ClubHack 2009: Day 1

Recently, I attended this Hacking and Security conference ClubHack. It was an awesome 3 day experience listening to seminars, workshops and round table conferences by various eminent speakers and hackers from all over the world. The speakers flocked in from various domains: Telecom, US DoD (Department of Defence), Royal Bank of Scotland, McAfee and even from Pune Police, NASSCOM, CID and other eminent law enforcement agencies! I reached the venue at 8:30 AM, leaving from my institute at 715 AM. The venue was 30 kilometres from my institute!!

What: ClubHack 2009, a meeting place for hackers, security professionals, law enforcement agencies, students and all other security enthusiasts.
Where: The Corinthians Club, Pune (The venue was awesome!)
When: Saturday 5th and Sunday 6th December, 2009

ClubHack 2009: Day 1
5th December, 2009 was Day 1 for ClubHack. The registrations started at around 10 AM (an hour late due to setting up of the venue). There were 3 halls, 2 for the simultaneous talks and the 3rd one for networking, meals and snacks. The day started with the introduction of ClubHack, by Rohit Srivastwa, the founder of ClubHack. This was followed by a small talk by the Chief Guest of the day, Mr. Alok Vijayant, Director Information Group, MHA, Govt. of India. After the keynote speech, the Indian version of BackTrack, Matriux, was launched. A copy of the same distribution was also distributed to all the audience.

Chief Guest at ClubHack 2009

Matriux Launch

After a small round of snacks and networking, the attendees split up in two halls, according to their interest in the talk. The schedule for the same was:

from	to	Room1	Room 2
1000	1100	Registration
1100	1200	Keynote & Matriux Launch by Mr. Alok Vijayant. Director Information Dominance Group, MHA, Govt of India
1200	1300	Rohas Nagpal – Indian IT Act 2000 vs 2009	Manindra Kishore – Incident Handling and Log Analysis for Web Based Incidents
1300	1400	Anant Kochar – Revealing the Secrets: Source Code Disclosure, Techniques and Impacts	Abhijit Tannu – Facilitate Collaboration with Information Rights Management
1400	1530	Lunch
1530	1630	Nikhil Wagholikar in abstentia of K K Mookhey – Risk Based Penetration Testing	Suhas Desai – Open source for securing data with advanced Crypto-Steganography technology
1630	1730	Vinoo Thomas & Rahul Mohandas – India Cyber Crime Scene – Caught in the Crossfire	Lavakumar Kuppan - Lust 2.0 – Desire for free WiFi and the threat of the Imposter
1730	1830	Kush Wadhwa – Advance Computer Forensic concepts (windows)	Gursev Singh Kalra – Mobile Application Security Testing

Another superb thing was the “Internet Bakra”. Running sslstrip and dsniff on the free internet which was provided for the day, all the passwords were sniffed and later at the end of the talks, were shown to people (just the 1st two characters of the password) to explain them that entering personal information in free connections can be harmful. While this did

After all the talks, ClubHack threw a party (on invitation) for the speakers, the volunteers and a few attendees. The party was in Dolally, the only microbrewery in Pune. Dolally is an awesome place (for people who drink beer). It has a wide variety of beers which they brew in house. They also showed us how beer was brewed from around 10 different wheat types. It takes around 20 days to brew beer!! It also has a DJ which plays on-demand music for free!! It was fun discussing informal things with the people whom you saw in formals the whole day! At one particular incident, I couldn’t recognize Mr. Nikhil Wagholikar (from NII Consulting) in the party. He was totally in formals in the day time, and in the evening, total informals!! Dinner was in the same hotel, having a buffet with all the speakers, the volunteers and other guests.

ClubHack Day 1 Party at Doolally

The day ended at around 11 PM (for me, since had to reach my institute before the gates closed for us!!).

The Volunteering Team

• Pankit Thakkar
• Abhijeet Patil
• Murtuja Bharmal
• Aseem Jakhar (founder www.null.co.in)
• Tushar Dalvi
• Pradnya
• Antariksh Shah
• Prashant Mahajan
• Anish
• Ajit Hatti
• and a few more … Kudos to them for a successful Day 1 (and simultaneously, Day 2 and 3!!)

Finally, saying goodbye to everyone, we left for our college at around 11:30 PM (the gate closing ceremony of Symbiosis Infotech Campus, Hinjewadi takes place at 11:30 PM!! we were late!!). Thanks a lot to Mr. Dinesh O’Bareja for giving us a lift till Wakad. We finally reached the campus at around 12:30 AM, went to sleep, just to wake up in another 4 hours for the fully informative, knowledge filled next day of ClubHack: the workshops.

VAPT … Day 1

First day into my VAPT – Vulnerability Assessment and Penetration Testing, (Hacking, in short) was a blunder. I had not contacted my mentor that I was going to start from 15th of April. I forgot . Neither did I know his time of arrival to the office, so that I could reach just on time to talk to him and get the project details.

Anyways, reached xyz (the company for whom I work) at around 9:10 am. I contacted my mentor, Mr Danny Nagdev just before reaching their. He asked me to come at 10, since he was in a meeting. Passed my time on Level 9, started my laptop, and began playing Burnout Paradise … believe me, its a superb game, with all the stunts and races and what not … cool cars, great graphics … ok, later, back to the topic.

I was re-directed to another office of xyz, after meeting Mr. Danny, where the security administrator used to work from. Finally, after having a chai with Mr. Namit Kasliwal, the Security Administrator of xyz, I got my project. I did have a choice of skipping office since that was the first day, but I started off with my job, due to 2 reasons, 1) no friends on the campus and 2) i am a workaholic.

The Project:
I was asked to Hack into the xyz servers. Yo. That would be fun! Lets start off. The project was going to be a Black Box type, i.e. the company would provide me with no information, its me who has to find out everything! Imagine, EVERYTHING!!!! Fine, lets go ahead.

Starting off with the Project:
The company people were good enough to provide me with an ethernet cable to connect to their internal network. Good, atleast that would help me find some more information about them!

The only thing I knew about the company (other than its name, and the 2 people I met), was the website. After connecting to the local internet, I found the basic information:
- the subnet I was connected to (IP address and the subnet mask)
- the DNS used by the company
- the default gateway

After this, the logical step was to find out the final gateway of the company, i.e. the final server which connected xyz the world, the Internet. So, for that, I did a traceroute to the google and orkut servers and from there. Traceroute gives you a list of all the hops on the way to the servers. Looking (DNS Lookup) up each one of them, I came to know of the last internal ip address which would take all the requests of xyz to the Internet. Hence, found the NAT Server!

The next step which I took, was in the Internet side. I queried the Whois database for information on the company’s website. Finding a few fields which were unknown to me, I went on to look for details of the fields which are included in the Whois query answer. I found this wonderful site http://www.apnic.net/db/ref/attributes/attributes-inetnum.html which listed all the fields and their descriptions. Having queried the Whois database, I found a lot many details about the company, like the Name of the contact person for the website, the address of the registrant, phone numbers, email addresses, and the most important, the DNS records!! I dont know why the whois database is open for all; well, good for people like me .

For the Whois query, I used www.samspade.org for the same. I haven’t tried finding how it queries the Whois database, but I did find out how to query the samspade whois database.
www.samspade.org/whois?query=;server=auto. This URL would take you to the Whois page of the IP/Domain.

Also, from the Whois query, I came to know that xyz hosted its website on a public domain, and it wasnt in their servers … wow … pretty intelligent!

Having found the DNS records from the Whois page, the next step was to find the subdomains and the other domains, if registered.

Since it was the first day, I din’t want to go into much of details, and so used the tools on the page http://member.dnsstuff.com/pages/tools.php to get more information on the web server. Using the Whois wouldnt have made much of a difference, since all the whois queries would return the same answer!

Used all the tools available on that page to check what all information I get my hands on.

After all this, I sat surfing their website, looking for more information about the company; their products, services, addresses …. anything, everything.

There is a pretty good addon to firefox, “Extract Links”. It would extract all the links from the specified page and print it on a new tab, separating all the links and the domains. Through this, I found various sub domains of the company xyz. Pretty neat. I dint have to use much of the DNS tools to get the sub domains

There is one more addon, External IP Address. This shows the public IP Address which you are using to connect to the Internet. Through this, I got the IP Address range which the company xyz uses! Simple, huh

Lastly, having certain restrictions on surfing the web, I found the page www.torproject.org. I installed a client for this and started surfing without any problems! Yo!

Cheers

Protect your identity … Identity Theft Labs’ advices

It is in everyday newspaper that we read about the theft of credit card information, but do we do anything to prevent it? In countries like USA and UK, people do not give their Credit Cards to the cashier to swipe it; instead, they do it on their own, least the cashier swipes the credit card for his own interest in some other device. When can this be started in India?

Given below is a blog post from http://www.business-opportunities.biz/2008/12/23/identity-theft-labs-shares-some-advice-on-how-you-can-protect-yourself/. Read it; its important for all of you using credit cards …

Although it is not strictly business related, identity theft is no stranger in the world. It is a problem that has hit a variety of people within all income levels. Unfortunately many people don’t realize what they should do until after it is too late. If you do the work, there are ways that you can protect yourself. However, if you don’t have the time or patience, there are paid services available that can do the work for you.

I recently spoke with John Armstrong, the owner of Identity Theft Labs, about identity theft and what we can do to protect ourselves.

What are some of the top tricks that thieves have used to steal someone’s identity?

To steal someone’s identity you must first obtain their private information and identity thieves use all sorts of tactics from dumpster diving, shoulder surfing, credit card skimming, stealing – purses – wallets – laptops – data storage devices, phony websites, phishing, impersonation, break and enters – house and car, hacking and viruses.

The most interesting case, in my view, just happened recently in Europe. Even the Wall Street Journal did an article on this one. A Pakistan identity theft ring placed a 4 ounce card capable of wireless communication under the motherboard of credit card readers made in China and distributed throughout Europe. It captured credit and debit card details including passwords and uploaded the information to a server in Pakistan. This was a very sophisticated ring that luckily got broken up due to the curiosity of one person otherwise it may have been undetected for a long time. The device included an intelligent program that sent the information sporadically and could even be told to lay dormant to avoid detection. An initial investigation found hundreds of these devices that could only be detected by weight as there were no visual clues of a tampered credit card reader.

Joel F. Brenner, the U.S. government’s top counterintelligence officer said “Pretty small but intelligent criminal organizations are pulling off transnational, multi-continent heists that only a foreign intelligence service would have been able to do a few years ago.”

It is important to realize that Identity Theft is big business costing the US economy $50 billion a year. Identity thieves vary from the low life criminals going through your trash to sophisticated multi-national criminal organizations.

Do you have any tricks that someone could use on their own to help prevent this from happening?

The single biggest tip I could give is to become aware of the problem of identity theft and start safeguarding your personal information in every way possible, especially your Social Security number. Only give this out where necessary.

Unfortunately, even if you followed an extensive list of tips to protect your identity, your information may still get in to the hands of a criminal. Data Breaches in the United States have exposed the private information of over 200 Million Americans in the last three years and breaches occur weekly if not daily.

Obviously, you still want to reduce your risk and so I advise everyone to shred personal documents, make sure your online activities are secure and most importantly order and review your credit reports for any discrepancies. Additionally, a fraud alert is a simple yet effective tool to protect your credit.

What should they look for in a paid service? Why might this be a better option?

Though a paid service can help protect you in ways you cannot many of the services they provide can be done for free if you are willing to do some legwork. One of the big advantages of a service is that you are provided identity theft insurance or a service guarantee. There is no way to fully protect your identity so this is a big plus and gives many consumers peace of mind and financial security.

There are essentially three types of paid services that can be divided up by their main means of identity protection ? fraud alerts, credit monitoring, database scanning. The best companies usually combine two of these options and this is something I would definitely look for in choosing a company. Other things to consider are the guarantee or insurance provided, what is done on your behalf if you do become a victim, what exact steps are taken to prevent your identity and credit from being stolen. If you are looking at a credit monitoring service make sure they monitor all three bureaus daily.

What actions would put someone at a higher risk of having their identity stolen?

Again it comes to awareness and making a conscious decision to protect your personal information. A lot of people, companies and institutions still use the Social Security number as a means of identification. This has got to stop as it a key piece of information for identity thieves and the exposure of your SSN can put you at great risk.

What kind of information may we find when we visit your website?

Identity Theft Labs is a great resource for tips on identity theft prevention as well as information on the risks that are out there. We pride ourselves on providing unbiased reviews of the best identity protection companies and we point out the differences in each to aid the consumer in choosing the right service for themselves and their loved ones.

Before someone pays for a service, what are some of the most important features they should look for in a company?

The most important features are: fraud alerts or credit monitoring, a guarantee or insurance, support ? preferably trained Americans, credit reports, black market internet scanning, database scanning and identity restoration services.

I understand that Identity Theft Labs is not an actual service on its own, but helps others by recommending some of the companies available. What are some of the companies that you represent?

We review LifeLock, TrustedID, Identity Guard, Debix, Identity Truth and some credit monitoring services from the credit bureaus. We continue to monitor dozens of identity protection companies but only include what we deem to be the best services on our website located at http://www.identitytheftlabs.com. For most services we provide discounts as well.

Do you think you’ll enter into any other form of business or is this it for you?

Identity Theft Labs is a business and a passion for me. I do not see myself leaving this venture for a long time but at the same time would not rule out diving in to something else if the right opportunity came along. The problem with new ventures is that they are often very time consuming and I would prefer to find an opportunity that could co-exist with what I am doing now.

What has your business taught you?

Entrepreneurs either know or quickly find out that there is no limit to the number of tasks that need to get done. No matter how fast or hard you work there is always more. As such we quickly learn to prioritize our tasks to make sure we are focusing on what matters most or the tasks that will have the most impact. We also learn that at times you have to take a step back to evaluate and recharge your batteries. It took me a while to realize that we have to do this in life as well. As a husband, father and friend there are always a lot of expectations concerning your time. By prioritizing based on what is truly important and taking the time on occasion to look at the bigger picture and rejuvenate yourself I believe you become a better person, husband and father.

If you had the opportunity to retire tomorrow, would you? Have you done everything in business that you’ve wanted to do so far?

In my younger days I always stated that if I won the lottery I would retire. You know, the old you work to live not live to work philosophy. I hate to go back on those words but I would not retire tomorrow, earlier yes, but not right away. Right now I am passionate about business, about internet marketing and about Identity Theft Labs, it is enjoyable, and a large part of me wants to see it through to the end. I think a large part of this is that I have set out to accomplish certain goals and have a strong desire to achieve them.