Nmap using TOR

Got a good video about how to do a scanning using nmap and TOR. It increases the anonymity factor.

For further reference, refer here. Also this could be useful.

Send gmail from command prompt

Recently I was just playing with telnet, ssl etc. Reason being, learning how to check http web server on port 80 using telnet. It is a faster approach than opening a browser and type url and wait from the page to load, blah blah.... Specially when your intention is just to verify and not bothered about the content much and you are doing it frequently and multiple times.

telnet www.your_website.com 80
(Enter)
GET /index.php HTTP/1.1
host: www.your_website.com
(Enter)
(Enter)

And you should be able to see the content there in the command prompt. Then this thing came to my mind, can I also send mail or receive mail from the command prompt. Well yah, very much.... So here is how did I send mail from my gmail account:

Steps:

1. You need to get into the SMTP server via telnet if it is not encrypted, or via SSL/TLS (encrypted), gmail uses encrypted communication.

2. You need to authenticate yourself using your gmail username and password.

3. Specify the sender's and receiver's address.

4. Type in the subject and content.

5. Send it.

Generally for an unencrypted custom SMTP server, it is quite simpler and explained here.

But this uses SSL/TLS. So here is it:

1. Login to gmail smtp server

openssl s_client -crlf -connect smtp.gmail.com:465

It will reply a lot of test and at the end of it you should seee

220 mx.google.com ESMTP 14sm2559253gxk.11

220 code means OK.

2. Authenticate yourself:

You need to encrypt your username and password first:

perl -MMIME::Base64 -e 'print encode_base64("\000My_EMAIL\@DOMAIN.com\000MY_PASSWORD")'

Once you give your username and password there properly, you should get an encrypted test in response. Copy that. Go back to your SMTP server prompt and type the following:

AUTH PLAIN your_encrypted_password_from_previous_step

235 2.7.0 Accepted

3. Specify the sender's and receiver's address.

mail from:

250 2.1.0 OK 14sm2559253gxk.11

rcpt to:

250 2.1.5 OK 14sm2559253gxk.11

4. Type in the subject and content: It starts with the "data" keyword.

data

354 Go ahead 14sm2559253gxk.11

subject: test

(enter)

(enter)

hello, This is my content

5. Send it: Once you are done writing the content, type "." (dot) and it enter twice to send it accross.

.

(enter)

(enter)

250 2.0.0 OK 1267453152 14sm2559253gxk.11

The last "." in the command signifies the end of the mail and sends it across. And!!! Trinnnn, youv'e got a mail....

Spoof Mac in Mac

A MAC address is a unique identifier assigned to your network card, and some networks implement MAC address filtering as a method of security. Spoofing a MAC address can be desired for multiple reasons, and it is very easy to spoof your MAC address in both Mac OS X 10.4 and 10.5. For the purpose of this article, we are going to assume you want to spoof your Mac’s wireless MAC address. So without further ado, here’s a 3 step process on how to do it:

Retrieving your current MAC address

First, you’re going to want your current wireless MAC address so you can set it back without rebooting. Launch the Terminal and type the following command:
ifconfig en1 | grep ether
You’ll know see something like:
ether 00:12:cb:c6:24:e2
And the values after ‘ether’ makeup your current MAC address. Write this down somewhere so you don’t forget it. If you do, it’s not the end of the world, you’ll just have to reboot to reset it from a change.

Spoofing a MAC address

To spoof your MAC address, you simply set that value returned from ifconfig to another hex value in the format of aa:bb:cc:dd:ee:ff

For this example, we will set our wireless MAC address to 00:e2:e3:e4:e5:e6 by issuing the following command:
sudo ifconfig en1 ether 00:e2:e3:e4:e5:e6

The sudo command will require that you enter your root password to make the change.

Verifying the Spoofed MAC address worked

If you want to check that the spoof worked, type the same command as earlier:
ifconfig en1 | grep ether
Now you will see:
ether 00:e2:e3:e4:e5:e6
Meaning your MAC address is now the value you set it to. If you want to further verify the spoof, simply login to your wireless router and look at the ‘available devices’ (or attached devices) list, and your spoofed MAC address will be part of that list.

If you want to set your MAC address back to its real value, simply issue the above ifconfig commands with the MAC address that you retrieved in step 1. You can also reboot your Mac.

Enjoy!

Note: Reader Dee Brown points out the following, which may help with some users having difficulties: “running 10.5.6 you need to do the trick to disassociate from the network. ****DO NOT TURN AIRPORT OFF****. What you will have to do is click your airport and click join network and enter some bogus name as the network ssid. Then while it’s trying to connect click cancel.At this point you may spoof using the sudo ifconfig en1 ether command”

other reads point out that Dee Brown’s trick works in 10.5.7 and above too. Thanks Dee!

Update: If you’re still having problems with MAC address spoofing in Leopard or Snow Leopard, the above method still works but try disassociating with any wireless network BUT keep your wireless Airport on (as mentioned above) – an easy way to do this is to type the following in the command line:

airport -z

Note that you have to have the ‘airport’ command setup to work for users, you can do that by copy and pasting this command into the Mac Terminal:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

Once disassociated from the network you should be able to spoof your MAC address as usual

[Copied from http://osxdaily.com/2008/01/17/how-to-spoof-your-mac-address-in-mac-os-x/]

YAF - Yet Another Forum

I was given an opportunity to set up a technical forum where people can discuss about technical stuffs. I was looking for ways to start and obviously my first preference was something open source. Thanks to Gautam (my colleague) to introduce me to YAF - Yet Another Forum. It is a .Net based open source forum control written in C#. It is really great. It was so easy to deploy, I was amused. I just simply loved it. The source is available here and the wiki as well. The funny part is there is also a forum about "Yet Another Forum" where people discuss about it. This seems like a snake eating herself from the tail, hehe. (Bad Jokh). But the moral of the story is I am impressed with such lovely open source tool with such a huge set of features. Kudos to all who are behind its creation.