Tuesday, January 28, 2014

Out of the Frying Pan

... and into the fire. Truly, the last couple of weeks has been an interesting and grueling three weeks with regards to IT and the tools that I am learning. In today's post, I will cover three new tools that I have been using regularly for digital forensics and other IT purposes:

 1- AnyToIso
2- Netcat/Zenmap
3- Notepad++

 While these three tools do not even begin to break the professional scales of deep packet inspection, file recovery and repair, and other highly touted cyber forensic methods, they are great for getting started on a project or two. Everybody has to start somewhere!

AnyToISO

AnyToISO is a disk imaging utility that performs as the name describes- it allows you to turn any files into a .iso format image. Those images can then be used to mount onto your hard drive, be burned onto external media, or in the case of forensics, be mounted as "external media" onto victim machines. As external media is the best way to transfer tools to a victim during a forensic investigation, this tool presents an ideal way to modify your toolkit at will. 

 For example, I used this tool for a forensics lab involving a VM. Instead of having to burn and re-burn CD's containing needed tools for my forensic investigation (such as cygwin, FPort 2.0, PSTools, etc.), I was able to research new tools, add them to a directory called "IT Tools", and then convert that directory to a .iso. That .iso file was then easily mounted to the victim VM, and my tools were delivered leaving little to no footprint on the victim PC. 

 One thing that I did that made this particularly easy was leaving the AnyToISO program running on my forensic machine. Anytime I needed to add a tool, I could just overwrite the .iso that I had previously created, adding in the new tools. This was an easy and simple process, as the program keeps the last written file in memory for the destination file. 

 While this program performs a simple function, it has become invaluable to me. I would highly recommend it to anyone, forensic specialist or not. 

 To download AnyToISO straight from the source, visit http://www.crystalidea.com/anytoiso.

Netcat

Netcat is likely one of the oldest tricks in the book for others in the IT world, but for me it was one of the best kept secrets- until now. In the words of the Netcat creators, this program is, "a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities." (http://netcat.sourceforge.net/)

 For my purposes, I mainly use Netcat to send information in the command line from a victim computer to the forensic machine. That being said, Netcat can be used for good or for awesome, so feel free to play around with some of the neat features included in the prgogram. 

 One thing to remember when using Netcat is that sometimes different versions use different syntax. Just in the few weeks I have been using it, I have seen the opening command start with ncat, netcat, and nc. Don't give up on this program if getting started is getting you down!

 The main command that I use in Netcat is as follows: 

 ncat -k -v -l -p 10000 >> command.txt

 To break down this command, you have ncat which starts the program, -k which keeps this command running until you tell it to stop, -v which makes the command line verbose, -l which makes this particular port listen, and -p which opens the port, in this case 10000. Everything that is sent to this port is then concatenated into the file "command.txt".

 In order to send data over to this port, the command goes as follows: 

 ipconfig [or other command...] | ncat [ip of host] 10000 [port that was opened]

 This will send the results of whatever command is run to the host computer, into the command.txt file. You can also use Netcat to the contents of a file through the bridge, using the command "cat" before the other command, e.g. "cat password.txt | ncat 192.168.0.1 10000."

 To download Netcat, I got a suite known as "Zenmap". This suite basically is a GUI version of Nmap, which includes Netcat in the installation. It can be found here: http://nmap.org/download.html

Notepad++

As I am at risk of going waaaaaaay to long on this post, I will keep this next section brief. Notepad++ is an amazing tool for taking notes, as can be assumed. It also contains sweet plugins for writing code and formatting HTML, if that is your particular cup 'o' joe. It also has an awesome logo, amiright?

 The main reason that I use Notepad++ is for notes, but it is a way better program to use than notepad for note taking purposes. If you want to write essays, then go ahead and use Word or OpenOffice, as this isn't built to replace those programs. It does include a basic spellchecker, but the main power lies in its formatting plugins, its macro recorder, and its help tools for coding languages like php and HTML. It can even convert ASCII to Hex for you! ;)

 For a simple tool that will help you with various things, I recommend Notepad++. You can get a free download here: http://notepad-plus-plus.org/download/v6.5.3.html.
And that about does it. Hopefully next time, I will be able to pick one or two tools and elaborate a little bit more on their usefulness and/or sweet and awesome commands. Until then... 
Warning
Posted by at No comments:

Saturday, January 11, 2014

A New Beginning

I guess since this is the beginning of this blog, I should put a little introduction of who I am and what I aim to do on this public domain space. To be frank, I am being given a learning opportunity in one of my classes to share with the world what IT tools, guides, and services that I use, write, and discover during the next few months. Who knows, this blog may continue on indefinitely after that!

Aside from just mentioning guides, tools, and services, I will also likely mention pro-tools that I figure out or come across in my life. Along with being a Masters student at a prestigious private university, I am also an IT specialist at the growing company BlenderBottle. I am probably on speed dial for many of my friends if some type of computer emergency comes up.

That being said, I am still continuously learning, and hopefully on this blog and in comments, we can all learn together.


good ol nerds
Posted by at No comments:
Subscribe to: Posts (Atom)