9/17/09

Flawfinder – Source Code Auditing Tool

Darknet spilled these bits on September 16th 2009 @ 9:46 am
Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. It’s a static analysis source code auditing tool.

Flawfinder is specifically designed to be easy to install and use. After installing it, at a command line just type:

flawfinder directory_with_source_code

Flawfinder works on Unix-like systems today (it’s been tested on GNU/Linux), and it should be easy to port to Windows systems. It requires Python 1.5 or greater to run (Python 1.3 or earlier won’t work).

Speed

Flawfinder is written in Python, to simplify the task of writing and extending it. Python code is not as fast as C code, but for the task I believe it’s just fine. Flawfinder version 0.12 on a 400Mhz Pentium II system analyzed 51055 lines in 39.7 seconds, resulting in an average of 1285 analyzed lines/second. Flawfinder 1.20 and later will report their speed (in analyzed lines/second) if you’re curious.

How it works

Flawfinder works by using a built-in database of C/C++ functions with well-known problems, such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family), format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()). The good thing is that you don’t have to create this database – it comes with the tool.

Flawfinder then takes the source code text, and matches the source code text against those names, while ignoring text inside comments and strings (except for flawfinder directives). Flawfinder also knows about gettext (a common library for internationalized programs), and will treat constant strings passed through gettext as though they were constant strings; this reduces the number of false hits in internationalized programs.

You can download Flawfinder here:

flawfinder-1.27.tar.gz

Or read more here.

9/15/09

Free Screen Sharing and Remote Access Web Tools

How many times it had happened that a person has got a PC problem and the expert is away at some remote location. First person is trying to explain the problem on phone, but not able to explain every detail, and wishes that it would have been better if he was able to share the screens live and the expert could have seen the action live, in front of his eyes.No issues, there are not one, but many applications for screen sharing.

These are all free, and besides rectifying the PC problems remotely, they can be used for collaborative working on with your friends and colleagues. They can also be used, if you want to access files on your PC from a remote location.

So, here we go,

Screen-Sharing and Remote-Collaboration Web tools

1. CrossLoop: Full functionality, simple and clean user interface and fast. I like it. Somewhere I read that it has been included in the best 10 downloads of the year, probably by CNET, (Update courtesy Techblissonline.com: PCWorld)

2. Mikogo: It uses industry-leading 256-AES end-to-end encryption and so is secure. It can be used by upto 10 persons simultaneously. Designed nicely, with a very user friendly platform.

3. TeamViewer:
Full featured application. Many modes, the initiator can decide the level of sharing, whether full access or part. Data transfer is encrypted and secure.

4. Yuuguu: A useful application, for both Mac and Windows, and offers full functionalities of screen sharing, collaborative working and also remote access. It also has a chat functionality, which you can use while you are giving or taking help from somebody else. What’s more, it allows you to keep a record of all the conversation.

5. Unyte Lyte: A relatively simple web tool, which doesn’t offer any remote control feature. But a nice advantage is that you can itegrate it into your Skype client.

Besides, these screen sharing tools, there are other web tools also which give you remote access.

1. SoonR: It extends the remote access facility to your mobile also.

2. FolderShare: It supports both Windows and Mac. It si a free utility from Microsoft and with it you can share files upto 2GB in size.

Xp-AntiSpy | Control Running Windows Processes and Tasks

Ever since I have started learning more and more about Windows Performance and Windows Security, I am finding that most of the online threats can be avoided by some basic precautions and Windows Privacy / Security settings. Extensive features and options are available in our Operating System, which we either ignore either because we do not know about them, or we treat it as a hassle.

For instance, Windows Processes. There are so many Windows Processes running in the background that most of us seldom care to think about them. But a look at the running Windows Processes reveals a lot about the current behavior of your PC. If you are careful, then it can tell a lot.

But there is a small utility, which can help you a great deal here. Welcome to XP-AntiSpy.

his utility is developed and supported by Chris individually. Xp-AntiSpy is a little utility that lets you disable some built-in update and authentication ‘features’ in WindowsXP. In fact, it does much than simply controlling / disabling Windows Processes and tasks. It makes Windows more transparent and controllable. You get to know, what is running in the background, and allows you to control them from one place and that too in in simple, understandable language And the best part is, this utility is totally FREE.

Zamzom – Freeware Parental Control Software

CyberBullying is one of the evils associated with the immense utility of Internet. There are lots of cases, when kids and teens have been harassed and abused for evil intentions. And parents of the children are always on the lookout of an easy way through which they can exercise a control over the access of their wards on Internet.

here are some obvious but very important precautions, which we should encourage the kids to follow, while being online.

* Never give out personal information, including name, address, school or employment, telephone or cell number, personal email address or pictures to someone you do not know personally.
* Never respond to solicitations or comments that make you uncomfortable.
* Never make arrangements to meet someone you have met online. Adults who want to meet people they have met online, should arrange to meet in a public place and with current friends.
* Never believe everything you read in a profile, on a message board or in a chat. Often, people pretend or role–play, either for entertainment, to hide or for other ulterior motives.
* Never submit your personal information or credit card data to an unsecured site.

ZomZom is a Freeware Parental Control Software, which bridges this gap perfectly. This Free Parental Control Download can reveal vital stats about the online presence and activities of your child. This recently launched but popular kid-safe software allows you to

* Save url and image history.
* Take a screen-shot of the desktop at regular intervals
* Alert parents by email
* Block websites or ip addresses
* Inform parents which programs have been used
* Inform parents which websites have been visited

So as a parent, you are fully informed and in control of what your children are doing when online.

Zamzom Control has a very user-friendly interface and does not require any specific computer knowledge. You can use the Zamzom Control anytime, as it is always available in your system tray, although I didn’t like many programs to stay memory resident in my system tray because of cluttering.

It is recommedned that you should clearify everything about this useful Free Parental Control Software Applicationto all the users of the computer and take them into confidence for obvious reasons.

Download Zamzom - Freeware Parental Control Software

[Freeware]-4 Secured FTP (SFTP) Client Software for Safe FTP

What is Secured FTP?

Secured FTP, is the process of transfer of files from one system to the other, through a secured protocol. It is different from simple FTP, File Transfer Protocol because here both the data and commands are exchanged in a secured and encrypted connectivity, generally provided with the SSH (Secured Shell) Protocol.
Are SFTP Clients different from normal FTP Clients?

Since the data is being exchange through a completely different protocol, you need compatible systems at both ends. You cannot use a normal FTP at at the client side with a SFTP server and vice versa. It is a different story that many FTP clients allow to use themselves in both modes, both Secured FTP Mode as well Normal FTP Mode.

Which are Best Free Secured FTP (SFTP) Clients Available Today?

There are lots of available Secured FTP (SFTP) Clients. But many of them require to to pay some fees to pay. Some others are only Free to Trial. Some other Secured FTP Clients, which were Free to use, have discontinued their development. Here we present you four of the best Freeware Secured FTP Clients, which are still running and continuing their development.

FireFTP: FireFTP is a free, open source, cross-platform FTP client for Mozilla Firefox in the form of an add-on. It supports FTP, FTPS, and SFTP. FireFTP is charityware and runs on platforms that Firefox supports. [Related: FireFTP | Firefox addon for safe FTP].

FireFTP supports caching directory listings, and it can also do a comparison between a local directory tree and the remote one. It can connect via proxy servers and it is able to automatically reconnect after disconnection.

Core FTP: Core FTP is a secure FTP client for Windows, developed by CoreFTP.com. Core FTP is a traditional FTP client with local files displayed on the left, remote files on the right. Features include FTP, SSL/TLS, SFTP via SSH, and HTTP/HTTPS support.

FileZilla: FileZilla is a free, open source, cross-platform FTP client. Binaries are available for Windows, Linux, and Mac OS X. It supports FTP, SFTP, and FTPS (FTP over SSL/TLS). Hugely Popular FileZilla is the 5th most popular download of all time from SourceForge.net.

Some of the cool features of FileZilla include Site Manager; which allows a user to create a list of FTP sites along with their connection data, Message log; which displays the console-type output showing the commands sent by FileZilla and the remote server’s responses, File and folder view; allowing display of message log and Transfer queues.

WinSCP: WinSCP, an acronym for Windows Secure Copy is an open source SFTP and FTP client for Microsoft Windows. Beyond its main functgon of File Transfer, WinSCP offers basic file manager and file synchronization functionality. The best part with WinSCP is that it can also act transparently as a remote editor. When the user clicks on a (text) file in the remote file manager, it transfers the file to the local machine and opens it in the integrated editor

AlonWeb – Free Web VPN Software for Fast Personal Use

Imagine these situations…

* Are you faced with the problem of blocking your favorite websites by your Government, ISP, your company or your college LAN administration?
* Do you want to hide your personal data from hackers and spying eyes, while you surf from a public wifi spot?
* Are you concerned that your network administrator or your company’s IT department might be spying on where you go on Internet, what you send by emails and what you chat while on IM?

If yes, then you might consider to use some Free Web VPN Software, which might protect your anonymity and privacy from spying eyes.

AlonWeb is one such software, which ou can down FREE and install on your system, with a few clicks. Alonweb is just an OpenVPN server, based upon the highly popular OpenVPN platform. You just have to create an account with them and start having fun.

But remember, this useful Free WEb VPN service is free only with a 1000MB per month bandwitdh restriction. This seems just enough for simple browsing the web on a pers onal basis. If you want to go beyond that and use it for downloading your favorite songs, video etc., then you will have to go for their paid version.

Visit Alonweb.

Comodo EasyVPN – Free Web VPN Software for Fast Personal Use

If you are looking for a free VPN Client software to establish your own VPN or peer to peer network in an encrypted secured manner over Internet, then Comodo EasyVPN may be the right choice for you.

This Free VPN software is easy to use and configure and uses 128 bit encryption giving you complete secrecy just like your own cabled LAN right on top of Internet. The features of this great VPN software are huge, just like any other paid software for establishing VPN over Internet. Just take a look at the features.

Features of Comodo EasyVPN

* A secure instant messenger client that allows you to chat and send/receive confidential files over an encrypted communications channel
* Remote desktop control over the computers of other users or to securely telecommute into your office computer
* Allows colloborative working, sharing access to local servers and to to provide access to internal networks for remote workers
* Uses industry standard technologies and protocols so no additional software or hardware reconfiguration is necessary.
* Easy to configure

With this useful free tool, the possibilities are just unlimited; use EasyVPN to share your iTunes music, your photograph collection or even setup a multi-player gaming session.
How to use this Useful Free VPN Software

There are just five simple steps any novice computer user can follow.

* Install the software and create an account
* Create a network
* Invite others to join your network
* Joining an existing networking
* Initiate Secure IM conversations, share files and printers or take remote desktop control of another PC

Commercial use (which is any non-personal use) of EasyVPN requires payment of a fee to Comodo prior to the use of the services.

Download:

Free USB Data Encryption with Rohos Mini Drive

Why You Need Data Encryption on USB Drives

USB flash Drives are meant for portability. By their vary nature they can be easily carried away by you, and if you lose them, then by somebody else.

If you happen to carry sensitive and personal data on your USB drives, then you can imagine how easy it is for somebody to get access to that data, in case you lose a USB Drive. Consider using data encryption tools for safeguarding your data in case of any enatuality.

Rohos Mini Drive – A Free USB Data Encryption Tool

Many times data encryption sunds something geeky to an average user, and that is the reason precisely people do use it. But believe me, data encryption is not so dificult. There are specialized tools, which make your life easier and allow you seamless usability. You may not even be knowing that your data is getting encryption before getting stored on your drives.

Rohos Mini Drive is one such tool, specially designed to create hidden and encrypted partition on the USB flash drive memory. You work with the files on the hidden partition without opening a special program.

Rohos Mini Drive program does not create real partition on the USB flash drive. Thus when you insert your USB drive into USB port only one drive letter will appear in Windows. Second (secured) drive will appear only after you active it by entering a password.

Main Features of Rohos Mini Drive include:

* Creates a virtual encrypted partiton volume (disk) within a USB flash drive free space
* Automatically detects your USB stick config and creates encrypted partition
* Program does not require installation to work with encrypted partiton on a guest computer. You can start it right from USB drive
* Encrypted partition is protected by password
* Encryption is automatic and on-the-fly
* Encryption algorithm: AES 256 bit key lenght. NIST approved.
* Rohos Disk Browser to open encrypted partition without having Admin rights
* Virtual Keyboard – to protect your encrypted disk password from a key logger
* Autorun Folder. Saved program’s/file’s shortcut will automatically start/open up upon disk connection
* The limit of encrypted partition size is 2 GB

Download Rohos Mini Drive

WinPatrol – Useful Tool to Manage Windows Security Options

Windows Security is a topic which is talked by many but understood by few. There are so many security options and tweaks that it is sometimes very difficult for an average user to understand them fully and use them appropriately in best manner.

Do not think that if you have installed latest Antivirus, Antispyware and latest firewall, then your computer is secured. Computer Security is lot more than that.

WinPatrol is one such utility, which try to make this easier for you. It is a free software, which continuously monitors your computer for any modifications to the critical areas and alerts you as soon as something like that is attempted.

For instance, if a malware tries to add anything to your Registry’s Startup locations you will be immediately intimated. Similarly is a browser plug0in is installed without your knowledge or any of the file type associates are attempted to be changed, or a schedules task is created, any modifications are attempted to change your hosts file or even a new ActiveX control is installed, you will be prompted about these and you can take appropriate action depending upon whether you have a valid reason for such an action.

you are not able to appreciate the usefulness of this tiny utility, understand this it in this manner. If some stranger knock you on the door of your house, you servant will ask him many questions and intimate you before letting him enter the house. WinPatrol does the same thing. It inquires the strangers, who want to gain access your computer, and let you know about the intentions of the stranger to its master, that is you. Now it is upto you to decipher that information correctly and take an appropriate decision.

Features of This Useful Tool to Manage Windows Security Options

There are a lot of options available. Some of them are…

Schedule your Startup Programs: You can schedule your startup programs selectively to start after say 15 minutes or half an hour. This way you can just initiate your favorite programs and security software in the beginning and start your work immediately, without waiting endlessly to load all your start up programs.

Keep track of risks: WinPatrol also keeps track of when a program, service, Registry entry, or hidden file was first detected on your machine

Better than Most Security Software: Since all security software and antivirus depend upon signature identifications and updation of their signature files, there may be some delay when your antivirus is updated. By this time the malware can infect you. But WinPatrol works in real time and thus provide your better security in some cases.

There are lots of other features which you will love including these.

* Increase Your Speed & System Performance
* Detect & Neutralize Spyware. Detect & Neutralize ADware
* Detect & Neutralize Viral infections. Detect & Neutralize Unwanted IE Add-Ons
* Detect & Restore File Type Changes Automatically Filter Unwanted Cookies
* Avoid Start Page Hijacking. Detect HOSTS file changes
* Kill Multiple Tasks that replicate each other, in a single step
* Stop programs that repeatedly add themselves to your Startup List
* Delete and Remove the most Stubborn Infections

Download WinPatrol

How Different Internet Browsers Update themselves

Importance of Internet Browser Updates

Internet Browsers are the windows through which your computer can see and interact with outside world. It is highly important to protect it with a shield, which can safeguard your security from the dangers of outside world. And browser updates are like enhancing the effectiveness of these protective shields.

Running the latest updated Internet browser is the single most important step you can take towards ensuring your security on the web. I have seen many people not taking any pain for updating their browsers. They think it as the waste of their time.

Please DO NOT overlook it. No other task is as important as updating your browser. Yes, believe it.

The mechanism of Browser Update

There are hundreds of Internet Browsers used by people depending upon their choices, requirements and preferences. But the most common are only 4-5 like Internet Explorer, Firefox, Safari, Opera and Google Chrome. Each of them uses a different mechanism for the update. But the effectiveness of the mechanism depends upon how less the user is involved in the process of update.

How Google Chrome Updates itself:
And the winner is Google Chrome, because of its unique update component code-named Omaha, which keeps polling for updates even when Google Chrome is not running. Once a new update is found to be available on the server, the client automatically downloads and installs it in the background without prompting the user.

The new version of Google Chrome gets applied at the next restart of the browser. The user is not even prompted to restart the browser after a new update was ready. Given that the whole update process happens without any user interruption, Google Chrome is said to have a “silent update” mechanism. As of April 2009, the user could not disable update checks. A manual update can be initiated by choosing “About Google Chrome” in Google Chrome’s settings menu.

How Mozilla Firefox Updates itself: Web browser checks for updates periodically in a frequent schedule while the browser is running. The user can also check for updates manually with the menu command “Help” – “Check for Updates …”. When and how often Mozilla Firefox checks for updates can be set by typing “about:config” in the address bar.

safariHow Apple Safari Updates itself: It is updated through Apple’s “Software Update” service integrated in OS X, which also takes care of other system and application updates. The user can choose to check for updates daily, weekly, monthly or not at all. When updates are available, the user is prompted to initiate the downloads and get them installed.

operaHow Opera Updates itself: Opera Web browser, by default, checks for updates every week and notifies the user when a new update is available. A user choosing to update his browser is then forwarded to the Opera download Web site, where the update follows the same procedure as if the user were to install Opera for the first time. This update procedure requires serious user activity.

How Microsoft Internet Explorer updates itself: IE Web browser gets updated through the Automatic Updates service integrated in the Windows operating system.

How to Delete Web Browser History with Wipe 2.35

Web browsers is the weakest link in your computer with which your Internet Security can be compromised. It is understandable also, because it is the place, where your computer interacts with the outside world.

Importance of Web Browser History

Web browsers remember your browsing history. They keep a record of the websites, where you have visited, they know where you clicked. They use this data to customize your browsing experience and make it faster to surf the web depending upon your browsing history. This way, browsing history is an itegral part on any internet browser and add to the convenience of the user.

But, this data also reveals a lot about your personality; your preferences, your choices and sometimes sensitive pieces of information about your financial positions etc. This data, if landing in the hands of wrong persons, can potentially do a lot bad things to you. So, taking appropriate actions to safeguard your web browsing history is an important aspect.

How to Delete Web Browser History?

Every Web Browser has its own set of menu and settings. And the settings to delete your browser’s history is sometimes not so obvious. Many of the users, who are aware of the importance of clearing their web browsing history while working on a public computer, doesn’t know exactly how to delete their browser history and so overlook it.

Wipe 2.35 is a neat utility just for them.

Wipe 2.35 is a free, easy and powerful tool to clear user browsing history, clean index.dat files, remove cookies, cache, logs, delete temporary internet files, autocomplete search history and any other tracks that user leaves after using PC.

Wipe supports clearing tracks in Windows Xp and Vista, in the most popular browsers (IE, FireFox, Opera, Chrome), and in many other program that you use. Every month new version comes that help Wipe recognize and clear tracks in newly released software.

And the best part is that is it 100% clean.

Download Wipe 2.35

How to synchronize files

If your online life is divided at different locations; like office and home, you may be wanting to synchronize different files and folders, which are located at your office computer, your home PC, your laptop and your USB drives.

There are many options. Simple copy and paste. But that is too crude.

A few freeware like Allway Sync etc. They are nice but, somehow, I am always skeptical of using third party software.

Now Microsoft has released latest version of SyncToy 2.0 beta for letting you synchronize your files. It is free and comes from a trustworthy source like Microsoft. And so, I like it. With this, you can easily copy, move, rename, and delete files between folders and computers so as to achieve perfect synchronization

Test Computer for Installed KeyLoggers

Apart from Phishing, Keyloggers are one of the key factors contributing to the rise of cases of Identity theft in recent times. Keyloggers are not the old hardware types anymore, which could easily be spotted by a careful visual inspection of your computer wires and cables.

Today’s keyloggers are smart. They have the capabilities to hide themselves deep into your software applications and operate from there. And they are easy to install and control for a remote person, thanks to some careless attitude of many of the victims.

How to check, if your computer already has a Keylogging Software installed?

Many of the Security Software suites available today are able to detect most of the common keylogging software. As soon as some keylooger is attempted to be installed on your system, your security suite warns you about that and you can take appropriate action.

But, are you sure that your security software is capable of identifying keylogging activities? There is a simple test software available from Zemana, which lets you simulate a keylogger on your computer. You can download it absolutely free and run it on your computer. If your security software is able to detect it, then you may be confident about the effectiveness of that against keyloggers, otherwise it is time to have a second look at your choice of security software.

My Testing of Zemana

I have been using Norton 360 on my Laptop and it was not able to intercept this keylogging simulator software. But at the same time, I am also using KeyScrambler, which encrypts the data you enter through your keyboard. I was happy to note that all the text, which Zemana Keylogging Simulator could cpature was the encrypted text and not the actual keystrokes.

Thus, KeyScrambler was actually performing its job quite effectively and I was protected against such Keylogging activities.

Nice tool, and I recommend you to give it a try to test, if any keylogger is installed onto your system. You never know, when huge surprise start staring on your face.

Download Zemana Keylogging Simulator Test

UltraVPN – Free VPN Service for Blocked Sites

There are many forms of Internet censorship. Many a times, a corporate environment, a schools administrations or University IT department blocks the use of certain websites to enable them to restrict the use of Internet. Many a times the IT department blocks the use of chat clients like MSN and Yahoo thinking that they are a big time wasters and affect the productivity of their employees.

Besides that, there are many users, which are overly concerned about their privacy while using Internet and want to hide as many details as possible including their IP and other details.

If you are also working in such an environment and want to access blocked websites, or you want to hide your IP while browsing over Internet, then you may consider using Virtual Private Network, or VPN services. There are lots of VPN services available on Internet using different mode of operations. Some of them are free, while others are paid solution.

UltraVPN is one such Free VPN Service.

What is UltraVPN

UltraVPN is a client/server SSL VPN solution based on OpenVPN. It works by encrypting and anonymizing your network connection. You have to register first on their website and then you can download the free VPN client absolutely free. It simply sits on your system tray. Whenever you want your browsing session to be secured and encrypted, you can just right click it and choose “connect” to use this free VPN service.

Your browsing data passes through the secured servers of UltraVPN, and your privacy is protected.

Is UltraVPN Secure

There are always concerns about the sharing your private browsing data with a third party. However, UltraVPN is an open source applications, which ensures that you can be sure about the source code of the application. However, you have to generate and keep faith in them about the security of your private data, when using this useful free VPN service.

There is yet another concern about the speed of your browsing, because now there is another layer between you and your target webpage. It depends on user to user, and you are advised to keep this factor in mind while opting to use it.

[Download UltraVPN]

Crack, Recover or Remove Lost or Forgotten Password in Excel

Passwords are your key to security. We have often advised against the use of weak passwords and not to repeat them at different websites and applications. But using strong passwords has its own inconveniences and hassles.

There are many instances when you may need to crack or recover a lost or forgotten passwords. For instance, an employee might have just left your company and that important client spreadsheet created by him last Friday had a password only known to him. Or you yourself had a locked an important Excel file with a strong password and you are not remembering it just because it is already six months back. Orone of your family members has put a not-so-easy password on your important file.

Or may be, you just want to break the Excel password of a colleague’s file.

We just found a nice tool to crack or recover passwords from Microsoft Excel Files with ease.Petri IT Knowledgebase Team has come out with an Excel Password recovery, which does the job of cracking Excel Passwords in a few clicks.

They have a useful step-by-step guide to help you out for recovering excel passwords. This guide outlines how to use a simple Excel password recovery application to crack lost or forgotten passwords, allowing you to unlock password-encrypted Microsoft Excel documents quickly as possible.

How To Publish an ASP.NET Website from a Command Line

To test the tools which we develop on the team, at times I need to build a website and publish it. I use a simple way of publishing websites from the command line that saves me a LOT of time so thought I would share it.

Launch notepad and copy paste the code below and save it as Publish.cmd file. Run visual studio command prompt (as administrator) and run the publish.cmd.



1: @ECHO OFF

2: set WEB_ROOT=C:\inetpub\wwwroot\mytestsite

3: set PROJECT_ROOT=D:\Source\website

4:

5: echo Publishing site %PROJECT_ROOT% to %WEB_ROOT%

6:

7: del /S /Q %WEB_ROOT%\*.* || goto Error

8: rmdir /S /Q %WEB_ROOT%\ || goto Error

9: aspnet_compiler -p "%PROJECT_ROOT%" /v /commercesite /d "%WEB_ROOT%" || goto Error

10:

11: goto Success

12: :Error

13: echo Site was not published

14:

15: goto End

16:

17: :Success

18: echo Site published successfully

19:

20: :End

If there aren’t any errors the site will be published successfully as shown below

C:\Windows\system32>D:\Source\website\publish.cmd
Publishing site D:\Source\website to c:\inetpub\wwwroot\mytestsite Utility to precompile an ASP.NET application
Copyright (C) Microsoft Corporation. All rights reserved.

Site published successfully
C:\Windows\system32>

Modify the above script parameters appropriately to publish your site successfully!

How to: Restart a Remote Server Using Command Prompt

In our team am responsible for setting up and maintaining test servers. At times the servers are remotely located and doesn’t respond and you need to restart them. You can contact helpdesk which would involve some time. I found an easy way to do it so thought I would share it.

Launch command prompt (as administrator) and run the below command. User should have administrator permissions on the server.

1: SHUTDOWN /r /f /t 0 /m \\ /c ""

/r Shutdown and restart the computer.

/f Force running applications to close without forewarning users.

/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-600, with a default of 30.

/m \\computer Specify the target computer.

/c "comment" Comment on the reason for the restart or shutdown.

If there aren’t any issues the system will be restarted

1: C:\Windows\system32>;SHUTDOWN /r /f /t 0 /m \\xyz /c "Hotfix Installation"

Modify the above script parameters appropriately to copy the files successfully!

Haraldscan – BlueTooth Discovery Scanner

The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device’s MAC address to the largest known Bluetooth MAC address Vendor list.

The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible.

Requirements

* Python 2.6
* Pybluez
* PySQLite

Installation

1. Unpack to a directory
2. Run python haraldscan -b to build database
3. python haradscan [Options] to run Harald Scan

You can download Haraldscan here:

haraldscan-0.3.tar.gz
haraldscan_osx-0.3.tar.gz – Mac OS X Testing Version

Or read more here.

SWFScan – Free Flash Application Security Scanner

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.

HP is offering SWFScan because:

* Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
* As a result, they are seeing a proliferation of insecure applications being deployed on the web.
* A vulnerable application built on the Flash platform widens your website’s attack surface creating more opportunity for malicious hackers.


How SWFScan works and what vulnerabilities it finds:

* Decompiles applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.
* Identifies and reports insecure programming and deployment practices and suggests solutions.
* Enables you to audit third party applications without requiring access to the source code.

You can download SWFScan here:

SwfScan.msi

Or read more here.

9/2/09

Graudit – Code Audit Tool Using Grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Usage

Graudit supports several options and tries to follow good shell practices. For a list of the options you can run graudit -h or see below. The simplest way to use graudit is;

graudit /path/to/scanYou can download Graudit v1.1 here:

graudit-1.1.tar.bz2

Or read more here.

IKECrack – IKE/IPSec Authentication Cracking Tool

IKECrack is an open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication. The open source version of this tool is to demonstrate proof-of-concept, and will work with RFC 2409 based aggressive mode PSK authentication.

IKE Agressive Mode BruteForce Summary

Aggressive Mode IKE authentication is composed of the following steps:

1.Initiating client sends encryption options proposal, DH public key, random number [nonce_i], and an ID in an un-encrypted packet to the gateway/responder.
2.Responder creates a DH public value, another random number [nonce_r], and calculates a HASH that is sent back to the initiator in an un-encrypted packet. This hash is used to authenticate the parties to each other, and is based on the exchange nonces, DH public values, the initiator ID, other values from the initiator packet, and the Pre-Shared-Key [PSK].
3.The Initiating client sends a reply packet also containing a HASH, but this response is normally sent in an encrypted packet.
IKECrack utilizies the HASH sent in step 2, and attempts a realtime bruteforce of the PSK. This involves a HMAC-MD5 of the PSK with nonce values to determine the SKEYID, and a HMAC-MD5 of the SKEYID with DH pubkeys, cookies, ID, and SA proposal. In practice, SKEYID and HASH_R are calculated with the Hash cipher proposed by the initiator, so could actually be either SHA1 or MD5 in HMAC mode.

Project Details

IKECrack utilizes components from the following OpenSource/PublicDomain programs:

•MDCrack
•Ron Rivest’s MD5
•Simeon Pilgrim’s Reverse MD5
•MD5 and HMAC-MD5 PerlMods
•libpcap

Performance

Initial testing with Perl based IKECrack shows numbers of 18,000 tests per second with a PIII 700, and can bruteforce 3 chars of ucase/lcase/0-9 in 13 seconds.

MDCrack [a MD5 bruteforce tool] can achieve 1.5 million keys per second with pure MD5 and a PIII 700. PSK bruteforcing consists of 4 MD5’s, and 4 64 byte XORs….but should still be able to achieve 375,000 IKE keys per second. Preliminary tests in C have shown 26,000 keys per second with un-optimized routines. I’m hoping that Simeon Pilgrim’s MD5 routines will speed this up a bit more.

You can download IKECrack here:
ikecrack-snarf-1.00.pl

Or read more here.

Trafscrambler – Anti-sniffer/IDS Tool

Features

•Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
•Userland binary(tsctrl) for controlling trafscrambler NKE
•SYN decoy – sends out number of SYN pkts before the original SYN pkt
•TCP reset attack – sends out RST/FIN pkt with bad sequence
•Pre-connection SYN – sends out SYN with wrong TCP-checksum
•Post-connection SYN – sends out fake SYN after connection establishment
•Zero Window – send out pkt with “0” window set.

You can download Trafscrambler 0.2 here:

trafscrambler-0.2.tgz

Or read more here.

How to Change JKS KeyStore Private Key Password

Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...