Crazyrobbans Techblogg

Kontrollpanel
Arkiv

Put some tape over your webcam!

02-01-2017 14:12



Ok, so recently I´ve been trying out Metasploit Framework in order to learn more about hacking.

For those who haven´t come across Metasploit, it´s a set of tools for penetration testing, a.k.a "white hat" hacking.
It contains more or less everything you need to hack just about anything.

It´s not a "next, next, finish" type of product
So if you´re expecting to hack your friends facebook account within 15 minutes of installing, you´re out of luck.


After setting up my environment, and reading a few tutorials, it quickly became apparent that hacking someone is a lot easier than I thought.
Not that I thought it was impossible, I just presumed it would be harder than this...

I created a trojan horse for Windows from one of the many templates there are to choose from (yes, there´s a bunch of viruses in there for you naive Mac owners as well),
named it "counterstrike.exe" and didn´t bother to use any advanced settings, so no encryption or anything, and pressed Enter.
What the virus does, in short, is that, when someone clicks it, a process is created, which connects a https tunnel towards my Internet router on port 8080,
which I forward from the router to my own PC.

As long as I have Metasploit running, listening for any connections, my PC will pick up whenever the file is executed on a remote PC.
When it connects, I have control of the remote PC and can do pretty much anything.
I can view the webcam, get a screenshot of the desktop, create files/folders, download files to my own PC, etc.

Now, to be fair, as long as you have a good antivirus, or if you´re running Windows 10, my virus would be blocked.
However, there are lots and lots of tools out there, that will create a unique signature for my virus, to fool any antivirus.
Even worse, is that you can place the virus inside Office files, such as word-documents or excel-files.


So what should you do?


There´s a short answer and a long answer.

In short, learn how to be a safe internet user.
Don´t download stuff from pages you don´t recognise and don´t open mail attachments from unknown contacts,
and not even from the ones you know if it looks shady.

If you haven´t ordered anything online, that e-mail from UPS is probably not legit.

The other part of the short answer is:
Keep your software up to date.
Windows Update installs stuff for you automatically, why would you postpone security updates?

As for the long answer:
Ask yourself, how often do you really need to be admin?

  • Create an admin on your PC with a secure password, remove your own admin status and use the second account whenever you need the permissions.

  • Disable automatic running of macros in Word/Excel.

  • Enable UAC! *

  • For physical security, enable bitlocker.



  • * I know it was annoying when it first arrived, and a lot of computer-savy people turn it off as the first thing to do after installing Windows.
    But, make no mistake, the only thing that blocked me from getting administrative rights to my brothers PC when hacking him, was because of the UAC being enabled.



    ... And put some tape over your webcam!

    Kommentera


    Speed up chrome!

    13-08-2015 09:33


    Edit!
    Use below options with caution. Many users have experienced issues with Chrome after tampering with these settings as of update 49 for Chrome.



    With the release of Windows 10 many people have discovered Microsofts new browser; "Microsoft Edge".

    It´s a good browser, no question about it.
    But personally I´m not ready to give up the beauty of plugins in my browser,
    and Microsoft Edge does not support any plugins what so ever. (Adblock any one?)

    Now, the thorn in my eye is that Edge is fast. Very fast.
    And Chrome has been getting a bit tired as of late.

    Luckily you can speed it up!

    As of today, there´s a few things you can tweak to make Chrome a fast browser again.

    Surf to this url: chrome://flags
    From here, you want to find and set these flags:


  • Enable experimental canvas features - Enable this

  • Number of raster threads - Set this to 4.

  • Maximum tiles for interest area - Set this to 512


  • Click "Relaunch now"

    That should give your surfing experience a little speed boost! :)

    Now, there are of course more simple and obvious ways of improving the speed of chrome.
    Such as removing performance impacting plugins, clearing cache etc. But the internet
    is full of articles about doing so. I´ll leave those kinds of fixes to you, the reader,
    to discover.

    Until next time.
    Kommentera


    Build your own notepad [Tutorial]

    13-05-2015 23:36



    So, after a brief tutorial on how getting things set up with Windows Forms programming with C#
    I thought I´d make a simple tutorial about making a practical program, and why not a notepad?

    This tutorial will cover the basics of creating a simple GUI with Windows forms,
    working with the contextual menu, saving and loading files, and also working with right click context menus

    Alright, let´s code a program!

    Start a new Windows Forms project using C#.
    You should be able to do this now if you´ve had a look at my last tutorial.

    First, we need a canvas to work with, place in your form, a simple "rich text box", a "label" at the bottom and a "Menu strip".

    Place the Menu strip and the label first, as it will take up a predefined space, and you´ll have to adjust the Rich Text Box anyway.



    Click in the Menu Strip object twice to add an object, type "File" and press enter.

    Now do it again to the right of the newly created "File" and type "Edit".


    We´ll begin from there, we´ll get back to the Menu Strip object later.


    Crack your knuckles, and get coding
    Alright, it may look like notepad, but it´s not even a tiny bit of it yet.
    Let´s make something happen.

    Select your rich text box in the design window and turn your attention to the properties box in the bottom right.
    There´s a little flash icon just above "Accessibility", click it.

    Doubleclick in the empty field right of "TextChanged", now you´ll end up in the coding section of Visual Studio.
    As you can see, a function has been created, and it´s tied to whenever the event of text being changed happens.
    The function is currently empty, but, let´s change that.

    Add this line to the function:
    label1.Text = "Chars: " + richTextBox1.Text.Count();

    This will keep track of the amount of characters in your textbox.
    (It´s now already more advanced than the Windows built in Notepad)

    If you want to keep the design a bit more consistent, add this line right beneath InitializeComponent(); :
    label1.Text = "Chars:";

    Your notepad application should look something like this now:


    A program really shouldn´t be named "Form1" though, so let´s change that.
    Somewhere beneath or above label1.Text = "Chars:"; add the follwing line:
    this.Text = "Custom Notepad";
    That should keep any n00bs from noticing that you´re using a custom built program. ;-)

    Moving on.
    Let´s get back to the menu strip.
    In the designer, click File and add the following posts: New, Open, Save as, Save and Quit

    After that, let´s start with the easy one, double click "Quit".
    Yet again, Visual Studio has, as if by magic, created a new function for you, this one controls what happens when you click "Quit".
    Naturally, we want the application to exit, so we´ll simply do that (no safety switch with "yes" and "no" this time).
    In the function, simply type:
    Application.Exit();


    Easy enough. Let´s get kicking with the "New" function as well.
    Double click it, and you´ll be back in the coding area in a newly created function.
    Here, you should use a messagebox with yes/no parameters and what not,
    but for now, we´ll stick to being harsh and simply clear all the text.

    So, type in the following:
    richTextBox1.Text = "";
    This will clear the textbox of any text.

    Now, adding a function for saving, and opening, is a bit more complex.
    Double click "save as".
    In the function, type:
    saveNew();

    Now, visual studio will be mad at you for refering to a function that´s non-existent. Let´s make it happy.
    In an empty space, preferably right below "saveNew();" and it´s closing }, create a new function by typing:
    saveNew()
    {

    }



    You could just put all the code right in the saveAsToolStripMenuItem_Click function, but in order to learn how to code properly, you should create your own functions, and refer to them when events happen.
    This way, you can keep your code a lot cleaner and more understandable.

    Now, saveNew doesn´t do anything, let´s make it do some stuff. Type the following inside the brackets of the function:

    SaveFileDialog saveFile1 = new SaveFileDialog();
    saveFile1.DefaultExt = "*.rtf";
    saveFile1.Filter = "RTF Files|*.rtf";

    if (saveFile1.ShowDialog() == System.Windows.Forms.DialogResult.OK && saveFile1.FileName.Length > 0)
    {
    richTextBox1.SaveFile(saveFile1.FileName, RichTextBoxStreamType.PlainText);
    }

    Now, what this code actually does is almost self-explainatory, but I´ll give a short explenation anyway:
    - SaveFileDialog saveFile1 = new SaveFileDialog();- This creates a new instance of a save file dialog.
    - saveFile1.DefaultExt = "*.rtf"; - The tells the program that the default extension of the saved file should be rtf
    - saveFile1.Filter = "RTF Files|*.rtf"; - This tells the program to only list rtf files in the dialog window, and tells the user that it´s just that, RTF files.
    Also, the last bit checks that the user actually clicked ok, and that there was a name given to the file before saving it.

    Alright nice, now we can save our files. Let´s create a function to open them as well.
    .NET got you covered!

    Earlier we used the RichTextBox predefined function SaveFile, and it´s just as easy when opening them.
    Just create a new function, and call it private void openFile()
    Inside it´s brackets, type (or paste if you´re lazy) the lines below:

    OpenFileDialog openFile1 = new OpenFileDialog();

    openFile1.DefaultExt = "*.rtf";
    openFile1.Filter = "RTF Files|*.rtf";

    if (openFile1.ShowDialog() == System.Windows.Forms.DialogResult.OK &&
    openFile1.FileName.Length > 0)
    {
    richTextBox1.LoadFile(openFile1.FileName, RichTextBoxStreamType.PlainText);
    }


    Next, go back to the design area of the code and double click "Open" in the menu bar.
    Here, refer to our newly created function by simply typing openFile();

    It should look something like this now:



    Ok, so that´s about it for this tutorial. Hope you learned something! :)
    Source code from my tutorial can be downloaded here:


    notepadtutorial.zip


    Kommentera


    C# .NET Absolute Beginners Guide

    03-05-2015 10:49



    This little guide is for the absolute beginner.
    I myself is also a beginner, however, the best way to evolve is to teach.

    So, for the sake of simplicity, I´ll be assuming nothing about the reader,
    except for a slight interest in programming and the ability to download and install applications.

    The Setup

    First things first, you need an IDE (integrated development environment) such as Visual Studio.
    Visual Studio (We´ll be focusing on 2012 Express) is a fantastic tool and very much ahead of the competition.
    It features a slick design, a compiler and can package your programs into neat little setup files for you.
    Best part about it, it´s free!

    Download here: Microsoft
    You´ll need a Microsoft Live account when installing though.

    Once you´ve downloaded and installed Visual Studio, start it up, and start a new project from the File menu.
    Select Visual C# and Windows Forms, name the project something and press Ok!





    Your first code

    In front of you, you now have a "Form". I won´t be going into any detail about it, knowing that it´s what your program looks like will suffice for now.
    On your left, you have access to a "toolbox", you might want to pin it using the little needle icon on top of it. Drag a "Button" from the Common Controls to your form.



    Now, when your button is selected, you have access to a properties form on the bottom right.
    There you can do all sorts of stuff, but since we´re learning C#, let´s stick to modifying the button using code, and not the properties form for now.

    Double click your button. This will automatically take you to the code portion of the form, and it has created a new function for you.
    The function is already assigned a "listener", in this case, it listens for the event of the user clicking the button.

    As in, the function in front of you, dictates what´s going to happen when you click your button.

    Try typing in: MessageBox.Show("I was clicked!"); between the brackets of your function.



    Now, press F5 to run your program. If Visual Studio asks if you want to save, just do so. Try clicking your button. Pretty simple right?
    Close the windows the top right cross and you´ll get back to Visual Studio again.

    Creating a function
    Ok, so let´s make the program do something more than just show a text box. Click the tab "Form1.cs [Design]"



    Add a "listview" and a "Combobox" from the toolbox somewhere on your form, and go back to your code.

    Now, make a new line directly below "InitializeComponent();" and type the following:

    button1.Text = "Add Item"; // This sets the buttons text value
    listView1.View = View.List; // This sets the listviews viewing type to List-mode

    Now, add your own function called itemAdd by typing:
    private void itemAdd(string Name)
    {

    }

    It should look like this now:




    What this means is that we´ve added a private function with the name itemAdd, that takes a parameter called Name.

    Between the brackets, type in:

    listview1.Items.Add(Name);
    comboBox1.Text = "";


    Good, now remove the line with the MessageBox.Show code and replace the line with the one below:
    itemAdd(comboBox1.Text);

    Now you´ve basically made a very simple input form that stores the value you type in a list. :)

    Hope you learned something! I´ll post more advanced pieces of code later on.
    Thanks for reading!
    Kommentera


    The importance of segmented subnets [Rant]

    21-04-2015 10:22


    At hosting companies of small to medium size, smaller customers often get placed into shared
    subnets. This has its problems and its advatages, and I thought I´d ellaborate on that for a bit.

    The not-so best practise
    Several variables needs to be addressed when keeping multiple customers in one subnet.
    The main disadvantage is the administration required when allowing a customer with several servers
    to communicate with each other. Most major brand firewalls lets you define access rules using a servers
    FQDN, while some only allow communication based on IP.

    Obviously, this means that allowing communication between two servers, on the same subnet, while still
    keeping all other customers on the same subnet out, comes with considerable administration. When the customer
    base starts growing and some customers starts to expand, this turns into an administrative nightmare.

    The other option, means sticking with an open subnet, where everything can communicate with everything, and
    the access rules are controlled via Windows firewall (or iptables) on the hosts. This is about as far away from best
    practise as you can get, and I advice you to never touch this, not even with a ten foot pole.

    Other problems with keeping clients within the same subnet is the risk of virus infection.
    You should always use an antivirus, and preferably one with a good reputation. Yet, it might not be enough.
    And when one client gets infected, your entire customer base will get infected.

    Yet another problem is growth.
    If you place a lot of customers, where some will stay with one server for years while some will have as much as monthly expansion,
    you will at some point run out of IP adresses. The odds of a customer growing beyond 253 hosts in a dedicated subnet, is
    small to none.

    A clever way of handling this, is using DHCP for the entire server base in the subnet, but reserving IP adresses for each client host.
    This means that while your customers gets to keep the same IP as if they were static, you can scale the subnet as you wish, while the DHCP
    updates the network configuration on your hosts for you.

    Last, but absolutely not least, if one of your customers hosts gets compromised (hacked, in lay mans terms), the subnet can be scanned for weaknesses from the inside.
    And they will likely be many...

    Still, segmented customer networks are preferable in any situation

    The advantages of this are so numerous I don´t know where to start.
    You can define access rules specific to each customer, where you allow their entire subnet, leaving you free of administration in the case of expansion.
    In the event of compromise or virus-infection, the spread will stop within the subnet and can be easily contained.

    Growth, as mentioned earlier, won´t be a problem.
    The odds of your company having more customers than subnets available from the private range of subnets, are about as likely as you getting hit by a metorite.
    Sure, one customer might become so large, that one /24 net wont be enough, so assign them another one. It wont matter, you can spare it.

    Remember!
    "Back-End" is not a subnet, it´s a definition of what´s not accessible from the internet.

    Kommentera


    Arkiv