17 Actions for Staying Anonymous on the Internet .

Prerequisites:

• Physical: Laptop, debian or other Linux install file
• Software: gcc, g++, make, libncurses5-dev, patch, srm, tor, proxychains, ssh, pidgin, pidgin-otr, wpa_supplicant, mac-address-changer

Here, we will discuss a great number of things you can do to keep yourself as anonymous as possible. I would recommend doing these actions if you intend to keep everyone off your heals, including Big Business, Government, and otherwise. I will agree that this setup is not ideal for day to day regular computer usage, but you may want to accomplish these tasks on a PC you use to do your covert tasks.

Note:

You may be able to accomplish some of this on an apple computer running OSX as well, however I have not tested hard disk encryption & you may still be vulnerable to any new safari vulns that come out; but you should be “mostly” safe provided you do a few things covered in an upcoming tutorial next month.

1. Do not use an SSD, use a normal drive, look at raptors if you need speed
2. use/install debian, or a derivative.
3. When installing, choose to use encrypted LVM (for hard disk encryption), you will have to google the setup if you are not familiar with it, it is often used with RAID, but that is just one option. You can certainly do it with a standalone disk
4. Do not install any un-needed software or services (such as a gui) unless you absolutely have to, and in such situations, go for the most minimal install. Examples of lightweight gui’s: xfce, fluxbox, enlightenment 
5. If you can, build a custom kernal that only has the modules you need for your system. Use a custom kernel to keep your box secure (don’t forget to turn on grsec after installing).
6. Make sure your system is secure & has no services turned on or accessible from the outside.
7. Use TOR, you can view some examples here but because the tutorial was written for a different linux distro you may have to do some googling or ask questions here to avoid the dns caching issue.
8. Route connections and traffic through tor or other servers using ssh or proxychains, or your favorite software for doing so.
9. Preferably, use open access wifi networks to hide tracks (if you are worried about developing a pattern you need to have a script which will change your laptops mac address & hostname each bootup) ***hint*** the farther you can be from the wifi access points (bigger antenna) the better.
10. Only talk online using encrypted forms of communication such as: pidgin+OTR or apple’s adium which has encryption builtin.
11. Use IPtables for blocking questionable IP addresses/IP ranges that you don’t want hitting/talking to your box.
12. Use an encrypted email service such as hushmail, but definitely not yahoo or msn.
13. Use pgp.
14. If you don’t like using lynx as a web browser and have to install a gui & decide to install mozilla or something as a browser, you should use something that blocks bad scripts such as noscript. Granted if you are worried about anonymity you shouldn’t also be worried about seeing the latest youtube video & shouldn’t have things like java installed, but noscript will help to block some of the adware. While the majority of the ads & malicious code is written for windows, it should help keep your box safer.
15. Do not use the same alias for everything! Use different aliases for different things such as email, instant messaging, irc, etc… & do not tie them together by listing them as info for each other. (You may end up having a ton of accounts to keep things separate, but it’s the best way)
16. You may also want to look into removing yourself from various websites to include background information sites. We have talked about this in different forums & here are some links to help:
    Removal Link #1
    Removal Link #2
17. Should you for any reason ever need to destroy anything, linux’s SRM is the preferred method, as well as dban, both of those provide good software deletion capabilities but can take a while. Physical destruction of the ram first then the hard drive is an option too.

So, there it is folks… Just a thrown together list. Please add additional comments below to help others with methods and actions that I have not mentioned. Stay tuned in the future for more about anonymity.

How to Hack: Disable Antivirus on a Remote Computer .

If you have been following the site, you know that I have highlighted a number of ways to gain access to a remote computer with rootkits and listeners, buffer overflows of the operating system, getting the victim to click on a link to our malicious website, and sending a malicious Microsoft Office and Adobe Acrobat file.

In each case, we’ve embedded a listener/rootkit that gives us control over the system. Metasploit has a powerful listener called Meterpreter that enables us to control the system, send more commands, pivot from the victim to other systems, elevate our privileges, and many other things.
Today, we will focus on how to use the Meterpreter to disable the antivirus protection on the victim system, which is more advanced than simply bypassing the antivirus program, as I wrote about last time.
Disabling is necessary because the next time the system is scanned by the victim’s antivirus software, it’s likely to detect our listener and disable it. We need to take preemptive action to disable it before it can disable us.

So…fire up Metasploit and let’s get cracka-lacka-hacking!

Step 1: Getting Started

I’m assuming you have already embedded your Meterpreter listener by one of the many methods I’ve outlined in my earlier posts, and that you have a Meterpreter prompt as it appears in the screenshot below.



Before we can begin to kill the AV software, we need to escalate our privileges.

Usually, when we embed a listener on the victim’s system, the listener will only have the privileges of the user who provided us with a gateway to their system by clicking on the malicious website, Office doc, Abobe PDF, etc.
That user most often has limited rights or privileges to the system. Unlimited rights to do anything on the system is held by the administrator or system administrator (or sysadmin for short).
We need to escalate our privileges from the user to sysadmin to have our way with this computer.

Step 2: Checking the User

Before we start the process of escalation, let’s check what user we are logged in as. Type:

meterpreter > getuid

This will return the ID of the user we are logged in as. If we are anything but the sysadmin, we’ll need to escalate to kill the antivirus software.

Step 3: Escalate Privileges

Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin. Simply type getsystem at the Meterpreter prompt.

meterpreter > getsystem

Notice that Metasploit responds with “…got system (with technique 1)”. Metasploit has multiple methods to escalate privileges and it tries each of them out until one works.
In our case, it was successful with technique 1.

Step 4: Check That We Are Sysadmin

Now that Metasploit has told us that it has escalated our privileges to sysadmin, let’s make sure. Type:

meterpreter > getuid

As you can see in my screenshot above, the victim responds with NT AUTHORITY\SYSTEM, the syadmin user!
Congratulations! You can now have your way with this victim.

Step 5: Kill the AntiVirus Software

Now that we have unlimited rights to this system, let’s kill the antivirus software. Metasploit has a Ruby script called killav.rb. We simply run that script from the Meterpreter prompt and it will kill the system’s antivirus software.
Make certain to start the script with the keyword run. Type:

meterpreter > run killav.rb

Notice from the screenshot above that the killav.rb script not only killed the antivirus process, but also the open command prompt.



Now that we have killed the antivirus process, we can remain hidden within their system and do as we please with little or no chance of being detected.
Stay tuned to the website for upcoming adventures in Hacking and Penetration Testing!

Useful Linux WiFi Commands .

 

NOTE: NOT ALL CARDS/FIRMWARE SUPPORT ALL OF THE COMMANDS LISTED BELOW.
Note: To connect your Linux machine to a WLAN using WPA, WPA2 or 802.1X you will need to use WPA Supplicant

Connecting to an OPEN / WEP WLAN (DHCP)

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

1. iwconfig [interface] mode managed key [WEP key] (128 bit WEP use 26 hex characters, 64 bit WEP uses 10)
2. iwconfig [Interface] essid “[ESSID]“ (Specify ESSID for the WLAN)
3. dhclient [interface] (to receive an IP address, netmask, DNS server and default gateway from the Access Point)
4. ping www.bbc.co.uk (if you receive a reply you have access)

Connecting to an OPEN / WEP WLAN (Manual IP Setup)

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.) It may be necessary to run some packet capture software (e.g. Ethereal) to determine the IP addresses of both the Default Gateway and DNS servers.

1. iwconfig [interface] mode managed key [WEP key] (128 bit WEP use 26 hex characters, 64 bit WEP uses 10)
2. iwconfig [interface] essid “[ESSID]“
3. ifconfig [interface] [IP address] netmask [subnetmask]
4. route add default gw [IP of default gateway] (Configure your default gateway; usually the IP of the Access Point)
5. echo nameserver [IP address of DNS server] >> /etc/resolve.conf (Configure your DNS server)
6. ping www.bbc.co.uk (if you receive a reply you have access)

iwconfig Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

• iwconfig [interface] mode master (set the card to act as an access point mode)
• iwconfig [interface] mode managed (set card to client mode on a network with an access point)
• iwconfig [interface] mode ad-hoc (set card to peer to peer networking or no access point mode)
• iwconfig [interface] mode monitor (set card to RFMON mode our favourite)
• iwconfig [interface] essid any (with some cards you may disable the ESSID checking)
• iwconfig [interface] essid “your ssid_here” (configure ESSID for network)
• iwconfig [interface] key 1111-1111-1111-1111 (set 128 bit WEP key)
• iwconfig [interface] key 11111111 (set 64 bit WEP key)
• iwconfig [interface] key s:mykey (set key as an ASCII string)
• iwconfig [interface] key off (disable WEP key)
• iwconfig [interface] key open (sets open mode, no authentication is used and card may accept non-encrypted sessions)
• iwconfig [interface] channel [channel no.] (set a channel 1-14)
• iwconfig [interface] channel auto (automatic channel selection)
• iwconfig [interface] freq 2.422G (channels can also be specified in GHz)
• iwconfig [interface] ap 11:11:11:11:11:11 (Force card to register AP address)
• iwconfig [interface] rate 11M (card will use the rate specified)
• iwconfig [interface] rate auto (select automatic rate)
• iwconfig [interface] rate auto 5.5M (card will use the rate specified and any rate below as required)

ifconfig Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)
ifconfig [interface] up (bring up specified interface)
ifconfig [interface] down (take down specified interface)
ifconfig [interface] [IP address] netmask [subnet-mask] (manually set IP and subnet-mask details)
ifconfig [interface] hw ether [MAC] (Change the wireless cards MAC address, specify in format 11:11:11:11:11:11)

iwpriv Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.)

• iwpriv [interface] hostapd 1 (used to set card mode to hostapd e.g. for void11)

When the monitor mode patch is installed as per the Wireless Build HOWTO the following commands may be used to set the card into monitor mode.

• iwpriv [interface] monitor [A] [B]
  • [A]
    • 0 = disable monitor mode
    • 1 = enable monitor mode with Prism2 header
    • 2 = enable monitor mode with no Prism2
  • [B]
    • Channel to monitor (1-14)

iwlist Commands

Note: replace [interface] with your interface name as required (e.g. eth1, wlan0, ath0 etc.) iwlist is used to display some large chunk of information from a wireless network interface that is not displayed by iwconfig.

• iwlist [interface] scan (Give the list of Access Points and Ad-Hoc cells in range (ESSID, Quality, Frequency, Mode etc.) Note: In tests only worked with Atheros cards).
• iwlist [interface] channel (Give the list of available frequencies in the device and the number of channels).
• iwlist [interface] rate (List the bit-rates supported by the device).
• iwlist [interface] key (List the encryption key sizes supported and display all the encryption keys available in the device).
• iwlist [interface] power (List the various Power Management attributes and modes of the device).
• iwlist [interface] txpower (List the various Transmit Power available on the device).
• iwlist [interface] retry (List the transmit retry limits and retry lifetime on the device).
• iwlist [interface] ap (Give the list of Access Points in range, and optionally the quality of link to them. Deprecated in favour of scan)
• iwlist [interface] peers (Give the list of Peers associated/registered with this card).
• iwlist [interface] event (List the wireless events supported by this card).

Madwifi-ng Commands

MADWiFi supports virtual access points (VAPS), which means you can create more than one wireless device per wireless card (the host wireless card = wifi0).
By default, a sta mode VAP is created by, which is MadWifi talk for a ‘managed mode wireless interface’.
Note: replace athx with your interface name as required (e.g. ath0, ath1)

• wlanconfig athx destroy (Destroy VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode sta (Create a managed mode VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode ap (Create an Access Point VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode adhoc (Create an Ad-Hoc VAP, athx)
• wlanconfig athx create wlandev wifi0 wlanmode monitor (Create a Monitor mode VAP, athx)
• Changing modes:
  • ifconfig athx down (Take the VAP down)
  • wlanconfig athx destroy (Destroy the VAP, athx)
  • wlanconfig athx create wlandev wifi0 wlanmode [sta|adhoc|ap|monitor] (Create a new sta, adhoc, ap or monitor VAP)
• Scan for Access Points (requires both steps):
  • modprobe wlan_scan_sta (To insert the scanning module)
  • wlanconfig athx list scan (To list the APs)

John the Ripper Basics Tutorial .

I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I won’t go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).

The Process

• Step 1: Download John the Ripper.

• Step 2: Extract JTR. In windows use winzip. In unix type:

tar -xzf john-1.6.tar.gz

• Step 3: In windows open the command prompt. Go to the Start menu, click Run, type ‘command‘ (no quotes) and press enter.

You with me? Good. Go to whatever directory to have JTR in. Type ‘john‘ and press enter. A whole list of options will come up:

John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer

Usage: /WINDOWS/DESKTOP/JTR/JOHN-16/RUN/john [OPTIONS] [PASSWORD-FILES]

-single “single crack” mode

-wordfile:FILE -stdin wordlist mode, read words from FILE or stdin

-rules enable rules for wordlist mode

-incremental[:MODE] incremental mode [using section MODE]

-external:MODE external mode or word filter

-stdout[:LENGTH] no cracking, just write words to stdout

-restore[:FILE] restore an interrupted session [from FILE]

-session:FILE set session file name to FILE

-status[:FILE] print status of a session [from FILE]

-makechars:FILE make a charset, FILE will be overwritten

-show show cracked passwords

-test perform a benchmark

-users:[-]LOGIN|UID[,..] load this (these) user(s) only

-groups:[-]GID[,..] load users of this (these) group(s) only

-shells:[-]SHELL[,..] load users with this (these) shell(s) only

-salts:[-]COUNT load salts with at least COUNT passwords only

-format:NAME force ciphertext format NAME

(DES/BSDI/MD5/BF/AFS/LM)

-savemem:LEVEL enable memory saving, at LEVEL 1..3

You wont need most of these options. In fact, you don’t really need any of these options. You can simply type ‘john filename.txt‘. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you’re an impatient ass you can use a word list. This is not as effective but it’s quicker (more on that later).
How to make a crackable file: Let’s say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like this:

User:gyuJo098KkLy9

Save the file as crackme.txt (just an example) and go to the prompt and type ‘john crackme.txt’ (no quotes obviously). Now you just have to wait.

Options

Here are a list of the options and what they do.

single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.
Usage:

john -single crackme.txt

wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don’t recommend this because it doesn’t always find a match. More notes on wordlists below.
Usage:

john -wordfile:password.lst crackme.txt

rules: Lets you define the rules for using wordlists. I don’t use wordlists, so if you want to use this option I wont help you. Ok, ok, I’m just lazy. Shoot me.

incremental: I like this method. It allows you to do a bruteforce attackunder certain modes.
Usage:

john -incremental:alpha crackme.txt
(only letters)
john -incremental:digits crackme.txt
(only numbers)
john -incremental:lanman crackme.txt
(letters, numbers, and some special characters)
john -incremental:all crackme.txt
(all characters)

external: This is a little complicated, so if you are lame don’t mess with it. Basically this calls the options that are defined in the configuration settings. You can change these yourself, but I wouldn’t recommend it unless you know what you’re doing. No, I wont tell you how, go away.
Usage:

john -external:[MODE] crackme.txt

(replace MODE with whatever the name of your mode is).


restore: Ok, let’s say that you need to stop the crack in the middle. Press crtl+break. A file will be created in the JTR directory named ‘restore’ (no quotes doofus, and yes, no file extention). You can start the crack back up from that restore point. If you used the-session option you probably have a different filename.
Usage:

john -restore:restore

session: Use this if you know that you will have to stop JTR in the middle of a crack. It allows you to create a new file that holds the data of your session. You can then restore your session later.
Usage:

john -session:[save to filename] crackme.txt

status: Shows how far you got before stoping a crack (provided you used the -session option).
Usage:

john -status:[filename]

show: Shows how many passwords have been cracked in a file and how many are left.
Usage:

john -show crackme.txt

 

test: Shows how fast JTR will work on your computer.

Usage:

john -test

users: Cracks the password only for the user or users you tell it to.
Usage:

john -users:User crackme.txt

groups: Cracks the passwords only for the group or groups you tell it to.
Usage:

john -group:lamers crackme.txt

shells: Cracks the passwords only for the shell or shells you tell it to.
Usage:

john -shells:shelly crackme.txt

salts: Cracks the salts that have at least the number of passwords you specify.
Usage:

john -salts:2 crackme.txt

format: JTR can decrypt many from many different formats, not just DES (but this is the most widely used one). Use this to force JTR to try a certain format.
Usage:

john -format:DES crackme.txt (force DES)
john -format:BSDI crackme.txt (force BSDI)
john -format:MD5 crackme.txt (force MD5)
john -format:BF crackme.txt (force BF)
john -format:AFS crackme.txt (force AFS)
john -format:LM crackme.txt (force LM)

savemem: this tells JTR to automatically save your process at whatever level you specify from one to three.
Usage:

john -savemem:1 crackme.txt (save at level 1)
john -savemem:2 crackme.txt (save at level 2)
john -savemem:3 crackme.txt (save at level 3)

How to use a wordlist with JTR: I’ll assume you already have a wordlist in the JTR directory (it comes with password.lst, if you want to make your own I’ll tell you how later). Go to the prompt and type ‘john -wordfile:password.lst crackme.txt’ (no quotes, damnit). If the password is in the wordlist, it will work. Otherwise, you deserve it for using a wordlist when you have bruteforce capabilities, shame on you.
How to create a wordlist to use with JTR: First I will include a few lines of the wordlist supplied with JTR:

12345
abc123
password
passwd
123456

These lines are passwords that the program will try when you use the wordlist. Put each password on a new line. In the event that you are too lazy to write your own wordlist you can download one (Here is my post with links to wordlists). It may or may not already be the right file format (.lst). If it isn’t, just go to the prompt. Assuming the filename is lazy.txt, type ‘rename lazy.txt lazy.lst‘
Piping Output: Remember the -show option? You can get JTR to save that output to a file. Just type ‘john -show crackme.txt > crackinfo.txt‘

 

 FAQs:

• Q: Can I mix options?
  A: Yes, certain options can be mixed. You can mix options as long asthey don’t clash. Play around with it a while.
• Q: What does “Loaded 0 passwords” mean?
  A: There was a problem with either your password file or the syntax of your command. If you force BF decryption when your file has DES encryption it wont work. If your password file isn’t made right it wont work.
• Q: What does “Password files required, but none specified” mean?
  A: Can you read? You can’t just tell JTR to crack, you need to give it a file.
• Q: What does “Unknown cyphertext format name requested” mean?
  A: When you use the -format option you need to check that you typed the name of the format correctly.
• Q: How come when I typed ‘john -users: login|uid crackme.txt’ (which by the way is the usage shown in the list of option by JTR) I received this error:
  Option requires a parameter: “-users:”
  Bad command or file name
  A: The piping symbol you used (|) can mean two different things. In this case in means ‘or’. You’re supposed to use login OR uid. When you type it in a dos window, you are running two separate commands.
• Q: Can I speed up the bruteforce?
  A: Sure, just toss that old ass box of yours and get a new one.

15 Hacking Tools to Start Your Journey .

 

 1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
If you are thinking of checking out Nmap, but you are more of a novice, you may want to check out Zenmap. Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database. Here, we will take a brief look at some of the functionalities of the Zenmap interface.
Check out Zenmap video and instructions
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
Learn more about using Nmap Get Nmap

 

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
Get Nessus Here

 

3. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

 

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).
Learn to use Nikto
Get Nikto

 

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
Get SuperScan

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:



– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Learn how to use p0f
Get p0f

 

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get WireShark

 

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Get Yersinia

 

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.


Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.
Get PuTTY
Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
Get LCP
Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.



Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Get Cain and Abel

 

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
Get Kismet
Get Kismet Here

 

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

• Verify that your network is set up the way you intended.
• Find locations with poor coverage in your WLAN.
• Detect other networks that may be causing interference on your network.
• Detect unauthorized “rogue” access points in your workplace.
• Help aim directional antennas for long-haul WLAN links.
• Use it recreationally for WarDriving.

Get NetStumbler

 

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Market Share of Hacking Targets .

              

My site is dedicated to further exploring the techniques and know-how of hacking the various operating systems and configurations a person might run into among the vast wilderness that is the internet. It has come to my attention that the following information may be of interest to my readers. Here, we will take an enlightening look at what operating systems and programs the average hacking target might be running. While you may be running the latest and greatest operating systems and apps, we can’t assume the same is true for our potential targets.
Let’s take a look at some current data on operating systems, web servers, browsers, and mobile operating systems, rather than assume that everyone is running the latest, greatest and most secure operating systems. In this way, we can get an idea of what operating systems we should focus our skills on in developing our attack scenarios.

 

 

                    Desktop and Clients

1. Windows 7 – 47.5%
2. Windows XP – 29.2%
3. Windows 8 – 6.6%
4. Windows 8.1 – 3.9%
5. Windows Vista – 3.3%
6. Mac OS X 10.9 – 3.2%
7. Linux – 1.6%
8. Other Mac OS X versions – 4.5%

You might be surprised that almost 30% of all desktop systems are still running Windows XP, despite the fact that Microsoft will be discontinuing support in April 2014.

I can tell you from my experience at some major corporations and military installations that there are MANY Windows XP systems in those “secure” environments. Apparently, these institutions assume that the transition costs are greater than the potential security risk. Furthermore, Windows XP remains very popular in many developing nations and among pirated copies, which are not reflected here in these figures.

The other thing to note here is that nearly 8% of the client computers are running a version of Mac OS X. Due to a misconception perpetuated by Mac users and salespeople, many Mac users believe that their systems are impervious to hacking and viruses and as such, and a result, don’t run antivirus software or other security measures.

Web Browsers

1. Internet Explorer 8 – 21.2%
2. Firefox 26 – 13.4%
3. Internet Explorer 11 – 11.5%
4. Internet Explorer – 10 9.8%
5. Internet Explorer – 9 8.9%
6. Chrome 32 – 6.79%
7. Chrome 31 – 6.62 %
8. Internet Explorer – 6 4.5%
9. Internet Explorer 7 – 2.5%
10. Other – 32%

Notice that the most widely used browser is still IE8, despite all its security vulnerabilities, with over 1 in 5 computers still running this browser. If we include IE6 and IE7, over 28% of computers are running these highly vulnerable browsers.

 

                         Web Servers

1. Apache – 41.6%
2. Microsoft’s IIS – 29.4%
3. Nginx – 14.4%
4. GWS – 2.5%

Interestingly, despite all the security problems Apache has had recently, fewer than 1% of the busiest websites are running the newest version of Apache 2.4.x. That’s an awful lot of vulnerable web servers!

     Mobile Operating Systems (by Browsing)

1. iOS - 54.5% 
2. Android – 34.6%
3. Java ME – 4.3%
4. Symbian – 3.4%
5. Blackberry – 1.5%
6. Windows Phone – 0.6%

iOS and Android comprise over 90% of all browsing by mobile devices. Obviously, that is where we should focus our attack efforts.
I hope you find this information enlightening as far as what operating systems, web servers, and browsers are being used by the general public. I feel that many of us lose sight that the rest of the world is not necessarily running the latest and most secure software.

INTRODUCTION TO NETWROK TOPOLOGIES .

In computer networking, topology refers to the layout of connected devices. This article introduces the standard topologies of networking.

Topology in Network Design

Think of a topology as a network's virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find a ring topology there.

Network topologies are categorized into the following basic types:

• bus
• ring
• star
• tree
• mesh

More complex networks can be built as hybrids of two or more of the above basic topologies.

Bus Topology

Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.

Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a network bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable.

Illustration - Bus Topology Diagram

Ring Topology

In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.

To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.

Illustration - Ring Topology Diagram

Star Topology

Many home networks use the star topology. A star network features a central connection point called a "hub node" that may be a network hub, switch or router. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.

Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)

Illustration - Star Topology Diagram

Tree Topology

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the root of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.

Illustration - Tree Topology Diagram

Mesh Topology

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing.

A mesh network in which every device connects to every other is called a full mesh. As shown in the illustration below, partial mesh networks also exist in which some devices connect only indirectly to others.

Illustration - Mesh Topology Diagram

Summary

Topologies remain an important part of network design theory. You can probably build a home or small business computer network without understanding the difference between a bus design and a star design, but becoming familiar with the standard topologies gives you a better understanding of important networking concepts like hubs, broadcasts, and routes.