| Filename | |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 12:07 |
| Label | hack |
| Action |
BLOG BARU SIAP !
KEKEKEKE XD
.jpg)
| name | author | perms | com | modified | label |
| Jumping Server | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 10:37 | hack |
| Filename | Jumping Server |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 10:37 |
| Label | hack |
| Action |
Requirements -
Shelled Website
Download Jumping.zip -
http://adf.ly/6EYbJ
Step By Step Guide -
Download & Upload you Jumping.zip file to your shell .
After uploading your jumping.zip file , now you have to extract it . so to extract it we will go to execute option & write the following command - " unzip Jumping.zip" (without quotes ) .
Once we have unzipped our files in the public_html dir ,then we can access them by going to www.hackedsite.com/jumping .
So after once you have opened it , now you have to open barc0de mini.php file . The barcode mini.php shell is a 404 Private shell . when you open it it will show like 404 not found , but actually there is a place to enter password . After you enter your password you will be prompted inside . So the password for this shell is Hackers .
Now you after to open jump.php . It will scan for all readable directories on the server & after the scanning is done , you can see the readable directories there as shown in the image below .
So once you have got the list of the readable directories , then you have to run the scan.php it will scan scan for config & other files in that directory .
So finally you got the list of all the readable directories & files . so accordingly you can deface the site by going to the particular directory & changing the index page .
Hope you all Liked the Tutorial !
| Jom Upload Shell In Joomla ! | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 05:20 | hack |
| Filename | Jom Upload Shell In Joomla ! |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 05:20 |
| Label | hack |
| Action |
Let kick some ass !
1- You suppose to have wordpress accout . Whether hack it or your own website( that would the idiot only ) .
Login into the account !
2. Once you Login you see the below screen.
3. Then look for Extensions and in that Template Manager.
4. Once you click on that you will see all the templates installed on that site.
5. See the marking in red it has the star. It means its the default template used by the sites currently. Select any of the template like it did beez in green.
6. Once you click on beez you will see the following screen. now just click on edit html
8. Once you click on edit html you will see the following screen
see the red part /templates/beez/index.php that is the path of your shell
9. Now just paste your shell code over their and save it
10. Once you click on save. it will take you to page were it will show you Template source saved. you work is done
Once that is done you can access your shell. Path of the shell would be
www.site.com/templates/beez/index.php
Get it ?
| BackTrack - Penetration Testing Distribution Setting Part III | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 02:03 | hack |
| Filename | BackTrack - Penetration Testing Distribution Setting Part III |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 02:03 |
| Label | hack |
| Action |
Tested and working cards
We were able to test the following cards. Note that "passed" means "passed an aireplay -9" injection test. We will be expanding on this list as more feedback domes form the community. From our testing we found that most major chipsets were supported, as well as the most common cards.
- AWUS036H (rtl8187, r8187) - both mac80211 and IEEE drivers - passed
- AWUS036NH (Ralink RT2870/3070) - using the mac80211 rt2x00usb drivers - passed
- BCM4312 802.11b/g LP-PHY (rev 01) - using the mac80211 b43, works well - passed
- Rockland N3 - (Ralink RT2870/3070) - using the mac80211 rt2x00usb drivers - passed
- Edimax EW-7318USG USB - (Ralink RT2501/RT2573) - using the mac80211 rt2500usb/rt73usb drivers - passed
- ASUSTek Computer, Inc. RT2573 - using the mac80211 rt2500usb/rt73usb drivers- passed
- Linksys WUSB54GC ver 3 - using the mac80211 rt2800usb drivers - passed
- Ubiquiti SRC - using the mac80211 ath9k drivers- passed
- Internal Intel Corporation PRO/Wireless 3945ABG - using the mac80211 iwl3945 drivers- passed
- Dlink WNA-2330 PCMCIA - using the mac80211 ath5k drivers- passed
- Atheros Communications Inc. AR9285 Wireless Network Adapter (PCI-Express) (rev 01) - using the mac80211 ath9k drivers- passed
- Netgear wg111v2 - using the mac80211 rtl8187 drivers- passed
- ZyXEL AG-225H v2 - using the mac80211 zd1211 drivers - passed
- Intel 4956/5xxx - using the iwlagn drivers - passed
Working, without injection
- Broadcom Corporation BCM4321 802.11a/b/g/n (rev 03)
- Broadcom Corporation BCM4322 802.11a/b/g/n Wireless LAN Controller (rev 01)
NON working cards
- D-Link DWL-122 - using the mac80211 prism2_usb drivers - fail
- Linksys WUSB600N v2 - using the mac80211 rt2800usb drivers - fail
- AWUS051NH - fail
Advanced Corner
Getting Cuda working on Backtrack 4
BackTrack includes many tools which utilize the power of graphics cards to greatly improve perfor- mance. This section will help you get your environment set up to use these tools and also to set up a development environment to make your own tools.
Check http://en.wikipedia.org/wiki/CUDA to see if your video card is capable of running CUDA applications
Installing the Nvidia Drivers
Installing the driver is now easier than ever. We use the installer from the nvidia web site and do not alter the install in any way. This means no matter which kernel version you are running on backtrack the nvidia-driver package should work. Note: Be sure to log out of X before installing the driver or it will fail
root@bt:~# apt-get install nvidia-driver
Simply follow the prompts and choose the defaults and you should be fine. Since every system is different there are 2 ways to get your xorg.conf working on backtrack.
Method 1: The installer attempts to do this method but in some cases its needed to do it manually. Log out of the X server.
root@bt:~# Xorg -configure
root@bt:~# cp /root/xorg.conf.new /etc/X11/xorg.conf
root@bt:~# startx
Method 2: Nvidia bundles a config tool with their install which may work better for you that the Xorg tools. Log out of the X server
root@bt:~# nvidia-xconfig
root@bt:~# startx
Installing the CUDA Toolkit
The toolkit contains the nvcc compiler and all the libraries needed to build any GPU based app- lications from source. The toolkit is also needed if you are planning on developing any of your own applications.
root@bt:~# apt-get install cuda-toolkit
The default install is /opt/cuda. Note: The toolkit is designed to be installed as root. If you want to install it as another user you will need to add the following lines to the users .bashrc file.
PATH=$PATH:/usr/local/cuda/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda/lib
export PATH
export LD_LIBRARY_PATH
Installing the Nvidia SDK
You no longer package the cuda code samples in our repositories due to the size the package has become. The code samples are extremely useful though if you are interested in cuda development. Getting it installed on backtrack is fairly simple.
root@bt:~# wget http://developer.download.nvidia.com/compute/cuda/3_1/sdk/gpu-computingsdk_3.1_linux.run
root@bt:~# chmod 755 gpucomputingsdk_3.1_linux.run
root@bt:~# ./gpucomputingsdk_3.1_linux.run
The only thing I change aside from the default choices is the place where the NVIDIA_SDK is installed. On backtrack you install to /opt. you have to instruct the installer to install to /opt/cuda/ so that my code samples are inside my cuda directory.
Getting up and running with Pyrit
Pyrit is included in the backtrack iso but in order to use it with cuda you will need to install the cuda kernel module. This is part of the cpyrit package. Installation is fairly straight forward:
root@bt:~# apt-get install cpyrit-cuda
You can check if your GPU is being recognized with the following command:
root@bt:~# pyrit list_cores
Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com. This code is distributed under the GNU General Public License v3+.
The following cores seem available...
#1: 'CUDA-Device #1 'GeForce GTX 295
#2: 'CUDA-Device #2 'GeForce GTX 295
#3: 'CUDA-Device #3 'GeForce GTX 295
#4: 'CUDA-Device #4 'GeForce GTX 295
#5: 'CUDA-Device #5 'GeForce GTX 295
#6: 'CUDA-Device #6 'GeForce GTX 295
#8: 'CUDA-Device #8 'GeForce GTX 295
You can then run a benchmark to see how many keys per second your system in capable of:
root@bt:~# pyrit benchmark
Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com. This code is distributed under the GNU General Public License v3+. Running benchmark (97384.8 PMKs/s)... |
Computed 97384.83 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 295: 11520.5 PMKs/s (RTT 2.9)
#2: 'CUDA-Device #2 'GeForce GTX 295: 11274.3 PMKs/s (RTT 2.9)
#3: 'CUDA-Device #3 'GeForce GTX 295: 10439.3 PMKs/s (RTT 2.9)
#4: 'CUDA-Device #4 'GeForce GTX 295: 11095.7 PMKs/s (RTT 2.9)
#5: 'CUDA-Device #5 'GeForce GTX 295: 10564.8 PMKs/s (RTT 2.6)
#6: 'CUDA-Device #6 'GeForce GTX 295: 10533.7 PMKs/s (RTT 2.9)
#7: 'CUDA-Device #7 'GeForce GTX 295: 10414.8 PMKs/s (RTT 2.6)
#8: 'CUDA-Device #8 'GeForce GTX 295: 11333.7 PMKs/s (RTT 2.9)
Add CUDA syntax highlighting to Vim
Here is how to add CUDA syntax highlighting to Backtrack. First you need to install vim-full:
root@bt:~# apt-get install vim-full
Then grab the syntax file:
root@bt:~# cd /usr/share/vim/vim71/syntax/
root@bt:/usr/share/vim/vim71/syntax# wget http://www.backtrack-linux.org/patches/cu.vim.txt
root@bt:/usr/share/vim/vim71/syntax# mv cu.vim.txt cu.vim
Next change into your root directory (or whichever user you are using):
root@bt:~# touch .vimrc
root@bt:~# vi .vimrc
Add the following lines:
au BufNewFile,BufRead *.cu set ft=cu
syntax on
Now your vi should be set up for CUDA syntax highlighting.
| BackTrack - Penetration Testing Distribution Setting Part II | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 02:01 | hack |
| Filename | BackTrack - Penetration Testing Distribution Setting Part II |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 02:01 |
| Label | hack |
| Action |
There is a script to start the wicd-daemon in the /etc/init.d directory. To start it issue the following command:
root@bt:~# /etc/init.d/wicd start
This should be started before attempting to open the client. Once you have started the daemon you can open the GUI interface for the client from the KDE menu:
KDE > Internet > Wicd Network Manager
If you would like to have the Wic Daemon start at boot time:
root@bt:~# update-rc.d wicd defaults
Changing the root password
It is vital you change your root password before you open up any services, such as SSH. Make sure to change your default toor password!
root@bt:~# passwd
Enter new UNIX password: {enter your new password here }
Retype new UNIX password: {enter your new password again}
passwd: password updated successfully
root@bt:~#
Starting services
BackTrack has various services such as Apache, SSH, MySQL, VNC, etc. They are all disabled by default. To start a service such as SSH, you can use the service init scripts. For example, to start the SSH service:
root@bt:~# sshd-generate # Specific to the SSH service - needed to generate SSH keys
root@bt:~# /etc/init.d/ssh start
Starting OpenBSD Secure Shell server: sshd.
root@bt:~# /etc/init.d/ssh stop
Stopping OpenBSD Secure Shell server: sshd.
root@bt:~#
When using a ssh server for the first time on Backtrack you will need to generate keys:
root@bt:~# sshd-generate
To enable a service at boot time, you can use the update-rc.d command, for example, having SSH start at boot time:
root@bt:~# update-rc.d -f ssh defaults
Adding system startup for /etc/init.d/ssh ...
/etc/rc0.d/K20ssh -> ../init.d/ssh
/etc/rc1.d/K20ssh -> ../init.d/ssh
/etc/rc6.d/K20ssh -> ../init.d/ssh
/etc/rc2.d/S20ssh -> ../init.d/ssh
/etc/rc3.d/S20ssh -> ../init.d/ssh
/etc/rc4.d/S20ssh -> ../init.d/ssh
/etc/rc5.d/S20ssh -> ../init.d/ssh
root@bt:~#
Common apt commands
apt-get install (package) Downloads (package) and all of its dependencies, and installs or upgra- des them.
apt-get remove [--purge] (package) Removes (package) and any packages that depend on it.
apt-get update Updates packages listings from the repo, should be run at least once a week.
apt-get upgrade Upgrades all currently installed packages with those updates available from the repo.
apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.
apt-cache search (pattern) Searches packages and descriptions for (pattern).
apt-cache show (package) Shows the full description of (package).
apt-cache showpkg(package) Shows a lot more detail about (package), and its relationships to other packages.
man apt Will give you more info on these commands as well as many that are in less common usage.
Common dpkg commands
dpkg -i (package.deb) Installs a package file; one that you downloaded manually, for example.
dpkg -c (package.deb) Lists the contents of (package.deb) a .deb file.
dpkg -I (package.deb) Extracts package information from (package.deb) a .deb file.
dpkg -r (package) Removes an installed package named (package)
dpkg -P (package) Purges an installed package named (package). The difference between remove and purge is that while remove only deletes data and executables, purge also deletes all configuration files in addition.
dpkg -L (package) Gives a listing of all the files installed by (package). See also dpkg -c for checking the contents of a .deb file.
dpkg -s (package) Shows information on the installed package (package). See also apt-cache show for viewing package information in the Debian archive and dpkg -I for viewing package information extracted from a .deb file.
dpkg-reconfigure (package) Reconfigures an installed package.
man dpkg Will give you more info on these commands as well as many that are in less common usage.
How do I find more information on a particular command or programs usage ?
Most commands will have what is called a man page (manual page) which can be viewed by typing:
root@bt:~# man (command you want more info on)
Another very good resource on linux command usage can be found at linuxcommand.org Some programs do not have a man page, but you can usually get more information on it's usage by typing:
root@bt:~# (program name) Just the program name without any arguements.
or
root@bt:~# (program name) -help
or
root@bt:~# (program name) --help
or
root@bt:~# (program name) -h
Wireless Drivers
With the ever changing arena of the wireless driver world and the mac80211 stack, we wanted to dedicate a page that would sort out some tricky wireless driver setups. Before you start your journey into BackTrack wireless world, you should first identify your wireless card chipset with 100% cer- tainty. If in doubt, you can always try plugging in the card into a Linux box, and see what dmesg has to say.
BackTrack contains patched stock kernel 2.6.35.8 wireless drivers, as well as several "external" drivers. Some of these drivers overlap, to provide maximum flexibility with various wireless attacks. The /etc/modprobe.d/blacklist dictates which preferred drivers are loaded at boot-time. Generally speaking, all the older IEEE drivers are blacklisted and need to be loaded manually if you want to use them.
Wireless Drivers
rtl8187 vs r8187
This is a confusing one. The rtl8187 is the mac80211 stack driver, while the r8187 is the old IEEE driver. Both support injection.
b43 vs wl
This is a nasty one. b43 supports only *some* broadcom cards. Make sure you know what card version you have before you get frustrated. Check the b43 compatibility list. Some Broadcom chipsets which are NOT covered by b43, *are* covered by the broadcom-STA driver(wl). Note that the wl driver does not support injection! People with macs, or unsupprted b43 broadcom cards such as the BCM4322 802.11a/b/g/n Wireless LAN, check out the broadcom wl page.
ath5k vs ath_pci
These drivers are for certain atheros cards - they should be interchangeable, and both support wireless injection.
compat wireless
As Linux wireless drivers mature, more chipsets get added to the compatibility list. If none of the native BackTrack kernel drivers work for you, you might want to consider using a more recent version of compat-wireless. Check out the compat-wireless page for information on how to get those drivers up and running.
Continue Part III here
| BackTrack - Penetration Testing Distribution Setting Part I | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 01:59 | hack |
| Filename | BackTrack - Penetration Testing Distribution Setting Part I |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 01:59 |
| Label | hack |
| Action |
Whether you're hacking wireless, exploiting servers, performing a web application assessment, learning, social-engeneering a client BackTrack is the one-stop-shop for all your security needs.
-----------------------------------------------------------------------------------------------------------
BackTrack Live USB Install
This method of getting a live install to a USB drive is the simplest available using Unetbootin. NOTE: that we will format the USB drive and erase its contents.
- Plug in your USB Drive (Minimum USB Drive capacity 2 GB)
- Format the USB drive to FAT32
- Download Unetbootin from http://unetbootin.sourceforge.net/
- Start Unetbootin and select diskimage (use the backtrack-final ISO)
- Select your USB drive and click "OK" for creating a bootable BackTrack USB drive
- Log into BackTrack with the default username and password root / toor.
BackTrack 4 arranges tools in 11 categories
Information Gathering
Network Mapping
Vulnerability Identification
Web Application Analyses
Radio Network Analyses
Penetration
Privilege Escalation
Maintaining Access
Digital Forensics
Reverse Engeneering
Voice Over IP
Download it here
----------------------------------------------------------------------------------------------------------
Logging in to BackTrack
Once the installation of BackTrack is done, the default username and password for the console are root / toor. You will not be able to see the password as you type it.
Starting a GUI Environment
To start a KDE GUI environment, type at the console
startx
In rare occasions (such as after a VMware tools install, or when using unsupported Video cards), X will refuse to start. You have several options you can try:
Using the default VESA configuration:
root@bt:~# fix-vesa
[*] Backing up xorg.conf to xorg.conf.orig
cp: cannot stat `/etc/X11/xorg.conf': No such file or directory
[*] Copying over xorg.conf-vesa to xorg.conf
[*] Please restart X
root@bt:~#
Reconfiguring the X server package
You can reset (and often fix) Xorg configurations with the following command:
root@bt:~# dpkg-reconfigure xserver-xorg
You can safely accept all the defaults if unsure of questions you are asked. If in a Vmware image, you can run:
root@bt:~# fix-vesa-vmware
[*] Backing up xorg.conf to xorg.conf.orig
[*] Copying over xorg.conf-vmware to xorg.conf
[*] Please restart X
root@bt:~#
Switching Between KDE and Fluxbox
You can use the dragon utility to switch between KDE and Fluxbox desktops.
root@bt:~# dragon
2010 (C) Dragon v 0.1 - Back|Track Command Line Control Panel
upgrade Upgrade your Back|Track box
follow Install and Follow all Back|Track tools by Category
...
dragon >> desktop fluxbox
Selecting Fluxbox as default Desktop Manager
dragon >> quit
Good Bye
root@bt:~#
Restart your X session by logging out, and then typing startx. To switch back from Flux to KDE, the command inside dragon would be desktop kde.
Getting Networking to work
BackTrack does not boot with networking by default (you don't always want to announce yourself with a DHCP request on a local network).
Setting your IP manually
To set your IP address manually, use the following commands. In this example, we will be assuming an address of 192.168.1.112/24, with a default gateway and DNS server - 192.168.1.1.
root@bt:~# ifconfig eth0 192.168.1.112/24
root@bt:~# route add default gw 192.168.1.
root@bt:~# echo nameserver 192.168.1.1 > /etc/resolv.conf
Getting a static IP to stick between reboots
To get your IP to stick between reboots, you can edit your /etc/network/interfaces file. For example:
# This file describes the network interfaces available on your system and how to activate them.
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.112
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Edit the file as appropriate, then have the network come up automatically at boot time:
root@bt:~# update-rc.d networking defaults
root@bt:~# /etc/init.d/networking restart
Getting an IP from DHCP
You can use the dhclient command to automatically get an IP address from a DHCP server:
root@bt:~# dhclient eth0
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium
All rights reserved
For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/eth0/00:0c:29:81:74:21
Sending on LPF/eth0/00:0c:29:81:74:21
Sending on Socket/fallback
DHCPREQUEST of 192.168.1.112 on eth0 to 255.255.255.255 port 67
DHCPACK of 192.168.1.112 from 192.168.1.1
bound to 192.168.1.112 -- renewal in 37595 seconds
root@bt:~#
Using the script to start networking
There is a script to start networking in the /etc/init.d directory. To start it issue the following command:
root@bt:~# /etc/init.d/networking start
The script attempts to start all the interfaces listed in the interfaces file. You can remove the ones you do not need by editing the following file:
root@bt:~# nano /etc/network/interfaces
Continue Part II here
| Deface Maker | WhySoSeriousssssssssssss | rwxr-xr-x | 0 | 00:48 | hack |
| Filename | Deface Maker |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 00:48 |
| Label | hack |
| Action |
It look something like this -->
.jpg)
No problem get it form here
Subscribe to:
Posts (Atom)