Category: Security

ZeNmap – The classic way of Nmap

Nmap is a free and open source utility for network exploration and security auditing whilst ZeNmap is a multi-platform graphical Nmap frontend and results viewer. It was originally derived from Umit which was created as part of the Nmap/Google Summer of Code program. ZeNmap is compatible with almost all types of Operating system. I have tested ZeNmap on Ubuntu and FreeBSD and it works pretty fine.


Some basic ‘nmapping’ funs from my Kali Linux Box

Look for visible IP in your network –  nmap -sP 192.168.1.0/24

Check the number of ports opened – nmap -Ss 192.168.1.0/24

Find the operating systems being used in the same network – nmap -O 192.168.1.0/24

You can even check the ACK bit during the TCP handshake authentication – nmap -sA 192.168.1.0/24


Screenshot from 2015-10-19 19:02:35
Tested with instances of several OS running on Vbox


Of course, the world of Nmap is so vast that you will need to go through the Manual to design your own way of exploring the Nmap command. There are many features and capabilities such as Hosts identification, Port scanning, Interrogation of network services, OS detection etc.. How does Nmap work? Since every hosts or device are connected to a network and has some network ports open and is consequently waiting for connections, the Nmap tool initiate connection to the 1000 most used ports whether it is open responding to an incoming connection, closed and has no service running but can respond to probes, filtered; i.e protected by a Firewall, unfiltered; post can be accessed but no chance to determine if its opened or not and the last one is the open/close filtered.

ZeNmap - The classic way of Nmap 1

What is more interesting is the ZeNmap tool where you can scan network using GUI. At this level, parameters are defined like Paranoid, Sneaky, Polite, Normal, Aggressive and Insane.


Screenshot from 2015-10-17 11:37:21
A paranoid scan performed here

 ZeNmap can also be used for firewall evasion techniques, source address and port spoofing, setting flag values on both IP and transport level. Results are also shown through a Map.

Screenshot from 2015-10-20 05:54:29


A brief description of the fopen PHP vulnerability

One of the PHP vulnerability that is still being found on many websites is the fopen function in PHP – CVE-2007-0448. You can secure your website by disabling includes when calling the fopen function.


According to cvedetails.com “PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI”

A brief description of the fopen PHP vulnerability 2

It’s usually not recommended to enable the fopen function in the php.ini, however, some developers include it in the code itself for a specific task. Let’s see how this is exploited:

Let’s say we have a page called vulnerability.php containing these code


<?php
$vulnerable = $_GET['vulnerable'];
include($vulnerable);
?>

So, $vulnerable = $_GET[‘vulnerable’]; means to put the ‘vulnerable’ GET property in the variable $vulnerable; i.e GET property that is in the URL. An example is http://mysite.com/page.php?vulnerable=yes&howmuch=Very.


By including the value of the variable ($vulnerable), you allowing an attacker to inject code. Someone, for instance, can try this on his browser

http://www.mywebsite.com/fopen.php?vulnerable=../../../index.php

This will enable the attacker to get into subdirectories and start exploring the whole directory. However, if you are running PHP-FPM for a particular instance, only that particular instance is impacted as PHP-FPM allows you to isolate each running instances within the server.


URGENT – STAGEFRIGHT is here – Update your Android now

This is a straight and direct message to everyone on this planet. YOU NEED TO UPDATE YOUR ANDROID MOBILE PHONES, TABLETS etc.. NOW!!



How many amongst you have an Android device? Are you aware that actually, billions of people around the world are impacted by a vulnerability called Stagefright? After the announcement was made on 27 July 2015 by Joshua Drake of Zimperium, I still noticed that there are many people who are not at all aware of this vulnerability and its devastating effect.

URGENT - STAGEFRIGHT is here - Update your Android now 3


What is Stagefright?

“Stagefright has been called the biggest Android security concern ever. It occurs when malicious code is unknowingly triggered by media in multi-media messages (MMS). Stagefright could affect a billion devices, most particularly those running Android Jelly Bean or earlier. This number, if you’ve taken a recent look at the percentages of different Android versions currently in use, is staggering.” – Androidpit.com

You can download the FREE app at the Google Play Store to verify if your mobile phone is vulnerable or not.

The aim of this article is to sensitize everyone to update their Android devices. Please do inform your friends and everyone around you.

Please take note that there are some companies which have not yet released those patch. In that case, I encourage everyone to voice out their opinions with the help of Twitter.

Note: Some Android cannot be patched as the vendor is not sending any updates. In that case, you can disable “MMS on reception”. But that does not keep you 100% safe!



Click here – This may interest Security Experts and Software Engineers.