2014年1月9日 星期四

How to view the original mail information from gmail? (mail header)

Gmail is a Web mail. We use  "View Source" on the page, that is page's code only. If you want to see the original letter of information, they can actually from the top-right corner of the letter Reply button and drop-down arrow beside it right to expand more options. Choise "Show original "(will open another web page) to see the original information about this mail.
 Dorp-down arrow beside right  "Replay" than choise「Show original」.

2014年1月2日 星期四

Setup and Execute OpenVAS on Kali

It is said that OpenVAS is a branch of Nessus. After  Nessus 3.0 being  to change the license,  must pay for commercial use, or free download the Home Edition (limit personal use only).
The version Nessus 5.x can download from http://www.tenable.com/products/nessus/select-your-operating-system, as yet registered after the download activation code ( http://www.nessus.org/register/ ) to update plugins.
OpenVAS will remain open source license, and Plugins constantly updated, be an alternative to Nessus outside, Kali (another version of BackTrack's) has built OpenVAS, but not completely installed, or is installed in the main program, but other related modules (similar to the Nessus plugins) is not installed, so use OpenVAS Kali must be completed on a this setting, follow these steps (only the first user to perform):
root@kali104:/# openvas-mkcert -q                        ;establishment of SSL Server Certificates
root@kali104:/# openvas-mkcert-client -n root -i     ;establish the credentials Client
root@kali104:/# openvas-nvt-sync                          ;download (filled) plugins, please be patient it done
root@kali104:/# openvassd                                    ;execution (load) openvas the service, please let it needs to perform heart
root@kali104:/# openvasmd --rebuild                     ; reconstruction OpenVASE database
root@kali104:/# openvas-scapdata-sync                   ;sync scapdata
root@kali104:/# openvas-certdata-sync                    ;sync evidence
root@kali104:/# openvasad -c add_user -n admin -r Admin              ;create an administrator account root
root@kali104:/# openvas-check-setup                     ;checking whether fully installed OpenVAS
root@kali104:/# openvas-adduser                          ;Set up user accounts 
openvas-mkcertSSL certificate is established, the parameter-q straight to the default value is created, if not the parameter-q, will gradually ask.
openvas-mkcert-clientClient certificate is established, the parameter-n [NAME] Specifies the user name and user registration OpenVAS Scanner, parameter-i is attached to this certificate OpenVAS Manager, establish information will exist / var / lib / openvas / users /  directory
openvas-nvt-syncupdate OpenVAS Pluginss utility from after Kali Image has now been established there are many updates, so execution openvas-nvt-sync after a long time to wait!
openvasmdThis is openvas management programs, - rebuld rebuilding database
openvasadOpenVAS Management is "manager" style public works, can view the available parameter-h
root@kali104:/# openvas-nvt-sync                          ;remember to frequently update
root@kali104:/# openvasmd --rebuild                     ;After the sync finished, let it run about rebuild
root@kali104:/# openvas-scapdata-sync                   ;sync scapdata
root@kali104:/# openvas-certdata-sync                    ;sync evidence
root@kali104:/# openvas-scanner start                     ; in / etc / init.d /
root@kali104:/# openvas-manager start
root@kali104:/# openvas-administrator restart 
root@kali104:/# greenbone-security-assistant restart

You have to run above command every time that sytem restarted. So, you can write them to a bash file as: 
#! /bin/bash
clear

openvas-nvt-sync

openvasmd --rebuild
openvas-scapdata-sync
openvas-certdata-sync

openvas-scanner start

openvas-manager start

openvas-administrator restart
greenbone-security-assistant restart

For example,  save above text to file '
run_openvas'
and
chmod + x run_openvas
Now, you run them ty type
. / run_openvas

After server is up,  How can we to perform scan task? In the Browser(ex, IE, FireFox...) browse to
https:// 
<openvas-server的IP> : 9392 / /
Port 9392 is greenbone-security-assistant port through greenbone-security-assistant UI interface provided on OpenVAS on the target computer can scan!

 

After note: I have to sync openvas-nvt-Sync, openvas-scapdata-Sync  spent a total of two days, because the download speed may be too slow, there are only a few dozen-Byte to a dozen-KB speed, during downloading also take to break, so the first time be more patient!

2013年11月28日 星期四

My first experience of digital forensics

   Recently set up his own digital agency forensics team to collect evidence and analysis of the sources of information security incidents and why , fortune and misfortune , and I was one of the members.

   Authorities commissioned a professional manner to project the development of relevant procedures for our company and arrange for nearly 150 hours of training , curriculum Han forensic tools (Encase Forensic), evidence collection tools (Encase Forensic portable, Helix Pro), OpenSource Tools, various types of evidence pattern interpretation and analysis of forensic evidence methods and AntiForensic countermeasures. Executives believe that to be able to defend , we must understand the methods of attack , so in addition to forensic knowledge, but also learn hacking techniques analysis and penetration testing skills. 

    Relatively simple scene evidence collection , anyway, is the scene may exhibit buckle back, out of the forensic work is difficult , after all, from a bunch of digital data to find real evidence , the original is a bit like a haystack needle , not to mention hackers ( If it is ) able to hack into the internal organs , is not Dengxianzhibei , how could not cover their tracks , so to find a few laymen trained forensic really accomplish the task ? ? ? 

    This is my last year to participate in information security protection training, the second time in such a complete education and training, although training, but did not practice environment , many of which are on paper, in Taiwan Criminal Law Chapter 36 prevent computer crimes, casual "test" someone else's computer , but will be sued , there is no combat training as endorsement of the same for a long time to forget ! 

    The digital forensics training is the same situation , refresher courses and three months to forget half the year authorities need to have a few pieces of forensic cases ? Mention we are part of this group work, usually work still to be taken into account, the business will more and more forensic work will only be reduced embellishment , boss ! Please do not expect us to be able to produce more good results !

My penetration testing operations (start a) - the first day of defeat

Mentioned before about penetration test , so take advantage at home on the Sunday.
Accordance with the general penetration testing steps, the first step is to gather information, the results of these two sites is not Home website, Domain name is registered in the company's internal DNS server, so the first trick taught Whois gather information, immediately block off:! {
One site (termed temporary system to A) also is retricted client's IP, and the entrance is Load Balance server, can not come into contact with the real Web Server, want to try the operation does not work at my home, alas! But the company has installed IDS ( Intrusion Detection System) and the WAF (Web firewall), For a beginner, it would be too tight defense it! So the second step, the first contact, use NMAP scans have all been dropped.
So the first day got full failure ! I couldn't collect useful information. The information may not be used is a kind of information it! At least know that these methods are not feasible.