i am not talking about detecting OS,i want to know they are hosted inside "virutal environment or not",i am wondering how i can detect this with nmap,

Also i dont have money to buy routers ATM,i am looking for some virtualization solutions such as emulators etc?

will it be a good idea?

Need some more suggestions...

1)I have a scene like this,

Assume "A" is a target network on the internet running some windows servers using "XEN" virtualization and some linux servers inside vmware workstations,
 
Now assume i am on some random network on the internet,with different ISP ,I need to detect  or confirm whether the target servers  with any kind of "virtulaization" technology,


Also is there any difference between a OS running inside a "virtual environment" and "non-virtual environment"?with what kind of characters i can identify this?

As my target network is located behind router,I am struggling to determine this,..Looking for some ideas
__________________________________________________________________

2)I am much more interested in Practicing enumeration on a NAT network,
but considering legal issues ,I don't know where to practice this enumeration,Also i don't know where to find a NAT network for practicing,Can any body give some suggestions for this problem?


Hope i will find some help...

As the title says ,i am looking forward to build some strong base in learning Web-Application hacking and exploitation,

For now i am not looking for advanced stuff such as understanding coding,playing inside xamp and wamp locally,

I am just interested in understanding about the basics of those attacks
and how it works? like that...

for now i am looking specifickly to understand basics of the following,
just basics because once i understood the basics of these attacks,

1)sql
2)blind sqli
3)Directory traversal attacks
4)xss
5)CSRF
6)basics of WAF
7)bacis working operation of shells
8)log-in authentication bypass
9)working of WebApplication firewalls and how it is implemented..

I know for sql and blind sqli i can find lot of materials on here and also on hackforums,but my concern is they are mostly looking forward to attack the site instead of focusing on the basic operations of it works..

So please give me some advice/guidance based on your personal experience,...


Hope i will get some specific advice 


Note:I am not a coder ...

yes sir,but i don't have the source code of the web-page,but I know what kind of "language",it is coded in ..

I also believe they have security mechanism like "url filtering" or "query filtering technologies",to restrict those things ,Also i am not just looking to get the "password",because most sites protect their server's password file by using "shadow gaurd",Also sir do you got any suggestions for learning these specific attacks "manually"?



Looks like a good suggestion,But before using those kind of tools,i am trying to understand their working logic,because i am looking forward to improve my knowledge,Also can you tell me other than "grabbing" passwords ,what else we can do with this directory traversal?

just viewing directories?


if possible tell me sir



yes still there should be ways to bypass "query filtering",for ex if / is filtered by the target we can bypass it by including "/" like this .

Also i am looking forward to learn directory traversals other than "../../../etc/passwd " this


any-way thanks for answering my questions

I have been scanning a target  aka website with some pen-testing tools
and i have found that  web-site is  using or supporting many http methods other than HTTP get and post..


Is it really vulnerable to exploitation?

if yes how to exploit these methods "properly"?

Also I want to know how I can "manually" find a site is vulnerable to ./ directory traversal attacks,I know this can be easily done with "accuentix  v6 and 7 " and some other scanners,

but i just want to know how to find those vulnerabilities manually?

Because this is my personal belief (I just don't want to be dependent or limited myself to using tools)

is it possible to do?

Looking for some guidance....

I just found this while i am searching arround the internet," php Intrusion Detection system",

I had some doubts regarding it,so i decided to ask here,

Do you guys using such technology for identifying sql injections,and guys who is looking for xss attacks on your sites and admin page detection,heurestic web-page scannings?

is it worthy to use?


Also as the name says is this is only limited to php based  websites?

Is this php IDS is  visible to the attackers via it's behaviour?(mention here is any)

Also can any explain me what are all the types of web attacks  it can detect?

Is there any open source php IDS Applications available?

Also if possible can any point me to some links/tutorials for installing and configuring  this php IDS ...

Looking for some advice and guidance...

I know it not-legal,but i want to know the possbilities
,is it possible to hack the port on the zombie on which it is  connected to bot-net?

Also i am sure this can not be done in legal ways,
Also can you tell me how can i hack one of the bot with the traffic it sending to me?

is it possible?

if it is possible,then i am having the higher %% of tracking down the source of the attack...

what about routing the "attacks " or "traffic" of "attacking class" sat syn flood and re-direct them to some ip's and filtering them?
and also is there any chances to hack one of the zombie with the traffic send
by one of  the zombie?

did any body tried like this?

also i have seen some companies tracking down the original source of dos attacks with out law enforcing authorities involved,how they are doing it?

any other ways for a common user to detect the source of attack?

Thanks sir,especially to "MaXe" and "mambru",I got some "path" about this,i will try to do some research and some practical demonstrations and i will try to understand this in better way..

Thanks once again.....

I have some questions regarding bot-nets

1)is it possible to reverse attack the bots which is attacking us?
for example say if we got hit by some bots and we have logged their ip address,and instead of blocking them can we set our router to send the packets to them with-out being processes by our routers?Because i think it may also over load some of our band-width ,but at the same time the bots also getting attacked nah?

am i right? is it possible to do?how to configure the router to do such an task?



2) 90% of us may have this problem,
And also we are at the "receiving" end of the attack,instead of contacting isp's,law enforcing authorities for this (in reality they wont care about us much because it is a small attack for them)what are the steps we can do to trace back the attacker?

even tough it was some what complex i think it can be still possible to track them down...


We have some servers or some isp home connections,but when DDos Attacks happens on some "important" time and down our servers,we are trying to contact the hosting's-support team or isp whom are very very slow in responding to our questions,
And even they respond ,it is not suffuicient to us,And also most of the times unless the attackers stop the attack we can not do much things..

I really hate this,As a network professionals(i am not a professional,but asking in general) can't we do nothing other than complaining?

Also what can we do to track the original source of the attack?
I know it is really hard,but i don't think it is impossible to do ...



looking for some ideas...,hope i will get some....

I have a doubt regarding how Firewalls actually filtering out Traffic based on Applications?

Assume U have restricted or filtered the use of fire-fox browser in the network(Kind of application filtering in the firewall)

So Assume a user has installed mozilla fire-fox Application in a pc on the network and started using internet,

In this case how actually an firewall can detect the traffic is orginated from the fire-fox application?

and how it differentiates traffic from 2 different browsers?

Thinked some thing regarding how it get filtered on firewalls ,but i can't able to figure out how?

So please help me by making this thing clear...

hope i will get some explanations....

After i search for a while i had found these words on a ssh tutorial



but they didn't mentioned any thing about how to do it,just said the above as 1 of the alternative,..

if you know the above thing ,please help me out...

i am asking help for making an ssl tunnel between the 2 hosts,how can i do that? tht is my real question,i know to make http and ssh tunnels,but it wont help me in that case,so only asked here..hope u will help more..


yes i can do tht,but even tough we can use it to evade firewalls,but it is not the good way,because admins may get suspicious of the ssh traffic..
So only asked about ssl tunnel...
hope u will understand....



like u said,can u tell me how u managed to made an ssl tunnels between 2 hosts ?

And don't think i am blaming u,please take this as "sportive",attackers are classified in to 2 kinds kiddies and high end attackers,like u said IDS is a good shield against kiddies ,remember it is not a big concern to the high
end attackers,Because mostly IDS are signature based and it is actually easily bypassable by the high end hackers,by deviating or differentiating the attack vector and also u said "I could learn what rules are triggered for each tool",what if they use a own crafted tool,your IDS will be blind
and also if they tunneled their connection through port 80 with a http protocol means what can u do?
again your IDS will be blind...

also want to ask u some thing,if an IDS is set directly to block the traffic,then there is a high risk that it is being detectable to the attacker,As far as i know the best way to have an IDS is to make it running on the passive mode,not on the active mode..


I also learned something from your point,white-listing applications,I have heared this,but i don't know how it is being implemented?is it being implemented by firewall or IDS?

Also i didn't got any answers for my original questions ,hope you will help.


NOTE:@mambru--?please take this as sportive,don't took it on the wrong sense,and if possible please tell me about how to make an ssl tunnel
between the 2 hosts??

I am learning some penetration testing of my own,
I got a scenario,I need to do like this

I have a access to a machine in a target network,I need to maintain the access to the target host with out getting suspected by the remote firewall administrators of the target network,So at first 2 things comes to my mind ssh and ssl tunnels,but when the admins see an out-bound ssh connection,they will get more doubts,So decided to use a ssl tunnel,

1) is there any tools available out there that can provide a tunneled ssl connection between me and that target?

2)Also i am sure if they will have some stateful firewalls ,so if they see an huge amount of out-bound traffic to a specific ip,they will get more suspicious,So how can i manage this?

3)Also they may have IDS in place,mostly a signature based 1,they may have a signature detection for ssl tunnel,how we can use our "methods" to deviate from the IDS signature,I am looking forward to modify or do some changes in the attack pattern,which needs to confuses the IDS and need to bypass it's patterns?

how can i do this?

4)what are some of the other attacks i can use against a state-full firewall?


Looking for some help?...