วันอาทิตย์ที่ 15 มิถุนายน พ.ศ. 2557

SYN FLoODeR++ [EXE]


SYN FLoODeR++ [EXE]

in The Job

Script DoS SYN
Protocol : SYN | Timeout : 1
sock : use IO::Socket 
PeerForks : 10



Download : Click

Password : N-Cen-Dainamix 





วันพุธที่ 6 มีนาคม พ.ศ. 2556

UNetbootin USB Installer


Required Tools and Preparation

  • USB Thumbdrive (Minimum USB Drive capacity 4 GB)
  • Backtrack 5 ISO file, md5sum verified.
  • UNetbootin - A tool to transfer an iso image to a USB drive

UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. It runs on both Windows and Linux. You can either let UNetbootin download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you've already downloaded one or your preferred distribution isn't on the list. This method of getting a live install to a USB drive is the simplest available using Unetbootin. Note that we will format the USB drive and erase its contents.
Note: you can now save changes made to the system across reboots (persistence).
  • Plug in your USB Drive
  • Format the USB drive to FAT32
  • Start Unetbootin and select the "diskimage" option, choose a BackTrack 5 ISO file.
  • Select the amount of space to use for persistence in MB
  • Select your USB drive and click “OK” for creating a bootable BackTrack USB drive.
  • Once rebooted, remember that the default username and password are root / toor.

R3 unebootin live01.PNG

How to dual-boot BackTrack 5 R3 and Windows 7


Alternate titles: Dual-boot BackTrack 5 R3 and Windows 7 on a single hard disk drive; dual-booting Windows 7 and BackTrack 5 R3.
This is the just another tutorial on BackTrack 5 published on this website. You may read the previous tutorial’s on this distribution’s category 
BackTrack is a Linux distribution based on Ubuntu Desktop, but specifically designed and loaded with applications for security and penetration-testing professionals. The latest edition is BackTrack 5 R3. The R is for Revolution.
When attempting to dual-boot a Linux distribution with Windows 7 on a single hard disk drive (HDD), the most important decision you’ll have to make is where to install GRUB, the boot loader on virtually all Linux distributions. By default, the Linux distribution’s installer will want to install it in the HDD’s Master boot Record (MBR). However, doing that overwrites the Windows boot loader, so the recommended location for GRUB when dual-booting with Windows, is the boot or root partition of the Linux installation. That requires creating partitions manually, which is not a difficult task, if you have some knowledge of disk partitioning in Linux. If you don’t, guide to disks and disk partitions in Linux is a highly recommended read.
If you’ve ever attempted to dual-boot BackTrack 5 and Windows by installing the former on partitions that you created manually, you know that the installer will not allow you to install GRUB in the boot partition or any of the partitions used for BackTrack 5.
In this article, you’ll see how to install GRUB in the root partition using a backdoor method. It’s a very simple method that does not require manual disk setup for BackTrack 5. Here are the steps involved:
A. Install Windows 7: If you have an existing installation of Windows 7, then you do not have to reinstall. If you decide to reinstall, you may optionally set aside the disk space that will be used for BackTrack 5. Because this step of the installation process for the system used for this tutorial was done on real hardware, there are no images for show for this step.
B. Install BackTrack 5 R3: There is a GNOME and a KDE version of BackTrack 5. The GNOME version was used for this tutorial, but it does not really matter which version you use. You may download an installation image from here. Burn the downloaded image to a DVD. You will be using one of the installer’s automated partitioning modes to create partitions and install the system. By default, BackTrack’s installer creates two partitions. The first will be mounted at /, and the second for Swap, with GRUB installed in the MBR.
C. Install GRUB in BackTrack’s Root Partition: After the last step, this step calls for installing GRUB in BackTrack’s root partition. When this step is completed, you will have GRUB in two locations – in the MBR, and in the root partition. But this is only temporary, because in the next step, you will be wiping GRUB from the MBR.
D. Reinstall Windows Boot loader in the MBR: After the last step, boot into Windows 7 and reinstall its boot loader in the MBR.
E. Add BackTrack 5 to Windows Boot Menu: Finally, add an entry for BackTrack 5 R3 in Windows 7′s boot menu.
Now that you know what it takes, here’s a step-by-step guide on how I did it, starting from step B.
1. BackTrack 5 Partitioning Methods: Reboot the computer with BackTrack’s installation DVD in the optical drive. At the boot menu, select the default and press the Enter or Return key. By default, BackTrack doe not boot into a graphical desktop. At the command prompt, typing startx will start the GNOME or KDE desktop, depending on the version you are using.
Once in the live desktop, click on the Install BackTrack icon on the desktop to launch the installer. Then click until you get to the step shown in the image below. In the test installation used for this tutorial, I installed a fresh copy of Windows 7, leaving some unallocated space for BackTrack 5. You can see the scheme in the upper green bar. If you do not have the luxury of reinstalling Windows 7, the installer will take care of freeing up space it needs to install the system. That is the default option.BackTrack 5 Partition Methods
2. Advanced Partitioning Tool: This image is just to show the existing partitioning scheme as seen from the installer’s Advanced Partitioning Tool. You get here by selecting Specify partitions manually (advanced), then clicking Forward in the previous step. You didn’t have to come here, but if you did, click the Back button.
BackTrack 5 Advanced Partition Tool
3. Install BackTrack 5: Ok, back to this step, the best option for me was Use the largest continuous free space. By selecting that and clicking Forward, the installer took care of the rest.
BackTrack 5 R3 Partition Methods

4. Installation Summary: But before it starts the actual installation, it will let you know what it will do in the installation summary step. You can see that two partitions will be created, and because they will be created as logical partitions, the device numbers will be sda5 and sda6. The former is the root partition, while the latter is the Swap space. If you want to see where GRUB will be installed, click the Advanced button. When you’ve satisfied your curiosity, click the Install button.
BackTrack 5 Install Summary
5. Install GRUB: After the installation, and assuming it was successful, rebooting the computer will drop you into your new BackTrack 5 R3 installation. As with the live desktop, it will drop you to a console. Now, you need to login. The default username is root, and the password is toor. Once you are logged in, you may start the graphical desktop by typingstartx.
The task at this step is to install GRUB in the root partition. You need to launch a shell terminal to do that. There’s an icon for it on the top panel. If you do not remember the device number of the root partition, type df -h to see a listing of the partitions on the system. Now that you know what it is, type grub-install /dev/sda5 to install GRUB in its first sector.BackTrack 5 Install GRUB
After typing that command and pressing the Enter or Return key, the system will inform you that it’s a bad idea to install GRUB anywhere but in the MBR, and will refuse to execute the command. But you can force it. And that’s exactly what you’ll need to do.BackTrack 5 Force GRUB
6. Force-install GRUB: To install GRUB by force in the root partition, give the last command the – -force switch, so that it becomes grub-install – -force /dev/sda5.
BackTrack 5 Force Install GRUB
If executed successfully, there should be no errors, which means that you now have GRUB installed in the MBR and in the root partition of BackTrack 5. Reboot the computer. Since you are still at the command line, you can reboot by typingshutdown -r now. At the boot menu, select the Windows 7 entry to boot into Windows 7.
BackTrack 5 GRUB Installed
7. Install EasyBCD: Once in Windows 7, you now need to reinstall Windows 7′s boot loader in the MBR, which is the same thing as wiping GRUB from that location. Windows has a command-line for doing it, but EasyBCD is a free, graphical application that makes it very easy. You may download it from here. Install and start it. This is the main interface. Click the BCD Deployment tab.
BackTrack 5 EasyBCD
8. Reinstall Windows Boot Loader in the MBR: In the BCD Deployment, select the highlighted option, then click on theWrite MBR button. After this, exit EasyBCD and reboot the computer, just to make sure that you can reboot into Windows. Note: You will not be able to boot into BackTrack 5, because Windows is now in charge and its boot loader is not ware that Windows 7 is sharing the HDD with another operating system.
EasyBCD Install Windows MBR
9. Add Entry for BackTrack 5: If you managed to reboot into Windows 7, start EasyBCD again, then click on the Add New Entry tab. Select the highlighted options, then click on Add Entry.
EasyBCD Install GRUB BackTrack
10. Preview Windows 7′s Boot Menu: You can see the entries that will be in the boot menu from the Edit Boot Menu tab. You may now close EasyBCD, reboot the computer and test to see if you can boot into both operating systems.
Windows 7 Boot Menu EasyBCD
This method worked for me on first try. If you followed the steps as given in this tutorial, it should work for you too.


Facebook cookie-sniffing and MITM-attacks


So recently we’ve introduced you to Reaver, which shows that even WPA/WPA2-encrypted networks with strong passwords aren’t safe. Personally, I’m using a pretty expensive router (Linksys E3000) which I’ve configured manually – however, to my knowledge, the WPS-functionality cannot be disabled on any Linksys-routers at this time.
The WPS-vulnerability for WPA/WPA2 along with WEP being easily crackable without WPS tells us that actually most WiFi’s can be infiltrated by unwanted users. This leads us to another important question, which is what a hacker actually can do once he’s inside your network.
comaX has written a very good script for sniffing passwords which includes sslstripping the network (simply put, this makes https sites like Facebook come as http, allowing you to sniff the password unencrypted) and ARP cache poisoning (rerouting all traffic through your own computer, putting you as a man in the middle). We’ve already covered this script in a previous post.
A small issue I’ve encountered when doing MITM-attacks is that the running sessions (here we talk specifically of Facebook-sessions) are sometimes not terminated, which is essential since you need your victim to type in their passwords to be able to sniff it.
Here is what I do when using automated MITM-attacks to jump straight into the targets ongoing Facebook-sessions without them ever typing the password:
First of all, start Wireshark. If you’re using Backtrack it is already included, so just open a terminal window and type:
wireshark &
Select your interface that is connected to the network and start sniffing:
You should now be seeing packets dropping in. You can keep Wireshark listening as long as you like, but there will be many packets flooding the window so it’s useful to learn how to apply filters. For this specific task you will want to set the filter to only show http traffic and maybe only the traffic from and to the target:
The Facebook cookie will be inside a HTTP-packet and has a POST- or GET-tag in the info-field and will look something like this:
POST /ajax/growth/…/ HTTP/1.1
GET /ajax/presence/…/ HTTP/1.1
Here I’ve sniffed one of these packets from my own login:
If you find a packet that looks like this, select it, right-click and select “Follow TCP Stream”:
Here we can see the cookie:
This cookie provides us with all the information we need to log in to the Facebook account. Now we just need a cookie editor. A good one to use is the Advanced Cookie Manager Add-on for Firefox: http://addons.mozilla.org/en-US/firefox/addon/cookie-manager/
Restart Firefox and open up the Cookie Manager (the icon will be in the upper right corner)
Browse to your Facebook cookie
Now you will just have to change the values in your cookie to match the cookie you sniffed:

Make sure you filled in the values correctly (without the semi-colon). Next, open up www.facebook.com and you will be logged in to the account!
The hacker now has access to your Facebook account until you logout or the cookie expires.
The beauty of this little hack is that it is not only limited to Facebook-sessions, and can be useful in many situations when you’re sniffing traffic (not only MITM-attacks). Similar methods to the ones described here can be used on virtually any site that use cookies to manage user sessions!
—————————————————————————————————-
Enjoy your cookies!
Numbers

วันอังคารที่ 5 มีนาคม พ.ศ. 2556

Using BackTrack 5 R3 with Metasploit Community or Metasploit Pro


As of version 5 R3, BackTrack comes pre-installed with Metasploit 4.4, so it's now easier to use Metasploit Community Edition or Metasploit Pro on BackTrack. Here is how it's done:

  • After BackTrack boots, enter startx to get into the UI.
  • Install BackTrack in a virtual machine using the Install BackTrack icon in the top left corner. This is recommended so that Metasploit remembers its product key; otherwise, you would have to register Metasploit each time.
  • Log in with user root, password toor. Enter startx.
  • In the main menu, open BackTrack / Exploitation Tools / Network Exploitation Tools / Metasploit Framework and select start msfpro, which starts the service for the commercial Metasploit UI.
    backtrack5r3-metasploit-1.jpg
  • The Metasploit service is started when you see the following screen:
    backtrack5r3-metasploit-2.jpg
  • Open the Firefox browser from the Internet menu.
  • Enter the URL https://localhost:3790. Note that the connection must be https.
  • You'll see "This Connection is Untrusted". If the server cannot be reached, the Metasploit server may not be started. Please wait a few seconds and try again.
  • Since the Metasploit UI uses a user-generated, unsigned SSL certificate, Firefox complains that the connection is untrusted. Click on I understand the risksAdd Exception..., and Confirm Security Exception.
  • Metasploit is now initializing and creating the exploit database. Depending on your hardware, this may take up to 10 minutes. You may also see this screen when you launch Metasploit the second time, but the startup time should only be a couple of minutes at the most.
    backtrack5r3-metasploit-3.jpg
  • The NoScript Addon is installed by default on BackTrack and makes registration and use of Metasploit very difficult. The easiest option is to allow JavaScript globally. Click on the NoScript icon to the left of the URL field and select Allow Scripts Globally (dangerous). Confirm the popup dialogue.
    backtrack5r3-metasploit-4.jpg
  • You should also turn off the Application Boundary Enforcer since it causes some issues with the registration. Open the same NoScript menu, choose NoScript Options, choose Advanced tab, choose ABE sub-tab, and uncheck Enable ABE (Application Boundary Enforcer). Confirm the dialog with OK.
    backtrack5r3-metasploit-5.jpg
  • Enter a username and password, and click Create Account. You should now see the following screen:
    backtrack5r3-metasploit-6.jpg
  • Click on Get Product Key.
  • Choose either Metasploit Pro Trial if you want to get a test of the fully featured product, or Metasploit Community if you're working for an SMB or are a student and need a limited but free edition.
  • Complete the registration screen.
  • You're now back at this screen:
    backtrack5r3-metasploit-6.jpg
  • Within 5 minutes of completing the form, you'll receive an email with a product key. Copy it to the text field under number 2, then click Activate License. You should now see this success message:
    backtrack5r3-metasploit-7.jpg
  • Now that you've registered Metasploit, you have access to the update packages, which give you access to new features, exploits, and bug fixes. To update Metasploit, follow these steps:
  1. In the Administration menu, choose Software Updates.
  2. Click Check for Updates.
  3. Click Install.
  4. Repeat the process until the software update reports that there are no more updates available. 

Congratulations, you're good to go!