Thursday, March 24, 2011

Hack Proofing Your Web Server

Most people think firewalls are all they need to secure their IT investment. Firewalls are very 
important, but they are just one piece of the overall security picture. Even with perfect installation, configuration, and maintenance, firewalls still must allow access to your public web servers. Hackers know how to use this permitted access to gain the foothold they need to gain access to your network. The kind of access a wsecuteb server can give them is nothing short of complete administrative control. So when your organization decides to host a web server, you should understand that the server is fully exposed to attack, even if it is behind a top notch firewall. The most critical step towards protecting your public servers from attack is to harden the servers and turn them into bastion hosts.

So what is a bastion host? A bastion host is a server that is configured very differently from typical servers. Typical servers run hundreds of services and programs that are not needed. Most of those services and programs are vulnerable to attack. The premise for building a bastion host is that the server can be divided so that each of its partitions fulfills a specific role. Once that role is understood—web server, mail server, middleware server, etc.—the partition can be secured to serve only that role. All the unnecessary services, executables, protocols, programs, and network ports can then be disabled or removed.

------ If your web server is running on a default installation, you either are going to be hacked, or you are currently hacked----

Building a bastion host is not easy. If the server you are trying to harden is running on Windows NT, or Windows 2000, you have an especially tough road ahead. Win2k and NT are very difficult to harden, but they, especially, must be hardened since more than with Linux or UNIX, the default installation turns everything on. Your job is to turn almost all of it off. Do you really want web server based printing running? Or web based password administration? Of course not, yet the default installation for Windows NT and Windows 2000 turns these functions on, as well as a couple hundred other dangerous configurations as well. This is why the Internet world lost almost a billion dollars to Code Red and Nimda last year. If your Microsoft server was properly hardened, you would not have been affected by either Code Red or Nimda, even if you had neglected to install Microsoft’s security patches. Microsoft security patches are great, and
all administrators should religiously keep up with them, but only server hardening will protect you from future outbreaks. What to turn off and what to remove is the trick.

At Polar Cove we have our own system for hardening servers, and our own standard. Our standard exceeds those of the National Security Agency and the F.B.I. The NSA standards are excellent, and very high, but we have found that more could be done, and so we protect or harden an additional 63 settings. It is important to have a standard in mind; otherwise you will have difficulty measuring your results. As it is with any security plan, it is important to prove, via some sort of measurement and standard, that you did, in fact, accomplish the security you intended.

Why Harden Public servers?

(1) It reduces the likelihood of successful intrusions or attacks.
If you harden to NSA, or other strict standards, you protect yourself from prosecution or regulatory sanction by demonstrating compliance with an accepted prudent due care security standard.
(2) It verifies secure configuration of your systems prior to network deployment, and prior to
exposure to attack.
(3) You can demonstrate to management that your system security measures up against high security benchmarks and standards.
(4) You will be able to require your business partners to comply with a high security standard.


Using these three steps, securing, alerting and auditing, together can increase the level of security of your company’s most valuable asset: its data.




Posted by at No comments:
Labels: , , , , ,

How to Crack CD Protections


how to crack the CD protections… so here is the other part – how to finish the RiPPing by cracking the protection. This will help you w/ the most basic system of protection, called C- dilla, that is the most usual oneChapter I;The programs we will use are 2: first, and Tutorial decompiler – the files we willwork with are in ExE format, and we need a program that will HeX them (transfer to 16 base, hexa, form) and locate the orders given in the code, then we will
find the line we need and change it to remove the protection with... – the second program: we need a program that will *edit* the files, and fetch the right line number we got using the first program… all those action are easly
done w/ the programs: Win32Dasm (the disassembler - decompiler program, added in the dir [root/Win32Dasm]), and Hiew (the editing program added in the dir [root/Hiew]). The programs are added to the tutorial, because Im not so sureyou can find then on a stable location on the net, in the dir [root/programs]. Chapter II: The easy protection.Okay! To save you from reading this entire tutorial for nothing you’re not going to use I made this chapter, because there is a good chance you won’t be needing it!        Some games comes w/ protection as a files in the [/Setup] dir (or rootdir) called:  [00000001.TMP], [CLCD16.DLL], [CLCD32.DLL] and most important [CLOKSPL.EXE]... if you see any of them delete it and the protection should disappear (Important! delete them after making a mirror of the game on your HD, using the info in the next chapter) … if you are still getting an error messagejust keep on reading.
Chapter III: Finding the right file and the right error. The files we are going to work w/ will be the main ExE of the game: you will find it on the CD, in a dir called [/Setup] or [/data], but the easy way to findit is just installing the game, and the ExE that starts the game – will be theExE we need! ... once you’ve got it make some room on your HD, because we are going to copy the hole CD to it… before you do that: some games have am option, when Installing, to Install the full game to the CD (but still needing it toplay), use it if possible, The files you  need to copy are all the game files,in some games it is the root dir of the CD, in others it is the [root/data] dir…the worst case is when the game is inside a CAB file, then you have to use a CABextractor (WinZip 8 should do the job), and if it is protected a different program that can compile CAB format (Ill try to put it on the tutorial aswell). Once you’ve done all that – press the ExE, and if the game opens close it and exit the CD, then press again- you will get an error window! … usually the line goes like: “Error, please enter CD to run game” or “CD error” or “Error reading CD-ROM” .. what ever error you get – write it down and remember it, we are about to look for it in the ExE code, and change it!   Chapter IV: Finding the right line number. Open the first program - Win32Dasm, by unzipping it and clicking on [/w32dsm89.exe], now we have to load the file we know is the main ExE of the game, so click on “Disassembler“ in the main menu, then “Open File to Disassemble...” (Important! Make sure you got 50-100MB free on your HD) before then pick the file from the clone game dir you made in your HD (Important! makea backup of the ExE) … after you’ve success fully w8ed while the program disassembled the file, you will see *a lot * of gibberish… don’t worry! You don’t have to understand what is says (I don’t, and Im not so sure ne1 does… except the programs of course) … (Important! If you can’t read and the font shows only numbers and bizarre letters, click on “Disassembler” in main menu,then “Font…” then “select Font” then pick Arial or something in English) … now you have to find the exact line number out of the 2 million in the file that hasthe error message in it, do that by clicking theString Data references”button, from the buttons menu (under the main menu) – the second one from the right (-your right)… now you get a list of all the lines in the ExE that refersto actions, and you have narrowed the lines from 2 million – to 2 thousand… to find the error message click the first letter it started w/ (for example, if the message was Error reading CD-ROM” click  E) then search till you find the error line you are looking for! … once you’ve found it… it will mark the title, pick the first line, and it should change color to green (that means the linecan be edited and is important)… to be sure you have taken the right line: if there is a line like:“:0044XBCK EB08   ….. (lots of spaces)  …. Jmp 0044EBD8” or: “:0044XBCK EB08                                    ….. (lots of spaces)  …. Call 0044EBD8” or: “:0044XBCK EB08                                    ….. (lots of spaces)  …. Push 0044EBD8”you at the right line, it says the command is a function, effected by the user, and probably the protection we are looking for (notice the words: Jmp = Jamp, Call = Call, Push = Push)… now that we got the right line we have to find her
number! That is done by looking at the bottom of the program window and in the line, that should look similar to this one:Line:*** Pg *** of *** Code Data @:0045821 @Offset 00045821h in file:***.exe“notic the number that comes after the word Offet“ in this line: 00045821h that is the line number! But notice the letter h“ at the end of it – you don’t needit, and don’t forget to remove it from the number, now – the only thing left to do is changing the line and removing the protection! Chapter V: Editing the line. After writing down the line number you can minimize Win32Dasm, because for now we have finished using it. Open the second program: Hiew (added in thetutorial), this is an editor that will work bad for searching the right line, but will do if you know the line number and just wanna change it…Open again the same game ExE you have processed in Win32Dasm. When you enter you see a lot of gibberish, that’s the code, and you need to change it to thedecoded language… do that by pressing the F4 key and then pick the option “Decode“ .. heh! Alot better now... now click F5 key, to search the right line, you will see the line numbers at the left end of the screen is gray, enter theline number you got from Win32Dasm and it will jump you to the right loction in the file... now, this is the difficult part, not hard to do – but hard toexplain, near the line number (just at the right) you will see the command inHeX form, it should be something like  BC1BB3D2D1 that is in HeX code (base 16)which means a number (=byte) is represented by 2 letters/number, so that thegroup (BC1BB3D2D1) is made of 5 bytes: BC – 1B B3 – D2 – D1 ... (10 numbers =5 bytes, 8 numbers = 4 bytes and so on...), we are about to change evrey byte from D1 or BC to 90 this is done by pressing the key F3 (activates Editing option) and pressing, for every byte, the number 90 (90 is the noop number, that will disable the action)... and in our case, the command will change from BC1BB3D2D1 to 9090909090 ... once it is done click the key F10 to save the offset, and exit. Chapter VI: Testing. Now that you have an ExE w/out the error line, activate it from the same clone dir of the game you made to test it, if its working – congratulation! You have just cracked a CD protection! … if you are getting another error message redo the same steps you have do w/ the first error message (in chapters 3-5) tochange it as well (Important! Do it on the same ExE you have edited, and backup this one as well) and then test it again. You might be needed to do it several number of times, until you are getting no error message and the game runs! Chapter VII: Quick order list.
 
- Start without Cd then look at the error message and write it down.- Search the msg in Win32Dasm referance and copy nmber w/out the H at the end!.- Open Hiew, F4 to Decode, F5 to seach the line, and change the command – 90 for every 1 byte.- F10 to save and then get out, don’t forget to test!
 Good luck
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)