Jump to content

begood

Active Members
  • Posts

    3972
  • Joined

  • Last visited

  • Days Won

    22

Everything posted by begood

  1. Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical computer hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the CD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check and ethically hack your own network to make sure that it is secure from outside intruders. The CD includes hacking tools for DNS, reconnaissance, foot-printing (gathering information about computers on the network), password cracking, network sniffing, spoofing (or masquerading) and wireless networking utilities. Here is a list of the hacking tools you can find on the Live Hacking CD: Reconnaissance (and DNS) * Dig - DNS lookup utility * DNSMap - DNS mapping is a mechanism which allows hosts on a private LAN to use DNS Services even if the address of an actual DNS Server is unknown. * DNSTracer - Trace DNS queries to the source * DNSWalk - Checks DNS zone information using nameserver lookups * Netmask - Helps determine network masks * Relay Scanner - This program is used to test SMTP servers for Relaying problems * TCPTraceroute - Traceroute implementation using TCP packets * Firewalk - Firewalk is a network auditing tool that attempts to determine what transport protocols a given gateway will pass. Foot-printing * Amap - Performs fast and reliable application protocol detection, independent of the TCP/UDP port they are being bound to. * Curl - Get a file from an HTTP, HTTPS or FTP server * Fping - Sends ICMP ECHO_REQUEST packets to network hosts * Hping3 - Active Network Smashing Tool * HTTprint - A web server fingerprinting tool * Ike-Scan - IPsec VPN scanning, fingerprinting and testing tool * MetoScan - HTTP method scanner * Namp - The Network Mapper * Netcat - TCP/IP swiss army knife * P0f - Passive OS fingerprinting and masquerade detection utility * Zenmap - The Network Mapper Front End Password Cracking * Chntpw - NT SAM password recovery utility * Rainbowcrack – Crack LM, MD5 and SHA1 hashes * THC PPTP Bruter - A brute forcing program against PPTP VPN endpoints (TCP port 1723) * VNCrack – Crack VNC passwords * John the ripper - A fast password cracker Network Sniffing * DHCP Dump – DHCP packet dumper * Dsniff – Password sniffer * SSLDump – Dump SSL traffic on a network * Ntop – Displays top network users * Wireshark – Interactively dump and analyze network traffic Spoofing (or Masquerading) * File2cable - Sends a file as a raw ethernet frame * Netsed – Network packet streaming editor * Sing – Send ICMP Nasty Garbage packets to network hosts * TCPreplay – Replay network traffic stored in pcap files Wireless Networking Utilities * Aircrack-ng - Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. * Kismet – Wireless sniffing and monitoring * THC Leap Cracker - The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication. * WEPCrack - WEPCrack is an open source tool for breaking 802.11 WEP secret keys. * WIDZ - Wireless Intrusion Detection System * Cowpatty - Brute-force dictionary attack against WPA-PSK Miscellaneous * GDB – The GNU Debugger. * Hexdump – ASCII, decimal, hexadecimal and octal dump tool. * Hexedit – View and edit file in hexadecimal or in ASCII * Wipe – Securely erase files * Madedit -Text/Hex Editor download Download Live Hacking CD | Free Hacking & Penetration Test CD
  2. begood

    Idee noua de raid

    cine te impiedica sa discuti 3 raiduri sau n in paralel si sa executi pe rand?
  3. begood

    Idee noua de raid

    ))))))))))))))) zi-mi o alta solutie mai eficienta.
  4. begood

    Hotel626

    mi l-a trimis o fata intr-o seara...doar la inceput am avut probleme pana am inteles ce vrea de la mine.
  5. begood

    Idee noua de raid

    ar fi o idee sa te aflii intai ce tip de camere sunt. cu un binoclu s-ar rezolva problema asta (cred)
  6. Flegmaticul apreciaza partenerii de discutie care iau decizii in locul lui, il respecta si ii recunosc calitatile si ii displac cei care forteaza si asteapta prea multe de la el. partea asta e chiar pe dos.
  7. 5e8593679f05d8c119ca154a5749bb37 .:[ packet storm ]:. - http://packetstormsecurity.org/
  8. Bluetooth technology is great. No doubt. It provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires. However, despite its obvious benefits, it can also be a potential threat for the privacy and security of Bluetooth users (remember Paris Hilton?). If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them. This hack highlights the essential tools, mostly for the Linux platform, that can be used to search out and hack Bluetooth-enabled devices. Discovering Bluetooth Devices BlueScanner – BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan. BlueSniff – BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff. BTBrowser – Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 – the Java Bluetooth specification. Download BTBrowser. BTCrawler -BTCrawler is a scanner for Windows based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler. Hacking Bluetooth Devices BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger. CIHWB – Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB. Bluediving – Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving. Transient Bluetooth Environment Auditor – T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR. Bluesnarfer – Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer. BTcrack – BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack. Blooover II – Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II. BlueTest – BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest. BTAudit – BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding. What’s next? Let everyone know to disable Bluetooth until they really need it. Additionally, make sure to update your phone software on a regular basis. Tools for Hacking Bluetooth Enabled Devices | Hacking Truths //mai vechi articolul, dar bun.
  9. Ubisoft has confirmed its rights management servers were hit by a fierce DDoS attack over the weekend that left some customers unable to play its games for much of Sunday. The attack is an apparent protest at controversial new DRM controls by the video game publisher which mean customers have to be online in order to play its latest PC games such as Assassin's Creed II and Silent Hunter 5. The introduction of so-called Online Services Platform technology last month means it's impossible to play a game without an internet connection or save progress while playing a game if an internet connection is lost, as explained in a interview with Ubisoft by PC Gamer here. The controls, designed to combat piracy, have sparked much negative comment in the gamer community and apparently inspired action by hacktivists over the weekend that curtailed gameplay for some. "Apologies to anyone who couldn't play ACII or SH5 yesterday," Ubisoft said in a post. to its official Twitter account on Monday. "Servers were attacked which limited service from 2:30pm to 9pm Paris time." "95 per cent of players were not affected, but a small group of players attempting to open a game session did receive denial of service errors," it added in a later update. Meanwhile Ubisoft's much criticised controls have been broken by software hackers. A hacker group called Skid-Row managed to bypass DRM restrictions on Silent Hunter 5 less than 24 hours after the game was published. Skid Row has releasing a crack for the game based on this work, Zdnet reports. ® Ubisoft undone by anti-DRM DDoS storm ? The Register
  10. m-am uitat acum la 30 de min din The Hurt Locker. n-am putut mai mult. CE RAHAT MAI E SI ASTA? cum sa ia atatea oscar-uri ? e un film documentar prost facut de niste amatori. in ultimii ani doar filmele cu tenta politica (care convin) iau oscaruri
  11. n-am avut probleme de genul si nici nu cred ca voi avea pe viitor. De pus in practica, n-am pus, ca n-am hdd de backup doar sa testez metoda. google: "full hdd encryption" sau instaleaza direct truecrypt.
  12. exact ! la capacitati mari (>64)mai bine hdd extern
  13. interesant e ca foloseste mai putin de 128mb ram.
  14. acu il ard pe usb stick sa vad varianta live
  15. IT security company Sense of Security has discovered a serious bug in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. Discovered by the company's security consultant Brett Gervasoni, the vulnerability exists in Apache's core "mod_isapi" module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit. According to Sense of Security spokesperson Jason Edelstein, Apache is one of the most popular pieces of web server software used today and the vulnerability was one of the most significant bugs in Apache for years. "The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows," Edelstein told ZDNet.com.au. "An attacker could gain access to, modify and take away data." Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company's security advisory can be accessed here. "Whilst in the past it was more overt and attackers would deface website pages, they're more likely now to conceal their access to maintain their foothold," said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites. "The latest version is not vulnerable," said Edelstein. He added that an attacker would need a high degree of technical know-how to successfully exploit the vulnerability. "You'd need to write a piece of code, a high level piece of code, which is quite difficult to create, and find a condition in the web server," said Edelstein. "A proof of concept remote exploit has been written by Sense of Security, and it is feasible that others could write a similar exploit to completely compromise a Windows system," said Brett Gervasoni. Exploitul a aparut pe rst in aceeasi zi in care a fost publicat initial pe internet ^^ http://rstcenter.com/forum/20720-0-day-apache-version-2-2-14-mod_isapi-remote-system-exploit.rst
  16. With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released but now their authentication servers have failed so absolutely no-one who legally bought their games can play them ... oops. "At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games." One can only wonder if this utter failure will help to stem the tide of bad DRM. Slashdot Submission | DRM Fail: Ubisoft's authentication servers go down
  17. begood

    Fun stuff

    http://imgs.xkcd.com/comics/movie_narrative_charts_large.png
  18. U.S. Department of Justice (DoJ) officials are hoping that two weeks from now, hacker Albert Gonzalez will receive a record sentence for a computer intruder. Gonzalez, currently being held in Boston in the custody of the U.S. Marshals Service, is the mastermind behind a group that hacked into the networks of retailers and card processors to steal more than 170 million payment card numbers. He is involved in three pending hacking cases for which he is scheduled to be sentenced on March 18 and 19. For his hacking crimes, Gonzalez is likely to receive a record-breaking prison term, Howard Cox, assistant deputy chief, computer crime and intellectual property section of the Justice Department, said Thursday at the RSA Conference. “Two weeks ago, [Max Ray] Butler, operating out of the Bay Area got 13 years in jail,” Cox said. “That is the single largest hacking sentence in the U.S. We might be able to beat it in a few weeks.” Gonzalez faces up to 25 years in prison for stealing more than 40 million credit card numbers from TJX, which owns T.J. Maxx, Barnes & Noble, BJ's Wholesale Club, Boston Market, DSW, Forever 21, Office Max and Sports Authority. In addition, he faces up to 20 years in prison for his role in hacking into the network of Dave & Buster's restaurant chain and stealing credit and debit card numbers from at least 11 locations. As part of a third pending case, Gonzalez faces between 17 and 25 years in prison for hacking into the payment card networks of Heartland, 7-Eleven and Hannaford Bros. supermarket chain to steal more than 130 million credit and debit card numbers. His sentences will run concurrently to each other. During an RSA Conference session, Cox said it is common to believe that hackers will not be brought to justice or receive substantial sentences. That is a faulty way to think, he said. “Working cooperatively, we can successfully convict these people and get significant jail sentences,” he said. Kimberly Kiefer Peretti, senior counsel with the DoJ's computer crime and intellectual property section, who also spoke during the session, referred to another successful cybercriminal prosecution that occurred recently. Stephen Watt, 25, of New York was sentenced in late December to two years in prison and three years of supervised release for his role in the TJX hack. Watt admitted to providing Albert Gonzalez with the "sniffer" program used to hijack credit card numbers from TJX and other merchants. He additionally was ordered to pay $171.5 million in restitution, according to the U.S. attorney's office in Boston. Watt's sentence represented a significant milestone for law enforcement because his role in the crime apparently was not for profit, Kiefer Peretti said. “We need to let the hacking culture out there know – even if you are hacking for fun you will spend some time behind bars,” she said. Even with the recent successes, though, law enforcement agents face a mountain of challenges when trying to bring cybercriminals to justice, Kiefer Peretti said. Getting international cooperation, dealing with language barriers and overcoming the expense and time of investigations are some of the challenges they face. “Our most formidable challenge is getting companies here to detect they have been compromised and to immediately report it,” she said. Successful hacking prosecutions can only happen when victimized companies work with law enforcement, Kiefer Peretti said. “We are totally dependent on working with victim entities to face this challenge,” she said. RSA Conference: Gonzalez may receive largest ever U.S. hacking sentence - SC Magazine US
  19. Decernarea premiilor Oscar va avea loc in noaptea de duminica spre luni (7 martie spre 8 martie), cu incepere de la ora 3:00. AP Live Oscars Red Carpet - powered by Livestream Ce ziceti, care iese ?
  20. Traditionally botnet's have recked more havoc then good. By effectively controlling millions of unsuspecting user PC's, modern botnets have demonstrated the ability to manage a global infrastructure on an unimaginable scale. By applying the same techniques and approaches used in botnets within your computing environment you'll be capable of handling any demands placed on you or your infrastructure. This how-to article will take a closer look at using common open source components to create your very own botnet for the purposes for securing, protecting, load testing and managing your global internet infrastructure. Contents * 1 Key Components include * 2 Introduction to Botnets o 2.1 Good Vs Evil o 2.2 Darknet Vs Botnet o 2.3 Business Usages + 2.3.1 Cloud Computing + 2.3.2 Grid Computing / Computational + 2.3.3 Application / Website Scaling + 2.3.4 Load Testing + 2.3.5 Fault Tolerance * 3 How To Build a Botnet o 3.1 Difficulty Level o 3.2 What You'll Need o 3.3 1. Allocate computers / Servers o 3.4 2. Choose Operating Environment (Server Virtualization) + 3.4.1 Just enough operating system (JEOS) + 3.4.2 Server Virtualization + 3.4.3 What is Virtualization? + 3.4.4 Blue Pill Server Virtualization + 3.4.5 Enomalism Elastic Computing Platform o 3.5 3. Configure Networking + 3.5.1 OpenVPN Technical Overview o 3.6 4. Configure Command & Control + 3.6.1 eXtensible Messaging and Presence Protocol o 3.7 5. Define User Access o 3.8 6. Applications & Monitoring o 3.9 7. Auto discovery * 4 Related Reading * 5 Warnings o 5.1 With great Power comes great responsibility Build your own botnet with open source software - Wired How-To Wiki
  21. Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. Pe scurt: vine politia, introduci stickul/cd-ul cu DBAN si e RAS totul de pe toate unitatile HDD gasite pe computer. http://www.dban.org/ download : http://sourceforge.net/projects/dban/
  22. bine ai venit.
  23. SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation. ackack - A program to monitor network traffic and detect unauthorized sessions. Provides the ability to send alerts based on source and/or duration of each session, which aids in the detection of malware such as botnets and bind shells. batchyDNS - A reconnaissance tool that can quickly discover hostnames from a list of IP addresses. Deblaze - Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. Deblaze, a tool written in Python, will allow you to perform method enumeration and interrogation against flash remoting end points. The current development site for this tool is Deblaze - A remote method enumeration tool for flex servers Deface - an open-source Java Server Faces(JSF)testing tool for decoding view state and creating view state attack vectors. The tool can be used to create XSS attacks and session and application scope attacks against Apache MyFaces 1.2.8 applications. The tool has been architected to be extensible and can be modified to support other versions of Apache MyFaces and Sun Mojarra. Grendel-Scan - an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual application penetration testing. The current development site for this tool is located at Grendel-Scan VNC Authentication Scanner - A tool built using the NMAP Scripting Engine to detect VNC servers on a network with authentication set to "None". The tool will scan 1500 hosts in 90 seconds. WS-DNS-BFX - A tool to quickly extract DNS hostnames from sites that refuse DNS transfers. Utilizing a dictionary file and concurrent threads, this program can produce a list of hostnames for most domains in under a minute. Supports both IPv4 and IPv6, and includes logic to extract multiple IP addresses from sites that employ high-availability (HA) and network load balancing (NLB) technologies. https://www.trustwave.com/spiderLabs-tools.php
  24. GATA CA VA TAI pe toti sa moara mama lu vaca de vis-a-vis !
×
×
  • Create New...