis.sys nvata.sys vmscsi.sys.

Removal tools by various Antivirus Vendors

·         Backdoor.tidserv removal tool by Symantec

http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

·         Removal tool by Bitdefender

http://www.hotforsecurity.com/blog/free-removal-tool-for-tdl4-available-now-1106.html

·         Kaspersky TDSS Killer

http://download.cnet.com/Kaspersky-TDSSKiller/3000-2239_4-75722087.html

Suspected Ip address and domains

As per symantec’s research, listed here are a few ip addresses for which access should be blocked using a firewall on the user computer

·         1il1il1il.com

·         69b69b6b96b.com

·         b00882244.cn

·         b11335599.cn

·         countri1l.com

·         d45648675.cn

·         d92378523.cn

·         gnarenyawr.com

·         ikaturi11.com

·         jukdoout0.com

·         lkaturl71.com

·         m3131313.cn

·         ranmjyuke.com

·         rinderwayr.com

·         stableclick.com

·         stableclick2.com

·         swltcho0.com

·         updatemic0.com

·         updatemic1.cn

·         updatepanel.us

 

References

https://www.damballa.com/downloads/r_pubs/Damballa_2010_Top_10_Botnets_Report.pdf

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99

http://www.popsci.com/technology/article/2011-06/new-tdl-4-botnet-really-indestructible

http://www.securelist.com/en/analysis/204792180/

http://news.cnet.com/8301-13506_3-20075725-17/tdl-4-the-indestructible-botnet/

http://en.wikipedia.org/wiki/Alureon

http://www.darkreading.com/end-user/zeroaccess-botnet-surges/240012561

http://www.securelist.com/en/analysis/204792131/TDSS

http://antivirus.about.com/od/virusdescriptions/p/Tdss-Aka-Tdl-A-Botnet-Framework.htm

http://en.wikipedia.org/wiki/Kad_network

http://en.wikipedia.org/wiki/Kademlia

http://www.symantec.com/connect/blogs/tidserv-and-ms10-015

 

Drupal7 Release party at IIT DELHI

Am here :D

Drupal7 Release

Hey all

The Drupal 7 Release Party is a worldwide event to celebrate the imminent release of Drupal 7. Jan 7, 2011 is not the exact release date. The idea is to have a two day event - a celebration of drupal - technology and community.

Drupal 7 Release Party by Delhi Drupal Community
on Jan 8-9, 2011 - 10AM - 6PM
at Indian Institute of Technology, Delhi

This is a community event and is open for all. Anyone can participate. Drupal Love is a good to have for the meet. There are no participation fees.

Want to contribute to organising the event - check out the event planning wiki

Venue
The final venue is:
Room No. 501
Bharati Building
IIT Delhi

Contact
For details contact either: @kinshuksunil, @1sud, @abhisheknagar on Twitter
Use hashtag #d7rp and spread the word.
Contribute to organising the event at the event planning wiki.

You can also reach out Kinshuk at +919910024895

Schedule
(suggest edits on the event planning wiki. this page is only editable by kinshuk)
Day 1
10.00-10.30 : Welcome
10.30-13.00 : Hands On Introduction to Drupal 7 byAnkur Saxena (flyankur)
13.00-14.00 : Lunch
14.00-17.00 : Hackathon - Building a Blog, Brochure Website, Community Website with Drupal 7 by Kinshuk Sunil (kinshuksunil)
17.00-18.00 : Drupal Quiz

Day 2
10.00-13.00 : Developing Drupal Modules Workshop by Sudhir Porwal (sudhirporwal)
13.00-14.00 : Lunch
14.00-17.00 : Theming Drupal Workshop by Gaurav Mishra (gaurav_m)
17.00-18.00 : Cutting the Drupal 7 Cake and networking

Parallelly, Day 2 will also have an ongoing hackathons

• Drupal 7 Translation Sprint : http://groups.drupal.org/node/113499
• Drupal 7 Documentation Sprint
• New website for OSScamp.in
• Suggest more on planning wiki

--
We have a lot of expenses that need to be covered and some equipment needed on the venue. Check out theevent planning wiki to help arrange these.
Bring your own laptops, powerstrips, datacards and wifi routers with you to the event.

Sign up here and invite friends as well.

More Info: 

 Event Planning Wiki

Sign up for Release Party by Drupal User Delhi/NCR