ZeNmap – The classic way of Nmap

Nmap is a free and open source utility for network exploration and security auditing whilst ZeNmap is a multi-platform graphical Nmap frontend and results viewer. It was originally derived from Umit which was created as part of the Nmap/Google Summer of Code program. ZeNmap is compatible with almost all types of Operating system. I have tested ZeNmap on Ubuntu and FreeBSD and it works pretty fine.


Some basic ‘nmapping’ funs from my Kali Linux Box

Look for visible IP in your network –  nmap -sP 192.168.1.0/24

Check the number of ports opened – nmap -Ss 192.168.1.0/24

Find the operating systems being used in the same network – nmap -O 192.168.1.0/24

You can even check the ACK bit during the TCP handshake authentication – nmap -sA 192.168.1.0/24


Screenshot from 2015-10-19 19:02:35
Tested with instances of several OS running on Vbox


Of course, the world of Nmap is so vast that you will need to go through the Manual to design your own way of exploring the Nmap command. There are many features and capabilities such as Hosts identification, Port scanning, Interrogation of network services, OS detection etc.. How does Nmap work? Since every hosts or device are connected to a network and has some network ports open and is consequently waiting for connections, the Nmap tool initiate connection to the 1000 most used ports whether it is open responding to an incoming connection, closed and has no service running but can respond to probes, filtered; i.e protected by a Firewall, unfiltered; post can be accessed but no chance to determine if its opened or not and the last one is the open/close filtered.

ZeNmap - The classic way of Nmap 1

What is more interesting is the ZeNmap tool where you can scan network using GUI. At this level, parameters are defined like Paranoid, Sneaky, Polite, Normal, Aggressive and Insane.


Screenshot from 2015-10-17 11:37:21
A paranoid scan performed here

 ZeNmap can also be used for firewall evasion techniques, source address and port spoofing, setting flag values on both IP and transport level. Results are also shown through a Map.

Screenshot from 2015-10-20 05:54:29


Adventuring with Pro photomakers of Charles Telfair Institute

“The word ‘photo’ is derived from the Greek word ‘photos’. Adventuring in the world of photons is simply amazing” – Yush of EYELIGHT Studios (main wedding photographer}, a student of CTI and BCS, the chartered institute for IT. The photography world is so vast and profound that I could not prevent myself to blog about it. I was introduced to the different concepts in the world of photography by some students of Charles Telfair Institute. EYELIGHT studios are now emerging in the world of photography after the hard work of these guys from CTI who are evangelizing their talent and skills as  ‘photopreneurs


eyelightstudios
Copyright 2015 -Eyelight Studios

Though as an amateur, I used to shoot pictures with my little Samsung phablet and various point and shoots, the guys of EYELIGHT Studios demonstrated to me there fascinating tools of photography today at Merville beach hotel. I used to see professional pictures but this time I was on the backstage with them. “Mastering the techniques and bringing new concepts forward is a must to excel in this world and we are working to show the world our competence and effectiveness” – Yas of EYELIGHT studios as the main studio photographer. “The managerial tasks, advertisements, and bookkeeping tasks is carried by me and I assured the good running of all projects” – Akshay of EYELIGHT studios also a student member of the British Computer Society and CTI


Their most used equipment to render their task easy are Nikons cameras D7200 D7100 D5300 and D5200. A phantom 4 drone is also available for events, hotel’s marketing aerial shots. Flash photos are performed using speed lights and triggers. combined with soft-boxes and reflectors.

They have accomplished several tasks using Adobe Photoshop, Lightroom, After Effects, Premier, Portrait professional, and other software.

Actions of the Pro Photo makers on the Backstage

20151018_170147

20151018_165803

Here is an idea of the final picture after the shoot without further post-processing.


_YAS1442
Copyright 2015 – EyeLightStudios

You can also contact them for photography and videography events and services. Check them out through their Facebook page.

Update 03 Jan 2019:  EyeLight Studio does not exist anymore. The photographer is now working for his own company. The Facebook page can be viewed at Yush Photo.


Add and extend disk on Virtual Box through LVM

You can easily add and extend disk on Virtual Box through some LVM manipulations. LVM (Logical Volume Partitioning) is a device mapper target that provides logical volume management for the Linux kernel. – Wikipedia. However, I have written a brief introduction about LVM on a previous post – Managing LVM with pvmove – Part 1.

Add and extend disk on Virtual Box through LVM 2


Prior the extension is made you need to assure yourself there that you already know the actual state of the machine’ s hard disk.

Those commands are helpful to perform your analysis before the operation is carried out.

>> fdisk -l

> pvdisplay >> vgdisplay >> lvdisplay

>> vgs >> lvs >> vgs

>> lsblk

 

Here is the state of the disk before the operation is carried out.

centos6

Now, you can get into your Oracle VM VirtualBox Manager to add the new disk.

The steps are :

  • Click on the ‘Settings’ option on the VirtualBox Manager after having selected your virtual machine which you intend to perform a disk extension. In my case, it’s the ‘centos6’ one.
  • Then, on the ‘Storage’ option, next to the “Controller: SATA” there is an icon to “add new hard disk”.

Screenshot from 2015-10-16 07:25:41

  • Once you have click on the “add new hard disk” it will prompt you to “cancel” “choose existing disk” and “create new disk”. Choose “create new disk”. Of course, you can also choose an existing disk, but here we are adding a completely new fresh disk.
  • Afterward, it will prompt a “create Virtual Hard Drive” box. Choose “VDI”. Click on next, then on “dynamically allocated”. Give a new name to your hard disk. In my case, I am adding a new 2GB hard disk. Click on create and you are done.
  • Boot your machine if you are on VirtualBox, then fire the lsblk command to see your new hard disk. See screenshot below. You can also check with the fdisk -l command as well as the dmesg log which is really helpful.

centos6

  • Once the disk is detected, start by converting the disk to the PV using the command pvcreate /dev/sdb. You will notice that if you launch again a pvs the new disk is now on the PV but no part of the PV is allocated to any VG. As you can see in the picture below here is the new sdb which now forms part of the PV
  • Now we will extend the actual VG called vg_labo. Use the command vgextend vg_labo /dev/sdb

Screenshot from 2015-10-16 08:26:27


  • Once this is completed, you can now choose which LV you will extend. I am choosing the LV called lv_root. Use the command lvextend -l +100%FREE /dev/vg_labo/lv_root

Screenshot from 2015-10-16 08:34:42

The disk is now extended. You can also verify with the command df -h. You can also check out the following article on how to perform a pvmove.

Tips:

    • On Virtual Box, you cannot add a new disk if your machine is running compared to VMware. To be able to solve that issue, you will need to shut down the machine to be able to add the disk.
  • If ever after adding a new hard disk, you noticed that the disk is not being detected just stay cool, as you might need to troubleshoot between LUNs on VCenter. Use the following command:

ls /sys/class/scsi_host/ | while read host ; do echo “- – -” > /sys/class/scsi_host/$host/scan ; done


  • You can also use the script rescanscsibus.sh after having to install the sg3_utils package to troubleshoot for LUN detection.

A brief description of the fopen PHP vulnerability

One of the PHP vulnerability that is still being found on many websites is the fopen function in PHP – CVE-2007-0448. You can secure your website by disabling includes when calling the fopen function.


According to cvedetails.com “PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI”

A brief description of the fopen PHP vulnerability 3

It’s usually not recommended to enable the fopen function in the php.ini, however, some developers include it in the code itself for a specific task. Let’s see how this is exploited:

Let’s say we have a page called vulnerability.php containing these code


<?php
$vulnerable = $_GET['vulnerable'];
include($vulnerable);
?>

So, $vulnerable = $_GET[‘vulnerable’]; means to put the ‘vulnerable’ GET property in the variable $vulnerable; i.e GET property that is in the URL. An example is http://mysite.com/page.php?vulnerable=yes&howmuch=Very.


By including the value of the variable ($vulnerable), you allowing an attacker to inject code. Someone, for instance, can try this on his browser

http://www.mywebsite.com/fopen.php?vulnerable=../../../index.php

This will enable the attacker to get into subdirectories and start exploring the whole directory. However, if you are running PHP-FPM for a particular instance, only that particular instance is impacted as PHP-FPM allows you to isolate each running instances within the server.


Internet Speed – How far is your ISP truthful ?

Have you ever notice that your ISP (Internet Service Provider) advertise you Internet package in a very tricky way? One of the best ways to manipulate you is with the use of the technical term such as Bytes and bits. To be briefer its the term Kilobits per seconds (kbps).

However, if you would be browsing the Internet or downloading some files, you would notice that your browser is indicating the speed at Kilobytes per second (kB/s)

Internet Speed - How far is your ISP truthful ? 4

To be more clear, your ISP sells Internet service in terms of kilobits per seconds (kbps) whilst your browser indicates you kilobytes per seconds (kBp/s). The trap is the word b – bits and B – Bytes.


let us say you have applied for a 512 kbps.


Firstly, divide your speed by 8 and multiply by 1024 to convert from kilobits per second to bytes per second; i.e 512 x 1024/8 = 65,536 bytes per second

Then convert from bytes/s to kilobytes/s

65,535 bytes = 65,535/1000 kB/s = 65.5 kB/s 

So, in brief, Internet speed is what is advertised to you and what you pay for! On the other hand, what your browser download speed is What you should get!

512 kbps = 65.5 kB/s

1 Mbps = 122.1 kB/s 

2 Mbps = 244.2 kB/s

10 Mbps = 1220.1 kB/s

Now, make as if you are going to download a 700 Megabytes file. What will happen is that your browser will make an estimation of the Downtime. However, you can monitor your downloads with several tools available on the Internet. Let’s say you have a 1Mbps Internet connection from your ISP which means that your speed will be 65.5KB/s.
 
Calculate the Download time as follows

700 x 1024 = 716800 kilobytes (convert from 700 megabytes to kilobytes)



Therefore, if

65.5 kilobytes downloads in 1 sec (i.e 65.5kB = 1 s) then,

716800 kilobytes will download in 716800/65.5 = 5870.6 seconds

5870.597870598 / 60 = 97 minutes

Assume we have still had to subscribe to a 1 Mb. The trick is that when you buy an internet connection. Your ISP does not inform you or commit themselves to what is required! and evade the fact by using the famous word “up to”!! What I am referring is that you pay the internet connection up to “xxx kbps”
 

This is called CIR – committed information rate. According to Wikipedia, CIR is “Committed information rate or CIR in a Frame Relay network is the average bandwidth for a virtual circuit guaranteed by an ISP to work under normal conditions.”

Therefore the CIR is the minimum speed provided by your ISP. Does ISPs provide that CIR? Is this mentioned in the Law? My understanding is that one cannot complain until that CIR is mentioned in the contract!!.
 


Another issue is something called PEO (Protocol Encapsulation Overhead). When you’re buying, say an ADSL link of 2 Mbps, your line is syncing with your ISP at 2 Mbps over ATM or any other backbone technology. (PPOA. PPOE). Now, the catch is that the Point to Point Protocol over ATM (PPOA), needs to be encapsulated over the ATM media. There is an overhead to do so, meaning you are not effectively getting 2 Mbps Internet Protocol connectivity.