Retina: A Network Scanning Tool

In this article, we will learn how to use retina, “a vulnerability scanner” to our best of advantage. There are various network vulnerability scanners, but Retina is industry’s most powerful and effective vulnerability scanners. This network vulnerability scanning tool gives vulnerability assessment experience and generates full brief network vulnerability report.

Table of content

• Introduction to Retina
• Scanning process
• Working of Retina
• Network scanning with retina
• Conclusion 

Introduction to Retina

Retina network scanner allows you to scan multiple platforms. It also provides you with automatic fixes and the ability to create your own audits. It works against all the critical vulnerabilities hence, allowing you to decure you network properly. As it keeps updating its database at the beginning of every session, it is pretty reliable. Retina permits you to scan parallelly by using it’s queuing system to scan up to 256 targets at the same time. You can also execute majority of scans without administrative rigths. It also allows you to perform custom audit scans to inhance you internal security policies. Retina Network Security Scanner is a outstanding solution designed to discover profile and assess all assets deployed on an organization's network. With Retina Network Security Scanner, customers can efficiently identify, prioritize and remediate vulnerabilities such as missing patches and configuration weaknesses.

Scanning Process

For scan to begin the specific details to retina through its GUI. As soon as the scanner will receive the scanning details, it will begin the auditing process. An audit scan covers the following :

·         Targeting : builds a scan list from the address group and discovery options

·         Port scanning : finds out all the open, closed and filtered ports

·         Detecting OS : lets you know about the OS on the target system

·         Auditing : accesses vulnerabilities of each port and their respective services.

Working of Retina

First Retina recovers the list of IPs that need to be filtered then it builds and composes its target list to the eeye_ groups table. The work list contains the work to begin and halt data. Retina at that point starts running the scan. Once targets are filtered, then the completed passages are evacuated from the line record. In case it’s powered down for any reason, this guarantees that a filter will total. At the conclusion of the check, the scanner composes Completed to the eeye_groups table within the filter comes about database (RTD). Suppose the client prematurely ends the work, then the scanner composes Prematurely ended to that table.

Network scanning with Retina

We have downloaded the Retina Vulnerability Scanner from the Offical Site. After Downloading the correct version with respect to our machine, we have installed the scanner through the setup. It is a fairly simple setup to install. After installation, we will run the application which results us by providing 3 tabs, i.e. “Audit, Remediate and Report”. First we will work upon the Audit tab, inside which we have selected “Single-use” after that we are scanning an individual target in Target Type. We will use the IP Address for the target. In the case of “Multiple-use”, we can use a specific IP range too.

After selecting the Target, we must select the port that we want to scan, we have multiple options like, all ports, Common Ports, Discovery Ports, and others. In our scenario we have selected “All ports”.

After selecting the ports, it’s time to select the type of audit, which we want to perform on our target machine. This includes many types with an option to modify. We can craft a personalized audit with the help of options provided. We selected “All Audits”. This took more time in performing the scan, but the personalized scan will take less time.

Now, we got the Options. Here, we have choice to select some additional functionality that we can include in our scan. This includes, OS Detection, Reverse DNS, NetBIOS Name, MAC Address and others. We can also provide the Number of users that we want to enumerate.

Now, we run the scanner, by clicking on the “Scan” button. After hitting the Scan button, the scan starts running and we can see the details of the Scan in Active tab of Scan Job Section. Here we can see that name of the server “Metasploitable” and the Operating System is “Ubuntu 8.04”. We also can see other details of the scan.

Now we move on to the “Remediate Tab”, here in the Configuration Section we can see the Vulnerabilities that were found and we have the option to sort out the Vulnerabilities based on the Name, Category and other criteria. Also, in case of multiple devices, we can generate report sorted by the individual IP address

Next, we will move towards the “Report Tab”.  In this we can select more option to refine our report. This includes sections like: Scan Summary, Vulnerabilities by Category, Top Vulnerabilities, Top Open Ports etc. Apart from this we can also select the type of report that we want. In the below image I have chosen an “Executive Report”.

As you can see from below image we have gained with multiple choices to choose from the Report Type that listed us with many options such as: “Summary Report, Vulnerability Export Report, Access Report, Dashboard Report, etc.” This is one of the most vital features that gives Retina an edge in the market of Vulnerability Scanners.

Here, in our practical we have chosen ‘Executive’ report type as it is the one which is most commonly use in the IT industry. You can see in the above image that, report will cover all the major sections which are scan summary, top vulnerabilities, and open ports and all the important information that is required.

Once the report is generated, you can open it in the browser as shown in the image below. It will record date and time of the scans and report for you too.

Everything in the report will be catalogued for your convenience and the title will be shown in the index as shown below. It will start from showing all the top vulnerabilities in all the way to the bottoms ones.

First in the report is “scan metrics” which gives the brief overview of the scan. This overview will inform you about how many vulnerabilities are exploitable and will also rate the vulnerabilities for you from low to high. It will also show you the time taken by the scan with the exact start and end time.

And further, it will categorise all the vulnerabilities with their basic information just as it’s shown in the image below:

Then it will show you the top 20 vulnerabilities with their name, rise and information along with their count.

Further, it will show you bottom 20 vulnerabilities with their names and other information.

Then, as catalogued it will go on to showing you the top twenty open ports with their names, port number and service. It also includes count which helps to tell the total no. of ports that are running in same service.

And then it tells you about the operating system on the target machine. Which is quite necessary information as it helps you to formulate attack or security policy.

Conclusion

Since the launch of Retina Vulnerability Scanner in 1998, the Beyond Trust Network states that it has sold over 10,000 copies of the Scanner. The Retina Vulnerability Scanner is one of the scanners that have an edge over other scanners as it continuously monitors and improves their scanner with the enterprise security posture. It is the most sophisticated vulnerability assessment solution on the market that is available as an standalone application, a host-based option, or as part of the Retina CS enterprise vulnerability management solution, Retina Network Security Scanner enables you to efficiently identify IT exposures and prioritize remediation enterprise-wide

Linux for Pentester: ed Privilege Escalation

Linux for Pentester: ed Privilege Escalation

Here in this article we are going to introduce a line-oriented text editor command i.e. “ed” which is used to generate, display, alter and operate text files. All ed commands operate on whole lines or ranges of lines; e.g., the “d” command deletes lines; the “m” command moves lines, “t” command copy the lines and so on therefore, now we will check that how we can successfully execute our task of Privilege Escalation by accomplishing all these significant of “ed” command.

Table of Content

Overview to ed                               

·         Summary to ed

·         Primary Action attained using ed

Abusing ed

·         SUDO Lab setups for privilege Escalation

·         Exploiting SUDO

Summary to ed

ed command in Linux is used for initiation of the “ed text editor” which is a line-based text editor. Its minimal interface tendency makes it less complex for working on text files. It helps user to perform many operation like creating, editing, displaying and manipulating the files.

Editing is done in two distinct modes: “command and input”. In the “command” mode “ed” reads command from the standard input and execute to manipulate the contents of the editor buffer whereas when an input command, such as ‘m’ (move), ‘d’ (delete), ‘t’ (copy) or ‘c’ (change), is given, ed enters for its “input mode”.

It is the oldest editor which was developed in 1969 in the UNIX and is succeeded by vi and emacs text editor.

Now type its help command to know more about “ed”.

ed --help

Fundamental activities achieved by “ed”: As we know “ed” does many operation so now we will go through to its entire functionality one by one.

Initializing file with ed: At initial phase the terminal space will seems to be like as below image when command is run .By default, the editor creates an empty buffer to write, similar to the way any other command line based editor works when you invoke it without a file name.

ed

Now we will start to create a text file that contains some text within it. For doing so very first we will press 'a' before entering anything to the file and once we accomplished our task of writing we will enter a period (.) to signify this to the editor.

Note: The main thing that needs to be remember is to use 'a' (initial) and '.' (Final) as the ways to enter and exit the insert mode. Now, to save the buffer in a file, use 'w' followed by a file name of own choice which helps to save file by desired name as well as will also display the total no. of bytes that a file contains, and then 'q' to quit the editor.

ed

a

.

w info.txt

q

cat info.txt

For the confirmation of your created file i.e. whether it has been created or not you can recheck it by using “cat” command.

Edit the file with ed: Now, in case you need to edit the same file again, then it can simply done by passing the name of the file as argument to the ed command, and then following the same procedure as discussed above.

Here in below image I’m adding one more line to my file “info.txt” which I have created above by following same process.

ed info.txt

Note: Every time we need to use ‘a’, ‘.’, ‘w’, ‘q’ command whenever we use any option of ed command.

Change any specific line: Till now we have learnt basic editing using ed, now let's move ahead to discuss more editing aspects by using ed. For example, if we want to make changes in a specific line then how we can attain that operation using ed.

Here in below image it has been shown how we can print any particular line using argument ‘p’ and ‘n’

When we type ‘p’ it gives us the current line at which the control is currently, while on using ‘n’ it gives us the line number as well.

ed info.txt

p

So after typing ‘n’ we simply need to mention that line no. for which we want alteration. By default ‘n’ displays the last line of the file so after that you can type the line no. as per your search.

n

2

5

Once you achieved the line where you want to make change, then you can enter 'c' to change that line by typing the text again. For example, I have changed the 5th line which is the last line of my file, by adding some more detail to it. To recheck my modification I have read my file by using ‘cat’ command and will save file by following same process.

c

cat info.txt

Display error message by the use of ed: When you type something which ed can't understand, it displays a question mark (?) by default. To know more about where you have mistaken ed provides a very helpful option i.e. ‘h’.

ed info.txt

b

h

As from below screenshot it can be clearly understood that when I have used ‘b’ option it gave me (?) which is the symbol of error and while typing ‘h’ ed has displayed the error message as unknown command for option ‘b’.

Copy and move operation by ed: Apart from all above discussed function ed also gives option for copy and paste a line at some other location, in this case we use ’t’ command to copy the line and ‘m’ to move any line. You need to precede’t’ with the line number to which you want to copy, and append the destination line number. For example, as in below image I have copied 5th line to position 0 and will save changes.

ed info.txt

5t0

cat info.txt

In above mentioned command 5 is representing to the line which need to copy and 0 is representing to the line no. for where it need to be copy.

Note: One can also use ‘m’ instead of ‘t’ if he/she wants to move the line to other place.

Search operation using ed: Searching for any line by its keyword can be easily done by ed.  For doing so first we will use “-p%” followed by ed which will prompt you further for your search mission. After that to search forward, enter / followed by the search keyword. The moment at which you press enter, the editor will display the first line (containing the keyword) it encounters. You can run that command again to continue searching

ed -p% info.txt

%/misconfiguration

%/Linux

Here in below image ed has printed only those line as output which consist search keywords i.e. misconfiguration and Linux.

Exploiting ed

Sudo Rights Lab setups for Privilege Escalation

Now we will start to perform privilege escalation for “ed”. For doing so we need to set up our lab of ed command with administrative rights. After that we will check for the “ed command” that what effect it has after getting sudo rights and how we can use it more for privilege escalation.

It can be clearly understood by the below image in which I have created a local user (test) who own all sudo rights as root.

To add sudo right open /sudoers file and type following as user Privilege specification.

test All=(root) NOPASSWD: /bin/ed

Exploiting Sudo rights

Now we will start exploiting ed service by taking the privilege of sudoer’s permission. For this we need sessions of victim’s machine that will assist us to have local user access of the targeted system through which we can escalate the root user rights.

Very first we will connect to the target machine with ssh, therefore, type following command to get access through local user login.

ssh test@192.168.1.31

Then we look for sudo right of “test” user (if given) and found that user “test” can execute the ed command as “root” without a password.

sudo -l

Now after knowing the fact that test user attains sudo rights so, taking this benefit here we can use ed command to access empty buffer to call bash/sh shell, with higher privileges if permitted on sudo.

Conclusion: Hence we have efficaciously exploited “ed” by attaining its functionality after granting higher privilege.  

Steganography: The Art of Concealing

In this post, we will introduce the multiple ways for hiding any text that are based on Audio, Image, Video and White text. For achieving this we will use a method that is known as “Steganography”. The term steganography refers to the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. So here we will check all those methods that can help us for doing same.

Table of content

Introduction

Purpose of Steganography

Methods of Steganography

·       Audio based Steganography

·       Image based Steganography

·       Video based Steganography

·       White text Steganography

Introduction

Steganography is the practice of hiding a file, message, image of video in another file like message video or audio. In general, the hidden message seems like something else like pictures, articles and sometimes shopping list. While the practice of encryption is to protect the content of a message alone, the style of steganography both concerns the disclosure and content of a secret message. Steganography covers data concealed in computer files. So, lets understand this in a better way with the examples. First let’s understand what is the purpose of steganography.

Purpose of Steganography

Effective communication is stegnography. At first you can encrypt and hide a private file inside a picture of another file type before sending it to somebody else. The likelihood of being intercepted will reduce. If you send any encrypted file to someone the other person will try to decrypt it in many ways and possibly, he will be able to do so. But in this case, it will reflect like a normal image and the other person will have no hint that what can be there on the other side of the picture. So, it is always a better and safe way of communication for those organisations where they want to protect their selves from these kinds of attacks.

So, let’s start and see how it works.

Audio Based Steganography

First, we will install a software named deep sound which is meant to convert all our audio files to some other format files. For installation please visit the link given below

https://deepsound.en.uptodown.com/windows

Conceal Approach: Now open the application and click on open carrier files and select a mp3 file behind which you want to conceal the original file.

Here we have selected an audio file behind which we will hide the data as we have done.

After selecting the file, we will now click on add secret file and give any file here which we want to conceal. Here we have opted for a document file.

Here you can further add one more extra security layer which is encoding by putting a password to the file. As you can see that we have given 123 as a password without which it won’t be possible for the other person to open the file.

The file is created successfully.

Now we can share this mp3 file with the other person to continue the hidden communication in the network.

Reveal Approach: The person also needs to open this with same password which we had given for encoding. As the other person enters the password, he will be able to see the concealed content of the file by clicking on extract files.

As the other person enters the password, he will be able to see the concealed content of the file by clicking on extract files and the doc file is extracted successfully.

So, by this tool we have successfully concealed our doc file behind the mp3 file.

Image based steganography

Let’s now hide some text file behind an image file. So, we have installed next tool which is OpenStego.

Conceal Approach:  we will first select the doc file which we want to hide after that we will add the image file behind which we will conceal the doc file and then we will choose a password and the concealed file is created.

Reveal Approach: Now we will extract the doc file by adding the image and then giving the right password and we have extracted the doc file.

Video based Steganography

Now let’s see how we can hide anything behind a Video file. For this we will install the tool Our secret from the link given here.

https://oursecret.soft112.com/

Once it is downloaded successfully. We will now be trying to conceal a doc file behind a video file.

Let’s start.

Hide: So first we will select a video which went to send. So, by clicking on select a carrier file we will choose our video and then that file which we want to hide and then giving it a password and click on hide and our new file is created.

Unhide: Now we will try to open this file with the same tool for unhiding and it will ask for the password. Once you will enter the password, we will get the concealed file here.

Text based Steganography

Now we are moving towards a new idea of steganography which is white space steganography. In this kind of steganography, we will hide text behind the text which will be not possible for anyone to judge. For this we will visit a website

www.spammimimc.com

Conceal Approach: Here we will click on encode and add the text which you want to hide and click on encode.

As you clicked on encode you will see that a new text encoded file is created.

Reveal Approach: To decode this encoded text, we will copy this text and paste it in the box given and click on decode.

And finally, you will get the message which was hidden behind that.

Another Method

Conceal Approach: That’s not all! We can also send this message as a excel file which is hard to detect for anyone. To use this feature, we will click on “encode as a spreadsheet” and enter the text which you want to conceal and click on encode.

Then this generate a new excel file to conceal our “secret message” behind its record.

When we open this excel file it seems a very normal excel file by which no one will get to know the real message behind that.

Reveal: But as we know that there is a hidden file behind this so we will decode this. So first click on decode fake spreadsheet.

Now paste the sheet which we want to decode in the column and click on decode.

Now you will get the real hidden message which was there behind this excel file as we got successfully.

So, it’s very clear that there are several ways of sending safe secret messages by the art of steganography.