How To Use Credential Harvester Attack Method Over Internet

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.


Tools : SET TOOL KIT


OS : Backtrack 5

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in their user credentials, the usernames and passwords will be posted back to your machine and the victim will be redirected back to the legitimate site.

TUTORIAL VIDEO :

Windows Gather USB Drive History Metasploit Module

This module will enumerate USB Drive history on a target host.

Usage Information

msf > use post/windows/gather/usb_history
msf post(usb_history) > set SESSION [INTEGER]

Module Options

SESSION	The session to run this module on.
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module

The Hacker’s Choice Releases SSL DOS Tool

German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.


Establishing a secure SSL connection requires 15x more processingpower on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection.Download:

Windows binary:
 thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz

Usage:
Use "./configure; make all install" to build and Run : ./thc-ssl-dos 127.3.133.7 443Tips & Tricks for 

whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).

Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:


1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator

How to install Conky Lua in kali Linux

Conky Lua is very nice gadget for every linux user, It shows usage of your system like cpu, disk, memory, net upload and download speed, also date & time. Many users wrote me about this gadget, they like it so much. So Now we will start. I customized this gadget in different flavors.


Install Conky in Ubuntu/Linux Mint open terminal (Press Ctrl+Alt+T) and copy the following commands in the Terminal:

• sudo apt-get install conky conky-all

Install by yourself in other distro's.


First of all Download Startup script with following commands:

• wget -O .start-conky http://goo.gl/6RrEw


• chmod +x .start-conky

Now open Startup Applications > click Add  > New Dialog box will open click on Browse > Now

To Install Green-Flavor open Terminal and enter following commands:

• wget -O conky-green.zip http://goo.gl/WlDxp


• unzip conky-green.zip && sudo rm conky-green.zip