Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Backtrack Manual Part4
1.
2. Use level 1, (-c 1). This uses the same type of inband, protocol based crash detection as level 2 but instead of pausing the fuzzer it just logs the crash details when a crash occurs and keeps fuzzing. This avoids you having to restart the fuzzer when a false positive occurs but it also means the fuzzer won't be paused when an actual crash occurs. This will result in every request that is sent to a dead target being logged (so basically thousands of crash log files). You can discern which caused the actual crash as it will be the earliest request logged in the continuous linear sequence of crash log files.
3. Use level 3, (-c 3). This is what I always use if possible. It uses out of band, process based crash detection and is not susceptible to false positives. On the down side it requires you to set up crash detection script running on the target computer but that is just a case of running a single command and passing a few extra paramaters to VoIPER.
4. This issue is resolved in version 0.07 but some VoIP applications have an annoying habit of not responding as they should while being fuzzed. As a result, it is recommended to use process based crash detection (-c 3) when at all possible. Macchanger - MAC Changer <br />Synopsis<br />macchanger [options] device <br />Description<br />macchanger is a Linux utility for viewing/manipulating the MAC address for network interfaces. <br />Options<br />macchanger accepts the following options: <br />-h, --help <br />Show summary of options. <br />-V, --version <br />Show version of program. <br />-e, --endding <br />Don't change the vendor bytes. <br />-a, --another <br />Set random vendor MAC of the same kind. <br />-A <br />Set random vendor MAC of any kind. <br />-r, --random <br />Set fully random MAC. <br />-l, --list[=keyword] <br />Print known vendors (with keyword in the vendor's description string) <br />-m, --mac XX:XX:XX:XX:XX:XX <br />Set the MAC XX:XX:XX:XX:XX:XX<br />Example<br />macchanger -A eth1 <br />Wireshark Wireshark is the network analyzer. This very powerful tool provides network and upper layer protocols informations about data captured in a network.Like a lot of other network programs, Wireshark uses the pcap network library to capture packets. The Wireshark strength comes from:- its easiness to install.- the simplicity of use of its GUI interface.- the very high number of functionality available.Wireshark was called Ethereal until 2006 when the main developer decided to change its name because of copyright reasons with the Ethereal name, which was registered by the company he decided to leave in 2006. Install everything that it comes with. WinPcap is a driver that Wireshark needs in order to run. It will be automatically installed when you install wireshark. You can find more information about WinPcap at winpcap.polito.it. <br />Now that we have Wireshark installed lets open it up, so I can show you how to use it. Wireshark should have made a folder somewhere in your start menu called Wireshark. Go ahead and run Wireshark. <br />Wireshark lets you<br /> quot;
seequot;
the data that is traveling across your network. <br />You can quot;
seequot;
what ports a program is using.<br /> You can basically see all the traffic on your network.<br />You can see what comes in and what is going out of your router. <br />You can see so much that it becomes a problem. You end up getting too much data. To fix this Wireshark comes with two very useful filters that we will go over here. The filters allow you to sort the traffic that you have captured making it much easier to read. Well lets start by clicking the Capture link at the top of your screen. Then click Options in the menu that drops down. <br />This is the window that allows you to define how to start capturing data with Wireshark. You can use the Interface drop down box to select which network card to capture data from. There will only be one option here, if you only have one ethernet card. Later on we will modify this page a bit. Now we need to tell Wireshark what to capture. Click on the Capture Filter button.<br />Put First Capture Filter into the Filter Name box. I want you to enter host followed by your ip address into the Filter String box. If you ip address is 192.168.1.2, the Filter String box would contain the following.host 192.168.1.2 We are telling Wireshark to capture everything coming from and going to your ip address. So we will get a log of all the traffic that is coming from or going to your computer. When you have finished those two changes click the Ok button at the bottom of this page. <br />You should now be back at the Capture Options window. Then click the Start button at the bottom of the screen. <br />You are now see packets as they are being sent to and from your computer. You might see a lot of traffic or just a little traffic depending upon how much is going on on your network. If you do not see any packets, try opening up a web page. If you still do not see captured data, then you probably have the wrong Interface selected on the Capture options window. When you have a couple packets, click the Capture option at the top of the screen and then Stop option in the menu that drops down. <br />Wireshark has captured some data as you can see on your screen. There are three frames here. I have labeled them as Frame 1, Frame 2, and Frame 3 in the picture above. Frame 1 shows you an overview of what packets came in and when out of your network. Frame 2 shows more detailed information about a selected packet. Frame 3 shows the hex data of the packet. We only really care about frame 1. <br />The source column tells us where the data was coming from and the destination column tells us where the data was going to. Both of these columns will always have ip addresses in them. The protocol column tells us what protocol that packet was sent with. Which is useful when trying to figure out what ports/procotols a program uses. The info box contains the information that we really need. The info box lists specific requests made over the network. It also lists what ports the data traveled on.<br /> Notice that every time a port is listed it is listed as a pair of ports. Data always travels on ports. It is send out of the source ip address on a port, and then received on the destination ip address on a port. These ports are rarely the same. Keeping that in mind, it is easy to see why there are two ports listed in the info box. The first port is the source port. Notice the > which you can think of as the word to. <br />From the first port > to the second port. I hope that I have explained enough to give you a general feel for the program. Check out the help section of the program for more capture filter options. Notice that there is also a filter box above the data you have captured. This is the dISPlay filter. It works like the capture filter, but allows you to filter data that has already been captured. Click the help button in the dISPlay filter window for examples of how to use it. <br />Snort(IDS/IPS) is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks. Snort was written by Martin Roesch and is now developed by Sourcefire, of which Roesch is the founder and CTO. Integrated enterprise versions with purpose built hardware and commercial support services are sold by Sourcefire.<br />Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data.<br />Konqueror is a web browser and file manager that provides file-viewer functionality to a wide variety of things: local files, files on a remote ftp server and files in a disk image. It is designed as a core part of the KDE desktop environment. It is developed by volunteers and can run on most Unix-like operating systems and on Windows systems, too. Konqueror, along with the rest of the components in the KDEBase package, is licensed and distributed under the GNU General Public License version 2.<br />The name quot;
Konquerorquot;
is a reference to the two primary competitors at the time of the browser's first release: quot;
first comes the Navigator, then Explorer, and then the Konquerorquot;
. It also follows the KDE naming convention: the names of most KDE programs begin with the letter K. <br />Konqueror came with the version 2 of KDE, released on October 23, 2000. It replaces its predecessor, KFM (KDE file manager).<br />Konqueror uses a very capable HTML rendering engine called KHTML. This engine is implemented as a KPart and as such, it can be easily used by other KDE programs. KHTML is also used by the Apple browser Safari. <br />Features of the HTML rendering component in KDE 3.4: <br />HTML 4.01 compliance.<br />ECMAscript 262 support (JavaScript). Notice that ECMAscript can still give problems because websites can detect browsers and choose to ignore Konqueror. Spoofing as another browser will often make sites work anyway.<br />Ability to house Java applets.<br />Cascading Style Sheets: <br />CSS 1: supported<br />CSS 2.1: supported (paged media only partially supported)<br />CSS 3 Selectors: supported<br />CSS 3 (other): Details about the visual media support can be found here. <br />DOM1, DOM2 and partially DOM3 support in ECMAScript and native C++ bindings.<br />Full support for bidirectional scripts (arabic and hebrew).<br />SSL support (requires OpenSSL).<br />Konqueror provides all the functionalities one will expect from a modern file manager, including navigation of the filesystem, file/folder copying, renaming, deletion and creation and application launching.<br />It is also able to display graphic image files and generate an image gallery web page from them. In addition. Konqueror is a standards-compliant web-browser and is perfectly capable of browsing the WWW on the Internet - just enter the website to go to in the Konqueror location bar.<br />The most obvious advantage of Konqueror (for people using KDE) is the great integration with the rest of KDE. And the article you mentioned isn't really that convincing. Of course, KHTML does support XHTML. And the rant about Konqueror being not only a browser but quot;
a file manager, a web browser, a universal document viewer and a fully customizable applicationquot;
is pretty flawed as the first comment points out. Konqueror is actually just a shell for various KParts (comparable to plugins). Those KParts have specific tasks (e.g. there's the KHTML part which renders HTML, there's the file manager part, there are multiple document viewer parts, etc.) and this makes Konqueror a lightweight but still very versatile application.<br />