nullcon: the hackerz’ next destination!!

nullcon

Long long time ago the land of mortals was plagued with numerals. Men were grappling to get hold of the unknown, the void, the zilch. How does one quantify, measure something that doesn’t exist. The legend goes like this – A few good blokes meditating under a banyan tree further under the influence of some nourishing herbs, in a profound moment of awesomeness, it dawned on them to seek the eternal wisdom of ..nothing. And so was born what we call 0|零|null|n|u . The rest, as they say, is history. nullcon celebrates this quest for knowledge and desire to carry on this legacy.

If you too share this passion for knowledge, if a core dump brings glimmer to your eyes, if you want to share your hack with others and you have an inquisitiveness to learn, then nullcon is the place for you. If meeting hackers/researchers/phreaks in a 2 days event packed conference and the sun-bathed beaches of the tropical paradise called Goa won’t get you off your bed, nothing ever will.
So crack you knuckles, fire your Live CDs, dust your Debuggers and get ready for some serious action this February.

STATUTORY WARNING: nullcon can cause severe exposure to high octane gyan and could leave participants exhausted with wild shack parties. Beware, Be There.

Projects

Hmmm … so heres the new initiative (apart from the numerous others which I have taken up and not completed) which I take up now. I am planning to blog about all the projects I am working on, Virtualization (Research Project to eliminate Virtualization. Its 2 months and I haven’t worked on this much!!!!), Astalavista (on a test bed), my other lab test projects and etc, etc, etc. I would start with the Virtualization one. Wait for it! Atleast, if I am persistent on blogging, it would push my work a bit … Why this initiative? I checked this tool PSTOOLs from Microsoft for my project of Astalavista and working on it was fun! So, just thought to share it with everyone.

So lets roll ………………………………

ClubHack 2009: Day 1

Recently, I attended this Hacking and Security conference ClubHack. It was an awesome 3 day experience listening to seminars, workshops and round table conferences by various eminent speakers and hackers from all over the world. The speakers flocked in from various domains: Telecom, US DoD (Department of Defence), Royal Bank of Scotland, McAfee and even from Pune Police, NASSCOM, CID and other eminent law enforcement agencies! I reached the venue at 8:30 AM, leaving from my institute at 715 AM. The venue was 30 kilometres from my institute!!

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiasts.
Where: The Corinthians Club, Pune (The venue was awesome!)
When: Saturday 5th and Sunday 6th December, 2009

ClubHack 2009: Day 1
5th December, 2009 was Day 1 for ClubHack. The registrations started at around 10 AM (an hour late due to setting up of the venue). There were 3 halls, 2 for the simultaneous talks and the 3rd one for networking, meals and snacks. The day started with the introduction of ClubHack, by Rohit Srivastwa, the founder of ClubHack. This was followed by a small talk by the Chief Guest of the day, Mr. Alok Vijayant, Director Information Group, MHA, Govt. of India. After the keynote speech, the Indian version of BackTrack, Matriux, was launched. A copy of the same distribution was also distributed to all the audience.

Chief Guest at ClubHack 2009

Matriux Launch

After a small round of snacks and networking, the attendees split up in two halls, according to their interest in the talk. The schedule for the same was:

from	to	Room1	Room 2
1000	1100	Registration
1100	1200	Keynote & Matriux Launch by Mr. Alok Vijayant. Director Information Dominance Group, MHA, Govt of India
1200	1300	Rohas Nagpal – Indian IT Act 2000 vs 2009	Manindra Kishore – Incident Handling and Log Analysis for Web Based Incidents
1300	1400	Anant Kochar – Revealing the Secrets: Source Code Disclosure, Techniques and Impacts	Abhijit Tannu – Facilitate Collaboration with Information Rights Management
1400	1530	Lunch
1530	1630	Nikhil Wagholikar in abstentia of K K Mookhey – Risk Based Penetration Testing	Suhas Desai – Open source for securing data with advanced Crypto-Steganography technology
1630	1730	Vinoo Thomas & Rahul Mohandas – India Cyber Crime Scene – Caught in the Crossfire	Lavakumar Kuppan - Lust 2.0 – Desire for free WiFi and the threat of the Imposter
1730	1830	Kush Wadhwa – Advance Computer Forensic concepts (windows)	Gursev Singh Kalra – Mobile Application Security Testing

Another superb thing was the “Internet Bakra”. Running sslstrip and dsniff on the free internet which was provided for the day, all the passwords were sniffed and later at the end of the talks, were shown to people (just the 1st two characters of the password) to explain them that entering personal information in free connections can be harmful. While this did

After all the talks, ClubHack threw a party (on invitation) for the speakers, the volunteers and a few attendees. The party was in Dolally, the only microbrewery in Pune. Dolally is an awesome place (for people who drink beer). It has a wide variety of beers which they brew in house. They also showed us how beer was brewed from around 10 different wheat types. It takes around 20 days to brew beer!! It also has a DJ which plays on-demand music for free!! It was fun discussing informal things with the people whom you saw in formals the whole day! At one particular incident, I couldn’t recognize Mr. Nikhil Wagholikar (from NII Consulting) in the party. He was totally in formals in the day time, and in the evening, total informals!! Dinner was in the same hotel, having a buffet with all the speakers, the volunteers and other guests.

ClubHack Day 1 Party at Doolally

The day ended at around 11 PM (for me, since had to reach my institute before the gates closed for us!!).

The Volunteering Team

• Pankit Thakkar
• Abhijeet Patil
• Murtuja Bharmal
• Aseem Jakhar (founder www.null.co.in)
• Tushar Dalvi
• Pradnya
• Antariksh Shah
• Prashant Mahajan
• Anish
• Ajit Hatti
• and a few more … Kudos to them for a successful Day 1 (and simultaneously, Day 2 and 3!!)

Finally, saying goodbye to everyone, we left for our college at around 11:30 PM (the gate closing ceremony of Symbiosis Infotech Campus, Hinjewadi takes place at 11:30 PM!! we were late!!). Thanks a lot to Mr. Dinesh O’Bareja for giving us a lift till Wakad. We finally reached the campus at around 12:30 AM, went to sleep, just to wake up in another 4 hours for the fully informative, knowledge filled next day of ClubHack: the workshops.

BarCamp Pune 6 … (2/2)

Date: Saturday, November 14, 2009 from 10:00 AM – 6:00 PM

Dear BarCamp’ers

Greetings!

Finally, the most awaited day of the year has arrived. BarCamp Pune 6,

As we all know, a Barcamp is a “democratic” conference. It is not a normal / traditional conference which is usually put together by a committee of professors, or industry veterans, and the speakers selected by the committee and invited to speak. Often, talks tend to be boring “lectures” or “speeches” that you fall asleep in. In these traditional conferences, the tea-breaks and the corridor-conversations are the most interesting and important part of a conference. Think of a barcamp as an entire conference that consists only of tea-breaks and corridor-conversations. Anybody can attend a barcamp. Anybody can speak on any topic that they are passionate about. A whiteboard is put up in the morning with the available rooms and timeslots. People can write down their name and the title of their talk in any available slot. Based on this, the others can decide which talks they want to attend. Democracy.

Startup Saturday:
A Startup Saturday (SS) session is aimed at deepening the skills of startup community in Pune to make more successful startups coming out of the city through creation of a vibrant innovation ecosystem. A SS session is about rich-discussions on topics of interest to startups in the city. A typical session would have only about 25% of time devoted to talk/presentation and rest of the time time dedicated to freewheeling discussion as that is where, in our experience, the audience makes the best use of the available expert.

SS Schedule:

• 3:00 – 3:40 pm – Sunil Nikhar, Promoter, Pyxis IT on “Information Technology in Financial Sector”
• 3:40 – 3:55 pm – Ravindrakumar Kshirsagar, Startup Showcase on “Bio-Excellence”
• 3:55 – 4:05 pm – Break
• 4:05 – 4:45 pm – Kaushik Gala, Venture Center, NCL on “Academic research to a startup”
• 4:45 – 5:00 pm – Startup Showcase”

For more details: http://startupsaturday.headstart.in/event.php?eid=6

Venue Address:
Symbiosis Centre for Information Technology,
Symbiosis Infotech Campus,
P 15 MIDC, Phase 1
Rajiv Gandhi Infotech Park,
Hinjewadi 411 057
Pune

For a map of the same, hit the link www.scit.edu/contact.htm from your favorite browser!

To/From the venue (Bus Service):
- To reach the venue, a Bus has been arranged at 9 AM from Symbiosis Institute of Computer Studies and Research (SICSR), Model Colony. This is near to E-Square and Pune Central.
- A bus is arranged at 6 PM from SCIT to reach SICSR (back to Pavillion!)

At the Venue:
- BCP6 would be held in the Assembly Hall of SCIT. This is on the 1st floor (ironically, the ground floor has been named 1st floor) of the Academic Block of SCIT.
- Whiteboard would be put up to write down the topic on which a discussion would be started, with the room number.
- Wi-Fi would be provided at the venue. The SSID (Wi-Fi name) as well as the security key would be provided on the venue.

Lunch:
Lunch would have to be bought by individuals. Its something like TTMM (Tera Tu, Mera Main!). There are a lot of places where lunch could be arranged from.
Possible Venues for Lunch:
- Sweety Stores (on the venue, for some snacks)
- Sai Chaat Centre (on the venue. For some Chaat)
- Symbiosis Mess (Timing: 12:45 PM to 2:30 PM)
- Tamanna Hotel (500m from SCIT)
- Talk About (a branch of Tamanna, 500m from SCIT)
- Lemon Tree (a 3 Star Hotel. 500m from SCIT)
- McDonalds (about 2 KM from SCIT)
- Domino’s Pizzas (about 2 KM from SCIT)
- Mezza9 (awesome for a dinner date. About 2 KM from SCIT)
- Ghar ka khaana (awesome food. About 2 KM from SCIT)

Hope to see you tomorrow.

Good Day!

For more information click here: BarCamp Pune 6

BarCamp: What is it and Why to attend?

What: BarCampPune 6
When: 14 November, 2009
Where: Symbiosis Centre for Information Technology, Hinjewadi, Pune
MAP

Registration: http://barcamp-pune.eventbrite.com/

Pune will have a “BarCamp” free conference this Saturday, 14th November, in SCIT Hinjewadi (bus pickup/dropoff provided from Model Colony). We believe that all technology professionals, and all computer science students should take this opportunity to get exposure to some of the most interesting people and technologies in Industry. To register (free) for barcamp, and for details of venue, timing etc, click here.

BarCampPune6 Logo (Created by Kriti Deb)

A Barcamp is a “democratic” conference. It is not a normal / traditional conference. A normal / traditional conference is usually put together by a committee of professors, or industry veterans, and the speakers selected by the committee and invited to speak. Who can attend is also constrained by money (conferences fees are high), or by other means (only members may attend). And often, talks tend to be boring “lectures” or “speeches” that you fall asleep in.

Anybody who’s been to a traditional conference will tell you that the tea-breaks and the corridor-conversations are the most interesting and important part of a conference. Think of a barcamp as an entire conference that consists only of tea-breaks and corridor-conversations. Well, it’s a little more structured than that… Anybody can attend a barcamp. Anybody can speak on any topic that they are passionate about. A whiteboard is put up in the morning with the available rooms and timeslots. People can write down their name and the title of their talk in any available slot. Based on this, the others can decide which talks they want to attend. Democracy.

You’ll wonder, if anybody can speak, how to ensure quality of speakers and presentations? By the “law of two feet”. The audience in a Barcamp is encouraged to use their two feet and walk away from a talk if it turns out to be boring. People are encouraged to find and create subgroups interested in specific topics, find a room or a corridor, and start discussing – and they often do.

This ensures that everybody finds something interesting, and often something unexpected at a Barcamp. Maybe you might find the 15-year-old kid who knows more about Search-Engine-Optimization than all the “industry veterans” you’ve met. Maybe you’ll go there to learn new technology and instead find some really interesting NGO or other social work organization and join that. Maybe you’ll just land up there, not knowing what to expect, and end up finding not just your first job, but a great career. Maybe you have an idea for a company, but don’t know how to implement it, and you’ll find someone at Barcamp who’s willing to handle the technology for you.

I’m not just making all of that up. Each one of the sentences in the previous paragraph that started with “Maybe” is actually a real-life story that I’ve seen happen during some of the Barcamps in the last couple of years in Pune. And there are a lot more such stories.

Over the next few days, we’ll be writing short articles on why you should attend Barcamp. If you’re a student looking for projects, internships, or recos. Or you are an entrepreneur with an idea, but don’t know enough about technology to implement it. Or you’re an employee of a big company and are looking to hire some really smart people … or you’re looking to be hired by some really smart people. Or you’re a startup looking for collaboration, business development, or simply mentors/advisors.

Thanks to PuneTech for this post:
Orginal Link: http://punetech.com/what-is-a-barcamp-and-why-you-should-attend/

BarCamp

ClubHack 2009!

ClubHack 2009

ClubHack is back! India’s own International Hacker’s Convention is back with its 3rd version with the aim to enable the dissemination, discussion and sharing of deep knowledge in the field of information security and cyber crime investigation.

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiats.
When: Saturday 5th and Sunday 6th December, 2009
Where: ICC or Estique
Registration: Opens in October, 2009. http://clubhack.com/2009/Registration

Rohit Srivastwa

Founder: Rohit Srivastwa
Rohit Srivastwa is a well known security evangelist. He has an expertise in cyber crime investigation and IT infrastructure management. Rohit is actively involved advising several military agencies, law enforcement personnel, media, corporate and Government bodies in these fields. Along with assisting these organizations solving there cases, Rohit is also involved in teaching the related subjects to them. Rohit has trained the police departments of Pune, Mauritius and Malaysia. Rohit Srivastwa is also the founder of ClubHack, a member driven community to spread the security awareness. As his last assignment Rohit was Director Technology at Commonwealth Games Pune (2008) where he delivered the complete technology of games and managed everything which comes under the umbrella of technology.
Currently he is Director Technology and Network Operations for Commonwealth Games to be held in Delhi in year 2010.

ClubHack, India’s Own Hacker’s Convention enters its 3rd version on the 5th and 6th of December, 2009. Previously, it was held successfully in December 2007 and 2008.

ClubHack 2009: Call for Papers
SUBMISSION: ClubHack2009 is expecting a good deep knowledge technical presentations/demonstrations on topics from the world of Information Security. These presentations are expected to be of 40 minutes each. The schedule time for each presenter would be 50 minutes out of which 40 minutes are for the presentation & 10 for the question-answer sessions. We’d request you to submit the papers keeping the time constraint in mind.

TOPICS: The following list is made keeping in mind the most interesting topics in hacking & security. This is more of an indicative list, the papers submission can be on other topics also but have to be close to this & the theme of the event.

• Protocol / Application based vulnerability in networks and computers
• Firewall Evasion techniques
• Intrusion detection/prevention
• SPAM fighting
• Data Recovery and Incident Response
• Mobile Security (cellular technologies)
• Virus and Worms
• WLAN and Bluetooth Security
• Analysis of malicious code
• Cryptography and Cryptanalysis
• Computer forensics
• File system security
• Secure coding & code analysis
• Hardware modification
• Patch writing for vulnerabilities
• Open source hacking toolkit
• Cyber Crime & law

Dates:
Opening: 15th August 2009
Closing: 15th October 2009

For more information, check out http://www.clubhack.com/2009

Me in ClubHack Workshop

ClubHack session in progress

Cop-Tech Forum

Recently, a few months ago, on the 30th of June, 2009, Cop-Tech Forum was launched. It is a joint initiative of Pune Police, NASSCOM (The National Association of Software and Services Companies) and the DSCI (Digital Security Council of India).

Purpose:
The main objective behind this forum was to increase sharing of ideas and knowledge on cyber security between the Police and the IT Industry. As Commissioner of Police, Dr. Satya Pal Singh, phrased it: “Cop-Tech is solemnization of the marriage between the Police and the IT Industry“. It is an initiative which calls for contribution of the IT professionals to help develop the Police force to serve the people better.

Pratap Reddy, an IPS officer who was an advisor (cyber security) to NASSCOM, listed down the things which Cop-Tech has to take care of:

• Develop the Control Room of Pune Police to make it state-of-art which can cater to all those who dial 100 in a proper, structured way. This would also involve Fleet Management to keep track of police vehicles on the field
• Cyber crime, computer security awareness among the students, non-IT professionals and the citizens in general
• Usage of CCTVs from different locations. This would also involve Video and Image Analysis. For this, IT professionals who work in this area were called for help.
• Training the Police staff in Cyber Security, Cyber Crime Investigation, Forensic Investigation, Computer Security in general, trainings on using of different tools (like GPS). This is to ensure that the state-of-art devices which would be used in the Control Rooms would be used efficiently and effectively by the policemen
• Forensic Investigation. There are many cases which are shutdown since Police do not have proper evidence or direction to work on. Here, the IT professionals can help (voluntarily) in Forensic Investigation

After this, the discussion was thrown out to the audience who are ready to contribute to this CopTech Forum. It was good to see a number of professionals from Infosys, Delloit, IBM, Null Security Community, Press, etc, who were ready to help in their own way. An Infosys guy was ready to design, develop, code and implement a database system for Cyber Crime cell and Control Room. As is going on for many months now, Null Security Community is already into spreading security awareness among the citizens of Pune, which has now extended to Banglore. They were also interested in helping for Cyber Crime Investigations and Forensics.

Pic:
Pratap Reddy (2nd from Right)
Dr. Satya Pal Singh (Lighting the lamp)

There was a good suggestion from one of the attendees. What he suggested was to look at the whole Cyber Crime as a business. A business which would involve 3 steps, including the actual crime and the monetization of that crime (like selling the data/information, selling the method to perform the crime in form of exploits, etc). If in some way, one of the 3 steps could be interfered and cause hamper, the whole cyber crime process would fall. But, since this Cop-Tech forum has a narrow scope (as of now) to those listed above, this suggestion was left for future scope. There were many other inputs from the audience volunteering for Image and Video Analysis, Forensics, etc.

In short, it was good to see a bunch of around 60-70 individuals as well as a few groups like Null to have participated in this and who are ready to contribute. But, looking at the facts of Pune being the “IT hub of India” or the Silicon Valley of the East, 60 – 70 was a very small number. Till date, people have always questioned the government for not doing a good job, but when it comes to helping/contribution/volunteering, only a bunch of people are there at the disposal of the government, even when the government has taken the first step. This is a humble request to all IT Professionals to help the Police and the Cyber Cell to make it better so that they are able to serve us in a better way.

To get in touch with CopTech and Cyber Cell Pune, you can pay a visit to Cyber Cell branch at Sadhu Vasvani Road, Camp, Pune-1.

Dr. Satya Pal Singh’s Blog: http://drsatyapalsingh.blogspot.com/

Chat Protocol …

Scenario 1: You forgot(or don’t want) to go offline and you are projecting your screen on projector with some serious discussion in a busy conference room and bang! an old friend messages you on messenger “Hi Sexy”

Scenario 2: You are sitting with someone say Mr. A and another friend say Mr. B sends you a message about Mr. A. You know what kind of message I’m talking about

These kind of sudden and uninvited chat messages can disturbing at times. So in one of my previous organization we had a protocol for chatting. I found it very helpful and slowly many of my friends have started following it.

Here’s how it goes, PLEASE try to follow the same when chatting with me and may be others too. This will make the online life bit comfortable for you and your friends

[?] To start a conversation, send a question mark only. Yes a simple ” ? ” only. This can mean anything as per your understanding like “Can we chat?” or “are you there?”.

Now the answer to this question can be yes no or later

[Y] So if the answer is YES, the person replies ” y “. Which means “I’m comfortable chatting with you at this moment, tell me”

[N] If the answer is NO for reasons like “I’m busy”, or “Can’t chat” or whatever, the person replies ” n “. If you get a ” n ” DO NOT send any more message, not even “OK, I’ll ping you later” It like saying DO NOT DISTURB

[5] or for that matter any number like ” 10 ” – “15 ” means busy right now, lets talk after 5 (or 10-15) minutes. This comes very handy when you want to chat but because you are preoccupied in something which you can’t leave in between.

[ ] If in case there is no reply from the other side, there can be 2 reasons. Too busy to say a ” n ” or not near the computer. The best option in this case is treat it as ” n ” and DO NOT disturb

Looking at so many shortcuts, we devised another shortcut. It was ” b ” this time which means BYE that comes at the end of conversation.

I strongly recommend all my friends to use this protocol while starting a chat with me. Share the protocol with your friends and see the difference.

Original Post: http://blog.rohit11.com/2009/02/chat-protocol.html
Thanks to Rohit Shrivastva, from whose blog I copied this.

Install Skype Fedora 11

Installing Skype on Fedora is a pain in the neck. And making the sound work on skype is a bigger pain! After migrating from Ubuntu to Fedora, things have become really difficult! In this post, I explain (thanks to mdim, a user on fedoraforum.org) how to install Skype on Fedora 11.

The first few steps are a copy paste of what mdim wrote on the forum:

Step 1:
Login as root in the terminal
Code:

su -

And provide your root password.

Step 2:
Download the libsigc++20-2.0.17-1.i386.rpm package:
Code:

wget http://fedora.osmirror.nl/extras/5/i386/libsigc++20-2.0.17-1.i386.rpm

Step 3:
Run the command:
Code:

rpm2cpio *.rpm | cpio -idmv

Step 4:
Create directory /opt/libs32/ if you don’t have it yet:
Code:

mkdir /opt/libs32

Step 5:
Copy libsigc-2.0.so.0 and libsigc-2.0.so.0.0.0 to /opt/libs32/ directory:
Code:

cp ./usr/lib/libsigc-2.0.so.0 /opt/libs32/cp ./usr/lib/libsigc-2.0.so.0.0.0 /opt/libs32/

Step 6:
Install everything that has anything to do with Qt4:
Code:

yum install qt4*

Step 7:
Download the skype-1.4.0.118-fc5.i586.rpm rpm package from http://www.skype.com/intl/en/downloa…/linux/choose/ and enter command in terminal:
Code:

rpm -i --force --nodeps skype-1.4.0.118-fc5.i586.rpm

Step 8:
Now give the path to those libraries:

Code:

export LD_LIBRARY_PATH="/opt/libs32/"

Step 9:
Now you can run skype by typing:
Code:

skype

IMPORTANT NOTE:
In some cases, there is this error which is encountered on the last step (Step 9).

warning: skype-2.0.0.72-fc5.i586.rpm: Header V3 DSA signature: NOKEY, key ID d66b746e

And when Skype is executed, another error is encountered:

skype: error while loading shared libraries: libXss.so.1: cannot open shared object file: No such file or directory

For this, you would require the file libXss.so.1

Step 10:
Enter the following command in the terminal and then start skype.
Code:
yum install libXss.so.1

Special thanks to mdim and the post http://forums.fedoraforum.org/showthread.php?t=174114

VAPT … Day 1

First day into my VAPT – Vulnerability Assessment and Penetration Testing, (Hacking, in short) was a blunder. I had not contacted my mentor that I was going to start from 15th of April. I forgot . Neither did I know his time of arrival to the office, so that I could reach just on time to talk to him and get the project details.

Anyways, reached xyz (the company for whom I work) at around 9:10 am. I contacted my mentor, Mr Danny Nagdev just before reaching their. He asked me to come at 10, since he was in a meeting. Passed my time on Level 9, started my laptop, and began playing Burnout Paradise … believe me, its a superb game, with all the stunts and races and what not … cool cars, great graphics … ok, later, back to the topic.

I was re-directed to another office of xyz, after meeting Mr. Danny, where the security administrator used to work from. Finally, after having a chai with Mr. Namit Kasliwal, the Security Administrator of xyz, I got my project. I did have a choice of skipping office since that was the first day, but I started off with my job, due to 2 reasons, 1) no friends on the campus and 2) i am a workaholic.

The Project:
I was asked to Hack into the xyz servers. Yo. That would be fun! Lets start off. The project was going to be a Black Box type, i.e. the company would provide me with no information, its me who has to find out everything! Imagine, EVERYTHING!!!! Fine, lets go ahead.

Starting off with the Project:
The company people were good enough to provide me with an ethernet cable to connect to their internal network. Good, atleast that would help me find some more information about them!

The only thing I knew about the company (other than its name, and the 2 people I met), was the website. After connecting to the local internet, I found the basic information:
- the subnet I was connected to (IP address and the subnet mask)
- the DNS used by the company
- the default gateway

After this, the logical step was to find out the final gateway of the company, i.e. the final server which connected xyz the world, the Internet. So, for that, I did a traceroute to the google and orkut servers and from there. Traceroute gives you a list of all the hops on the way to the servers. Looking (DNS Lookup) up each one of them, I came to know of the last internal ip address which would take all the requests of xyz to the Internet. Hence, found the NAT Server!

The next step which I took, was in the Internet side. I queried the Whois database for information on the company’s website. Finding a few fields which were unknown to me, I went on to look for details of the fields which are included in the Whois query answer. I found this wonderful site http://www.apnic.net/db/ref/attributes/attributes-inetnum.html which listed all the fields and their descriptions. Having queried the Whois database, I found a lot many details about the company, like the Name of the contact person for the website, the address of the registrant, phone numbers, email addresses, and the most important, the DNS records!! I dont know why the whois database is open for all; well, good for people like me .

For the Whois query, I used www.samspade.org for the same. I haven’t tried finding how it queries the Whois database, but I did find out how to query the samspade whois database.
www.samspade.org/whois?query=;server=auto. This URL would take you to the Whois page of the IP/Domain.

Also, from the Whois query, I came to know that xyz hosted its website on a public domain, and it wasnt in their servers … wow … pretty intelligent!

Having found the DNS records from the Whois page, the next step was to find the subdomains and the other domains, if registered.

Since it was the first day, I din’t want to go into much of details, and so used the tools on the page http://member.dnsstuff.com/pages/tools.php to get more information on the web server. Using the Whois wouldnt have made much of a difference, since all the whois queries would return the same answer!

Used all the tools available on that page to check what all information I get my hands on.

After all this, I sat surfing their website, looking for more information about the company; their products, services, addresses …. anything, everything.

There is a pretty good addon to firefox, “Extract Links”. It would extract all the links from the specified page and print it on a new tab, separating all the links and the domains. Through this, I found various sub domains of the company xyz. Pretty neat. I dint have to use much of the DNS tools to get the sub domains

There is one more addon, External IP Address. This shows the public IP Address which you are using to connect to the Internet. Through this, I got the IP Address range which the company xyz uses! Simple, huh

Lastly, having certain restrictions on surfing the web, I found the page www.torproject.org. I installed a client for this and started surfing without any problems! Yo!

Cheers