What is steganography?Steganography is defined as the art of hiding information, data or messages in an image. The advantage of steganography is that those who are outside the party even do not realize that some sort of communication is being done.
Steganography comes in different forms:
Hidden information in Text Files
Hidden information in Image Files
Hidden information in Document Files
Hidden information in Video Files
Hidden information in Audio Files
Hidden information in E-Mails
How to Hide File behind Images
Stools
S-Tools is a steganography tool that hides files in BMP, GIF, and WAV files.
Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation. Before you activate Nessus on your BackTrack 5 installation, be certain you have installed Nessus either to the hard drive on the computer you plan to use or inside of a virtual machine that you plan to keep on the same host system. If you activate Nessus on a bootable USB thumb drive, DVD or a virtual machine and move it to a new host system, the Nessus activation code will no longer be valid.
The Nessus activation ties itself to the physical system on which it is installed. If you do decide to move the virtual machine to a new system, or jump around to different systems using a bootable USB thumb drive or DVD, you will have to re-activate Nessus. If you are using a Nessus ProfessionalFeed, you are allowed to reset your activation by clearing the current connection between a host and an activation code.
By logging into the Tenable Customer Support Portal and going to "Activation Codes", you can reset the activation code-to-host pairing. ProfessionalFeed users are currently limited to one reset every 30 days. HomeFeed users will need to re-register Nessus when moving between physical hosts.
Step 1 - Obtaining An Activation Code
Once you have Nessus installed on BackTrack 5, you will need to obtain a Nessus activation code. If you wish to purchase a ProfessionalFeed, you can visit the Tenable Store. If you are using Nessus at home or wish to evaluate Nessus, you can register a HomeFeed. It’s important to note that the HomeFeed is limited to 16 IP addresses per scan (whereas the ProfessionalFeed allows you to scan an unlimited number of IP addresses). The ProfessionalFeed also gives you access to features such as Configuration and Sensitive Data Auditing, SCADA plugins, Nessus Technical Support and access to the Tenable Customer Portal.
Step 2 - Activating Nessus
Be certain that your BackTrack 5 installation has access to the Internet and activate Nessus using your newly obtained activation code as follows:
Click for larger image
As shown above, this will also initially download the appropriate plugins based on which feed you've chosen.
A SQL Injection, is basically a code injection that exploits the area vulnerable to SQL Injection. The injected code will be exploiting the Database, to get Information. Such as Emails, Usernames, Passwords, etc.
In this Tutorial, we’ll be looking for the Admin Panel’s credentials. Keep in mind, I said Admin Panel, not control panel. While performing an SQL Injection, you may not always find what you’re looking for. Some sites have secured the important information, so that it will not be compromised so easily.
Finding a Vulnerable Site
You can find a vulnerable site using Dorks. Use google, it’s the best way. A dork is something like this
There are Hundreds of Thousands of others, and there are also some Posts about Dorks, so you could read those if you want to find a good site to exploit with SQL Injection.
TheHarvester has been developed in Python by Christian Martorella. It is a tool which provides us information of about e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key server.
This tool is designed to help the penetration tester on an earlier stage; it is an effective, simple and easy to use. The sources supported are:
Go to the Arsenal -] scanning -] web scanner -] theharvester.
In case, if it is not available in your distribution, than you can easily download it from http://code.google.com/p/theharvester/downlaod, where latest version 2.2 is available, simply download it and extract it.
Provide execute permission to the theHarvester.py by [chmod 755 theHavester.py]
After getting in to that, simply run. /theharvester, it will display version and other option that can be used with this tool with detailed description.
>The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client. We can say that Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking. So, gathering valid login names and emails are one of the most important parts for penetration testing. We can use these to profile our target, brute force authentication systems, send client-side attacks (through phishing), look through social networks for juicy info on platforms and technologies, etc.
h2>Example 1:
Command Syntax:
theHarvester -d [url] -l 300 -b [search engine name]
theHarvester -d matriux.com -l 300 -b google
In Above command:-
-d [url] will be the remote site from which you wants to fetch the juicy information.
-l will limit the search for specified number.
-b is used to specify search engine name.
From above information of email address we can identify pattern of the email addresses assigned to the employees of the organization. For example, some companies uses firstname.lastname@domain.com pattern, so that can be useful in order to brute force the account of a specific person. Host information can be useful in order to scan the specific system.
Example 2:
Search from all search engine.
Command:
theHarvester -d gtu.ac.in -l 300 -b all
This command will grab the information from multiple search engines supported by the specific version of theHarvester.
Example 3:
Save the result in HTML file. Command:
theHarvester.py -d gtu.ac.in -l 300 -b all -f hackguru
To save results in html file -f parameter is used as shown in this example.
Conclusion
theHarvester is a handy tool, which would quickly fetch the juicy information from the public resources by active or passive means.
Suggestion
Exposure of personal information is an advantage for every social engineer guy. Every information that you post on the Internet will eventually stay forever. So before you post something personal think twice if it is really necessary to allow other people to know about yourself and your activities. Also using different email addresses and usernames will make the work of social engineers much more difficult.
So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Their are lots of approaches, however here we will take a look at how to make an executable FUD using msfencode.
Requirements
Metasploit (comes on BackTrack or Kali)
Attention
We are using some harmless test files but don’t infect people with any real viruses. That would be a crime.
Purpose
Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus.
Creating a Listener
This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won’t spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:
cd msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe ls -l listen.exe
Here is a very easy tutorial on how to Extract email addresses from any site you want using metasploit. i'll not go in deep , em gona show it by step by step so then everyone can understand it easily.
start your Metasploit ...
1) First thing to do is open a msfconsole and type
This simple technique is called “Google Hacking”. We are just looking for unsecured. cameras around the world and writing a simple string on google hack into them.
Follow the steps below:
1) Choose any of these strings to enter on google
Has your company blocked access to some of your favorite websites? Can’t use Facebook, gmail, YouTube or your favorite sites ? Want to know how to unblock them?
Don't worry, here is the solution. In this article, I am going to show you, how to bypass browsing restrictions in school, colleges or offices. There are many methods to bypass or unblocked the blocked websites. I am explaining top 5 methods to show you how to bypass the blocked websites. You can visit your favorite sites using some of the techniques outlined below...
1). Using Ultrasurf:
It’s a well know proxy software. Using this, you can access various social networks like Facebook, YouTube, MySpace, Hi5, LinkedIn, Google Plus, etc, which are blocked most schools,colleges and offices.
Some of the features of UltraSurf:
It can bypass major firewalls (like WatchGuard HTTP Proxy)
It will hide your real IP.
It is portable (Yep! You don’t need to install it) .
Click on “Profile” or if you’re using the new version, click on your name.
The URL now contains something that ends with id=123456789. The number at the end is your profile ID
Example My Profile ID is
http://www.facebook.com/100000287487742
ID numbers 1-3 were tests that Mark Zuckerberg used to initially test Facebook; the profile pages no longer exist.
The first real Facebook user starts at ID #4. It belongs to — you guessed it — Mark Zuckerberg.
First 10 People To Sign Up For Facebook.
Mark Zuckerberg
Original Profile ID:http://www.facebook.com /profile.php?id=4 (IDs 1-3 may have been associated with Zuckerberg but the profile pages no longer exist).
How he knew about Facebook:Founder of Face Book
Chris Hughes
Original Profile ID: http://www.facebook.com /profile.php?id=5 How he knew about Facebook:Hughes cofounded Facebook and was college roommates with Zuckerberg.
Microsoft Windows permits users to possess checkboxes next to every of the files in Windows explorer. this will create it easier and quicker to pick out, copy, cut, and delete multiple files. Follow the below steps to enable this feature on your computer.
Open Windows Explorer by pressing the Windows Key + E.
In Windows Explorer click Tools and then Folder Options.
In Folder Options click the View tab.
In the View tab, scroll down and check the "Use check boxes to select items" option, as shown in the below picture.
Many Times We Want To Send Some Confidential Information such As Login Credentials Of Bank Accounts Or other valuable information To Anyone.Many of us are Afraid to send these kind of Information Over the Internet Because Now a days Hackers are Ruling On Cyber World.
But After My Today's Post You will Know How To Send Confidential Information securely By Protecting It With A Password By Using Lockbin.
First Of all What Is LockBin?
Lockbin is a web application For sending Private Email Messages and Files in A password Protected Environment and The best thing about this is Its Free. Smile
Did you know you can secure the information on the hard disk drives by Hiding and Locking them. In Windows, follow these steps to do that
Step 1:- Goto "Run" command box from "Start" Button or simply use "Ctrl + R" shortcut.
Step 2:- Enter "gpedit.msc" and press "Enter" or "Ok" Button.
Step 3:- By this "Group Policy" window will appear, expand all of them "User Configuration" -> "Administrator Templates" -> "Windows Component" -> Click on "Windows Explorer"
This Trick is especially for the People who always surf internet. System Users who are aware of surfing internet using browser used to type one website address in URL BAR of browser, for them who want to open multiple websites at time follow these steps.
Step 1:- Open Notepad
Step 2:- Copy and Paste the Code in Notepad.
@echo off
start http://www.facebook.com
start http://www.google.com
start http://www.twitter.com
Step 3:- Save Notepad file as "Sites.bat" (with quotes, you can save with any name but .bat extension is important) save on Desktop or save anywhere for your convenient.
Step 4:- Now just double click newly created file, as you can see three websites will open at a time.
Note:- You can add more sites by editing "Sites.bat" using Notepad.
