How to Remotely Access Someones IP Address: 2016

Tuesday, 9 February 2016

What is Internet of Things (IoT) ? (Easy Language)

The "Internet of Things" connects devices and vehicles using electronic sensors and the Internet.

So what is the Internet of things?

Simply put this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cell phones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig. As I mentioned, if it has an on and off switch then chances are it can be a part of the IoT. The analyst firm Gartner says that by 2020 there will be over 26 billion connected devices…that’s a lot of connections (some even estimate this number to be much higher, over 100 billion). The IoT is a giant network of connected “things” (which also includes people). The relationship will be between people-people, people-things, and things-things.

How does this impact you?

The new rule for the future is going to be, “anything that can be connected, will be connected.” But why on earth would you want so many connected devices talking to each other? There are many examples for what this might look like or what the potential value might be. Say for example you are on your way to a meeting, your car could have access to your calendar and already know the best route to take, if the traffic is heavy your car might send a text to the other party notifying them that you will be late. What if your alarm clock wakes up you at 6 am and then notifies your coffee maker to start brewing coffee for you? What if your office equipment knew when it was running low on supplies and automatically re-ordered more? What if the wearable device you used in the workplace could tell you when and where you were most active and productive and shared that information with other devices that you used while working?

Final Conclusion -

The IoT is a begaining of smart world so lets be a part of this awesome world.

What is Damn Vulnerable Web App (DVWA) ? with installation tutorial (Easy Language)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

DVWA is generally used for security professionals this wonderful application can be very helpful as they can practice for loopholes and also how does security for a website can be made they can use 'low','medium','hard' and 'impossible' mode for checking their skills by mastering these skills on this web app.

Steps for installing DVWA on a Virtual Machine Using Fedora 14-

Section 1: Configure Fedora14 Virtual Machine Settings

Start VMware Player
- Instructions
  1. For Windows 7
    1. Click Start Button
    2. Search for "vmware player"
    3. Click VMware Player
  2. For Windows XP
    - Starts --> Programs --> VMware Player
Open a Virtual Machine (Part 1)
- Instructions:
  1. Click on Open a Virtual Machine
Open a Virtual Machine (Part 2)
- Instructions:
  1. Navigate to Virtual Machine location
    - In my case, it is G:\Virtual Machines\Fedora14 - DVWA
  2. Click on the Fedora14 Virtual Machine
  3. Click on the Open Button
Edit the virtual machine settings
- Instructions:
  1. Highlight the Fedora14 VM
  2. Click on Edit virtual machine settings.
Edit Network Adapter

Instructions:
1. Click the Hardware Tab
2. Highlight Network Adapter
3. Select Bridged: Connected directly to the physical network
4. Select the OK Button

Section 2: Login to Fedora14

Start the Fedora14 VM Instance
- Instructions:
  1. Select Fedora14
  2. Play virtual machine
Login to Fedora14
- Instructions:
  1. Login: student
  2. Password: <whatever you set it to>.

Section 3: Open Console Terminal and Retrieve IP Address

Start a Terminal Console
- Instructions:
  1. Applications --> Terminal
Switch user to root
- Instructions:
  1. su - root
  2. <Whatever you set the root password to>
Get IP Address
- Instructions:
  1. ifconfig -a
- Notes:
  - As indicated below, my IP address is 192.168.1.116.
  - Please record your IP address.

Section 4: Disable SELinux

Open the SELinux config file with gedit
- Instructions:
  1. gedit /etc/selinux/config 2>/dev/null &
- Notes (FYI):
  1. gedit, is a text editor for the GNOME Desktop.
  2. /etc/selinux/config, is the file name that gedit will open.
  3. 2>/dev/null, sends standard error messages to a black hole (/dev/null).
  4. The "&" is used to open gedit in the background.
  5. If you are the Linux Guru feel free to use the VI editor instead.
Delete enforcing
- Instructions:
  1. Arrow down to SELINUX=enforcing
  2. Highlight the word "enforcing" and press the delete button
Replace enforcing with disabled
- Instructions:
  1. Replace "enforcing" with the word "disabled"
    - SELINUX=disabled
  2. Click Save
  3. Click the "X" to Close
Open the SELINUX config file with gedit
- Instructions:
  1. setenforce 0
  2. sestatus
- Notes (FYI):
  - setenforce - is used to modify the mode SELinux is running in.
  - Generally, I do not support disabling SELinux. However, we are going to turn this server into a vulnerable machine by later installing Mutillidae.

Section 5: Disable Firewall

Disable the Firewall
- Instructions:
  1. service iptables stop
  2. chkconfig iptables off
- Notes (FYI):
  - Again, I do not support disabling the firewall. However, we are going to turn this server into a vulnerable machine by later installing Mutillidae.

Section 6: Install Apache httpd Server

Download httpd
- Instructions:
  1. yum install httpd.i686
  2. y
Start Apache
- Instructions:
  1. service httpd start
    - This starts up the Apache Listening Daemon
  2. ps -eaf | grep httpd
    - Check to make sure Apache is running.
  3. chkconfig --level 2345 httpd on
    - Create Start up script for run levels 2, 3, 4 and 5.

Section 7: Install mysql and mysql-server

Install mysql
- Instructions:
  1. yum install mysql.i686
  2. Continue to next step
Install mysql
- Instructions:
  1. y
Install mysql-server
- Instructions:
  1. yum install mysql-server
  2. y
Start Up mysqld
- Instructions:
  1. service mysqld start
Start Up mysqld
- Instructions:
  1. chkconfig --level 2345 mysqld on
    - Creates the start up scripts for run level 2, 3, 4 and 5.
  2. mysqladmin -u root password dvwaPASSWORD
    - Sets the mysql root password to "dvwaPASSWORD"
Login to mysql and create dvwa database
- Instructions:
  1. mysql -uroot -p
  2. dvwaPASSWORD
  3. create database dvwa;
  4. quit

Section 8: Install PHP

Install PHP
- Instructions:
  1. yum install php.i686
  2. y
Install php-mysql
- Instructions:
  1. yum install php-mysql
  2. y
Install php-pear
- Instructions:
  1. yum install php-pear php-pear-DB
  2. y

Section 9: Install wget

Install wget
- Instructions:
  1. yum install wget
  2. y

Section 10: Install Damn Vulnerable Web App (DVWA)

Download DVWA
- Note(FYI):
  - DVWA-1.0.7.zip is an older version. ComputerSecurityStudent provides this zip file, since it is no longer available at google source.
  - The most recent version can be found at http://www.dvwa.co.uk/
- Instructions:
  1. cd /var/www/html
  2. wget http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson1/DVWA-1.0.7.zip
    - Grab the DVWA-1.0.7 application.
    - Remember to down the zip file from computersecuritystudent and not googlecode.
  3. ls -l | grep DVWA
    - Confirm DVWA-1.0.7.zip was downloaded
Unzip Package
- Instructions:
  1. unzip DVWA-1.0.7.zip
Remove Zip File
- Instructions:
  1. ls -lrta
  2. rm DVWA-1.0.7.zip
  3. y
Configure config.inc.php
- Instructions:
  1. cd /var/www/html/dvwa/config
    - This is the configuration directory for DVWA.
  2. cp config.inc.php config.inc.php.BKP
    - Make Backup copy
  3. chmod 000 config.inc.php.BKP
    - Remove Permissions to the Backup Copy
  4. vi config.inc.php
    - This is the configuration file for DVWA that handles the database communication from the Web App.
Configure config.inc.php
- Instructions:
  1. Arrow down to the line that contains db_password
  2. Arrow right and place your cursor on the second single quote
  3. Press "i"
    - This puts the vi editor into INSERT mode.
  4. Type "dvwaPASSWORD"
  5. Press <Esc>
    - This takes the vi editor out of INSERT mode.
  6. Type ":wq!"
    - This save the config.inc.php file.
Restart Apache
- Instructions:
  1. service httpd restart
    - Restart Apache
  2. ps -eaf | grep -v grep | grep httpd
    - Make sure Apache is running.
Start up a Web Browser
- Instructions:
  1. Applications --> Internet --> Firefox
- Notes(FYI):
  - At this point, you can start up a web browser on any computer on your network (Windows, Mac, Whatever you want).
DVWA Database setup
- Instructions:
  1. http://192.168.1.116/dvwa/setup.php
    - Replace 192.168.1.116 with the IP Address obtained from Section 3, Step 3.
  2. Click the Create / Reset Database button
DVWA Creation Messages
- Instructions:
  1. You should see the below database created, data inserted, and setup successful messages.
  2. Click on Logout
Login to DVWA
- Instructions:
  1. Username: admin
  2. Password: password
Welcome to DVWA
- Note(FYI):
  1. Click Here for subsequent lessons.

Section 11: Proof of Lab

Proof of Lab
- Instructions:
  1. echo "select user,password from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
  2. date
  3. echo "Your Name"
    - Replace the string "Your Name" with your actual name.
    - e.g., echo "John Gray"
- Proof of Lab Instructions:
  1. Do a PrtScn
  2. Paste into a word document
  3. Upload to Moodle

Sunday, 7 February 2016

How to Crack Windows Password Using Hirens Boot CD

Sometimes we need to handle a situation where we have to reset the password to default or crack the password for security purpose.
In such cases you have to use a software called Hirens Boot CD just download the ISO of the software install it in a pendrive or cd make it bootable and you are then good to go.

Steps for using Hirens Boot CD

1) Enter with pressing F1 into Aero mode as that will be easy for us to understand.

2) Enter “Active Password Changer”

This is the option which will crack your windows password after this follow some steps as below.

3). Select “Search for MS SAM file option "

Now it will search for SAM file and will give you location in case if you have a dual boot then you will get more details about Operating System and location

4). Select the SAM file you want to reset and you will get a option for typing "Y" just press y there inorder to reset the attributes to default.

5). Now just press esc inorder to go back and then inlast type restart.

Now you have restarted your machine you can now see there is no password.

Wednesday, 3 February 2016

How to Access Someones IP Address

Hello everyone today I will talk about How to Access Someones IP Address sometimes we face some problems like someone harass you or abusive activity and they get away after doing so lets talk about how this kind of problem can be solved.

Step 1)

You need to go to a website called http://whatstheirip.com/

Step 2)

After completion of the steps defined there you will getting some links which will be actually be IP grabbing links (check my other blog on IP grabbing) once you get the links you need to make them click on the links by some social engineering you will get the IP address of the person on the email you will provide on the email address you have given earlier.

Step 3)

Now finally you need to visit a website https://www.iplocation.net/
You will see all the details of the culprit with their ISP location and other details all you have to do is that you need some help of local police of your area and they will help you to find out exact number and location.