Download videos from securitytube.net
It was a Sunday morning `n i was at home. I had to get on a train back to the hostel at noon; a lot of pending work undone, i had to download those videos from www.securitytube.net pronto.
I usually download videos put up on youtube using www.keepvid.com ; its a really good site which gets the job done – nice and easy.
However, videos from securitytube could`nt be downloaded this way; so here are a couple of ways to do it(thnkx to Anirudh and ideamonk)
Method 1 :
———
Viewing the source of the page in which the video is being played, and searching for “.mp4″ gets you the actual location of the video. All you have to do is use a download manager to download from that location. I use firefox, and i used the download manager which came with the addon named “DownThemAll!” for this purpose.
Method 2 :
———
In case you are using linux, then the videos get buffered into the /tmp directory. Mostly, they`ll begin with the name “Flash” to be followed by a few other numbers and characters. Just copy them to a different location AFTER the video finishes buffering.
Hope this helps!!! 
Buffer overflows; the way i see it
Towards the beginning of this month, i was part of a team that had taken part in the CIPHER 5 capture the flag competition; due to lack of experience and preparation we had failed to fare well in it; we came out 22nd out of 32 worldwide.
However, buffer overflows was a topic i did not manage to cover fully during the preps for the competition; so i continued my work on it even after the it. My work is mainly on the Linux distro named DVL – Damn Vulnerable Linux(you mite wanna google it out if you have`nt heard of it); its a linux distro based on backtrack which has got vulnerable apps of many various kinds which are excellent for practice. It was referred to me by Marcus J. Carey, a security auditor who has helped me in numerous occasions.
Now, i don`t pretend to be an expert on buffer overflows; i`d rate myself intermediate. However, i`ll mention a few guidelines you could follow which might help you at exploiting overflows. SO, here are the references(please let me know if there are better ones)
1. Try reading `bout buffer overflows on wikipedia.
2. Video tutorials on “Assembly programming in Linux” which`ll explain the basics of memory management and assembly programming on an Intel x86 system by Vivek Ramachandran.(1-7 is enough). Neat work.
3.Video tutorials on “Exploiting buffer overflows” by Vivek Ramachandran(1-5). Neat again(but a bit slow).
4.Try reading “Smashing the Stack” ; an excellent article by aleph1 which was published in the Phrack magazine.
Now, once you are done with all that you could try out DVL(i used DVL 1.4); i`d suggest you go through the challenges in the -
/dvl/exploitmes_package_04/
directory before going through the others. After going through all the above tutorials the challenges in that directory should be a breeze.;-) However, if you still find trouble there are a nicely written tut`s in that directory itself. I strongly advice you not to go through them in the beginning.
So what am i upto now? Well, i`ll let you know when i`m done with that…
P.S. if you wanna know how to download videos from www.securitytube.net , read this.
installing google-earth on ubuntu…..
google-earth is`nt a package you`d get from the default ubuntu repository…. so you`d have to use the medibuntu repository…. in order to add the medibuntu repository, type out the following in your terminal.
1. sudo wget http://www.medibuntu.org/sources.list.d/hardy.list \ -O /etc/apt/sources.list.d/medibuntu.list
2. sudo apt-get update && sudo apt-get install medibuntu-keyring
3. sudo apt-get update
the above mentioned steps ought to update your repositories. all that`s left is a one-step-installation. Do
sudo apt-get install googleearth
using google-earth is childs play…. here`s a screenshot…
installing flash player on ubuntu 8.10
an rpm file for flash player can be obtained from their website.. however, trying to install the package using the rpm command is simply a waste of time(which i figured out the hard way;-) ). what you gotta do in order to have flash player up on your browser is convert your rpm file ino a deb file. you could do this using another package named “alien”.
to get alien – “sudo apt-get install alien” should do.
in order to convert the rpm file into a deb file do – “sudo alien -k <your-package-name>”.
and in case you dont know, installation from a deb package can be done by – “sudo dpkg -i <package-name>”.
i s`pose this should work for any other rpm package as well…. have`nt tried out converting the vmware player rpm package i downloaded recenltly.
hope this works 4 u 2…. 
Ettercap…. WOW!!!
i think the name “ettercap” SUCKS.
but that would`nt stop me from using it, would it?
Last day, i read about ARP spoofing and find out that it can be done the hard way by using just a packet sniffer like wireshark. on googling i find “ettercap”; an exceptionally great piece of work which can perform ARP spoofing, DHCP spoofing and much more….
Its got amazing plugins built into it which can range in functionality from finding out if an ARP poisoning attack was successful, to launching a DoS attack on another system in the network…
This is DEFINITELY a tool you must try out; click here to download Ettercap for linux and here to download Ettercap for Windows. `NJOI!!!
AND OH!!! ALMOST FORGOT… when you run ettercap; it`d better be with root privileges.
enumeration using nslookup …
Interaction with a DNS server can be done by using programs like dig,nslookup etc.
nslookup is a very useful tool which can be used for forwarding dns requests to and from a dns server.
I have chosen to use “checkpoint.com” as the site on which commands like nslookup can be used upon. The choice of site is based on no malicious intent. (more…)
enumeration using “whois” ….
whois is a TCP service, a tool and a database. Whois databases contain information about nameservers, registrars, and contact information. It can be used to perform different kinds of forward and reverse lookups; both of which will be explained in this article. (more…)
enumeration using netcraft …
Another online resource for information gathering is the website http://www.netcraft.com
Netcraft is an internet monitoring company which monitors uptimes and providing server OS detection. It can be used to find out information about websevers, the operating systems they use, web server version etc. Try it out, you`ll be surprised at the amount of information they provide…
You could get a better idea of the company by simply googling it or reading about it on Wikipedia.
enumeration using google….?
Google is undoubtedly the most popular search engine around. much importance is to be laid on the way in which you utilize this resource as this is often overlooked. the method by which you can make clever search queries to get information on company servers, contact numbers, files and services on a particular server and much much more is referred to as Google hacking. (more…)
