Friday, 28 February 2014

15 Hacking Tools to Start Your Journey .

nmap 

 1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
If you are thinking of checking out Nmap, but you are more of a novice, you may want to check out Zenmap. Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database. Here, we will take a brief look at some of the functionalities of the Zenmap interface.
Check out Zenmap video and instructions
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
Learn more about using Nmap Get Nmap

NessusExecutiveReport 

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
Get Nessus Here

john-ripper-39 

3. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

nikto 

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
Learn to use Nikto
Get Nikto

superscan 

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
Get SuperScan

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

p0f-fingerprinting

– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Learn how to use p0f
Get p0f

Wireshark_screenshot 

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get WireShark

yersinia 

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Get Yersinia

Eraser 

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.
putty

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
Get PuTTY
Get PuTTY Here.

11. LCP

lcp

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
Get LCP
Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

cain

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Get Cain and Abel

kismet 

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
Get Kismet
Get Kismet Here

netstumbler 

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
  • Verify that your network is set up the way you intended.
  • Find locations with poor coverage in your WLAN.
  • Detect other networks that may be causing interference on your network.
  • Detect unauthorized “rogue” access points in your workplace.
  • Help aim directional antennas for long-haul WLAN links.
  • Use it recreationally for WarDriving.
Get NetStumbler

hping 

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Thursday, 27 February 2014

Market Share of Hacking Targets .

               hacker_659px

My site is dedicated to further exploring the techniques and know-how of hacking the various operating systems and configurations a person might run into among the vast wilderness that is the internet. It has come to my attention that the following information may be of interest to my readers. Here, we will take an enlightening look at what operating systems and programs the average hacking target might be running. While you may be running the latest and greatest operating systems and apps, we can’t assume the same is true for our potential targets.
Let’s take a look at some current data on operating systems, web servers, browsers, and mobile operating systems, rather than assume that everyone is running the latest, greatest and most secure operating systems. In this way, we can get an idea of what operating systems we should focus our skills on in developing our attack scenarios.

6874.5_01C91EBC 

 

                    Desktop and Clients

  1. Windows 7 – 47.5%
  2. Windows XP – 29.2%
  3. Windows 8 – 6.6%
  4. Windows 8.1 – 3.9%
  5. Windows Vista – 3.3%
  6. Mac OS X 10.9 – 3.2%
  7. Linux – 1.6%
  8. Other Mac OS X versions – 4.5%
You might be surprised that almost 30% of all desktop systems are still running Windows XP, despite the fact that Microsoft will be discontinuing support in April 2014.

I can tell you from my experience at some major corporations and military installations that there are MANY Windows XP systems in those “secure” environments. Apparently, these institutions assume that the transition costs are greater than the potential security risk. Furthermore, Windows XP remains very popular in many developing nations and among pirated copies, which are not reflected here in these figures.

The other thing to note here is that nearly 8% of the client computers are running a version of Mac OS X. Due to a misconception perpetuated by Mac users and salespeople, many Mac users believe that their systems are impervious to hacking and viruses and as such, and a result, don’t run antivirus software or other security measures.

Web Browsers

  1. Internet Explorer 8 – 21.2%
  2. Firefox 26 – 13.4%
  3. Internet Explorer 11 – 11.5%
  4. Internet Explorer – 10 9.8%
  5. Internet Explorer – 9 8.9%
  6. Chrome 32 – 6.79%
  7. Chrome 31 – 6.62 %
  8. Internet Explorer – 6 4.5%
  9. Internet Explorer 7 – 2.5%
  10. Other – 32%
DSC7yiMNotice that the most widely used browser is still IE8, despite all its security vulnerabilities, with over 1 in 5 computers still running this browser. If we include IE6 and IE7, over 28% of computers are running these highly vulnerable browsers.

web_server-1331px 

                         Web Servers

  1. Apache – 41.6%
  2. Microsoft’s IIS – 29.4%
  3. Nginx – 14.4%
  4. GWS – 2.5%
Interestingly, despite all the security problems Apache has had recently, fewer than 1% of the busiest websites are running the newest version of Apache 2.4.x. That’s an awful lot of vulnerable web servers!

     Mobile Operating Systems (by Browsing)

  1. iOS - 54.5%os 
  2. Android – 34.6%
  3. Java ME – 4.3%
  4. Symbian – 3.4%
  5. Blackberry – 1.5%
  6. Windows Phone – 0.6%
iOS and Android comprise over 90% of all browsing by mobile devices. Obviously, that is where we should focus our attack efforts.
I hope you find this information enlightening as far as what operating systems, web servers, and browsers are being used by the general public. I feel that many of us lose sight that the rest of the world is not necessarily running the latest and most secure software.

Tuesday, 25 February 2014

INTRODUCTION TO NETWROK TOPOLOGIES .

In computer networking, topology refers to the layout of connected devices. This article introduces the standard topologies of networking.

Topology in Network Design

Think of a topology as a network's virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find a ring topology there.

Network topologies are categorized into the following basic types:

  • bus
  • ring
  • star
  • tree
  • mesh
More complex networks can be built as hybrids of two or more of the above basic topologies.

Bus Topology

Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.

Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a network bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable.

Illustration - Bus Topology Diagram

Ring Topology

In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.

To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.

Illustration - Ring Topology Diagram

Star Topology

Many home networks use the star topology. A star network features a central connection point called a "hub node" that may be a network hub, switch or router. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.

Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)

Illustration - Star Topology Diagram

Tree Topology

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the root of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.

Illustration - Tree Topology Diagram

Mesh Topology

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing.

A mesh network in which every device connects to every other is called a full mesh. As shown in the illustration below, partial mesh networks also exist in which some devices connect only indirectly to others.

Illustration - Mesh Topology Diagram

Summary

Topologies remain an important part of network design theory. You can probably build a home or small business computer network without understanding the difference between a bus design and a star design, but becoming familiar with the standard topologies gives you a better understanding of important networking concepts like hubs, broadcasts, and routes.

Monday, 17 February 2014

Postgresql in BackTrack5 and Metasploit Framework .


I have just installed the new and improved BackTrack 5 in virtualbox. As always, i made an apt-get update && apt-get dist-upgrade -y and after that a msfupdate.


I launched Metasploit framework, and was about to start postgresql when i realized that BT 5 is with MySQL. After playing around with MySQL, i decided to install and setup PostgreSQL instead. The commands i used was:

apt-get install postgresql-8.4 rubygems libpq-dev 




Monday, 10 February 2014

Hack facebook account and Gmail account .

Now in this tutorial I am going to show you how to hack facebook account using backtrack 5 With Cyber Evils. So just follow the simple steps.

Open your backtrack 5’s terminal and type cd /pentest/exploits/set

Backtrack5 1


Now Open social Engineering Tool kit (SET) ./set



Just hit ENTER and SET will Open , Now just select 1st option (1 Social-Engineering Attacks) and hit enter after that 2nd number (just type 2 as shown in snapshot)

Friday, 7 February 2014

Hack Android Phone with Metasploit AND Steal Data.


HOW TO REMOTELY STEAL DATA FROM ANDROID PHONES

A quick guide on how to steal data from an android device (smart phones, tablets etc) on your network. We will be using metasploit to launch the Android content provider file disclosure module. Next we will use ettercap to do dns spoofing through arp poisoning.
I will be giving a brief explanation on how to set up the attack as i do not have any sophisticated victim scenario set up. This will work on Android 2.2 or earlier, i have not done any test on other versions, lets see if we can get any free test subjects today. You may download the PDF version of this tutorial here.
Description
The Android content provider file disclosure module exploits a cross domain issue within the Android web browser to ex-filtrate files from a vulnerable device.
Lets Begin

1) Load up a terminal and type: msfconsole.


Tuesday, 4 February 2014

Pivot from Victim System to Owning the Network with Metasploit

How to Pivot from Victim System to Owning the Network with Metasploit

To own a network and retrieve the key data, we only need to find ONE weak link in the network. It makes little sense to beat our heads against heavily fortified systems like the file and database server when we can take advantage of the weakest link of all: Humans. (I wish the weakest link of all were Robots… maybe some other time)


cyber-attack


To own a network and retrieve the key data, we only need to find ONE weak link in the network. It makes little sense to beat our heads against heavily fortified systems like the file and database server when we can take advantage of the weakest link of all: Humans. (I wish the weakest link of all were Robots… maybe some other time)
Somewhere on the network, some clerk with little work to do and lots of time to play on the Internet can be enticed to visit our malicious website, open our malicious Word doc, or view our malicious PDF.
Once we compromise this single target on the network, we can then pivot from that single compromised system to own the network and ultimately grab the goodies on the server or database server.