Androite XDA

Home » Posts filed under Backtrack 5

Showing posts with label Backtrack 5. Show all posts

Dual Boot Backtrack 5 AND Windows 7/8

Posted by b Tuesday, 3 September 2013 0 comments

NOTE: The following method of installation is the simplest available. We have made it in the assumption that you have a Windows installation that is taking up all the space on your disk drive and you would like to resize and repartition the disk drive in order to allow a BackTrack install alongside your Windows.

WARNING: BACK-UP YOUR WINDOWS INSTALLATION FIRST!

- We select our language, in this case English and then click the Forward button.
we select out geographical location (The Region and Time Zone) and click Forward

Chose your keyboard layout. We are going to leave it the default which is USA and click Forward.
Now it’s time to partition the Disk, for a quick and successful dual-boot install we will choose the Install them side by side, choosing between them each startup option and hit Forward..
- WARNING: The installer might stop at certain percentages, leave it for a few minutes and it will resume.
- Hit the Restart Now button, and enjoy Backtrack!
- When the computer will boot, you will be given a choice to boot Backtrack or Windows.
- After the reboot, you can log in with the default username root and password toor. Do not forget to change this default root password by issuing the passwd command.
- As you can see the splash screen disappeared after the reboot. In order to fix it just run fix-splash, and the splash screen will appear on the next boot.

SET SMS Spoofing Attack Vector | Backtrack 5 | Tutorial

Posted by b Sunday, 26 August 2012 1 comment

Mobile communication is now everywhere, mobile hacking is seems to be difficult and a normal user, student and ethical hacker usually don't go towards the mobile hacking field. Mobile hacking is so general word and it contains hacking attack from physical layer to application layer of OSI model. Spoofing attack is not a new attack and you must have heard about IP spoofing, DNS spoofing and SMS spoofing.

In spoofing attack an attacker make himself a source or desire address.

What Is SMS Spoofing?

Short message service (SMS) is now available on mobile phones, I, You and everyone using SMS for the communication. SMS spoofing means to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text/ another number. (Wikipedia).

I will discuss most of the theorical aspect here like how to perform SMS spoofing? How SMS spoofing work? And so many question.

SMS Spoofing Tutorial

Social engineering toolkit contain a SMS spoofing attack vector that can used to perform SMS spoofing. Requirement for tutorial:

Operating system (Backtrack 5 for this tutorial)
SET (Social engineering toolkit)

So I will use backtrack 5 to perform SMS spoofing however you can use Ubuntu, Gnacktrack, Backbox and other Linux or other OS.

On the SET menu select number 7 that is SMS spoofing attack vector.

On the second step “1. Perform a SMS Spoofing Attack”
On the third choose what you want to do a Mass SMS spoofing or a single in this case I select 1.
On the fourth you need to enter the number of the receiver, make sure to enter with country code.
On the next step 1. Pre-Defined Template
On this step you need to choose the templates (choose what you want)
If you have a android emulator that wonderful but you can use some paid services. So its up to you select and than send your message.

How to hack a website

Posted by b Friday, 24 August 2012 0 comments

I will show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x' or 'a' = 'a

If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:

x' or 1=1--

Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.

The technical stuff

If you were able to log in, then the code which generates the SQL for the login looks something like this:

$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

When you log in normally, let's say using userid admin and password secret, what happens is theadmin is put in place of

$username

and secret is put in place of

$password

. The SQL that is generated then looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'

But when you enter

x' or 'a' = 'a

as the password, the SQL which is generated looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'

Notice that the string:

x' or 'a' = 'a 

has injected an extra phrase into the WHERE clause:

or 'a' = 'a' 

. This means that the WHERE is always true, and so this query will return a row contain the user's details.

If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?

How to defend against this type of attack

Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using themysql_escape_string() or mysql_real_escape_string() functions, e.g.:

$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

Now when the SQL is built, it will come out as:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'

Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.

Hacking Application for Android

Posted by b Wednesday, 22 August 2012 0 comments

Mobile devices is now very common now a days and mobile devices has changed the way of bi-directional communication. There are many operating system for mobile devices available but the most common and the best operating system for mobile is Android, it is an OS means you can install other applications (software's) on it. In Android application usually called apps or android apps.

The risk of hacking by using mobile devices is very common and people are developing and using different apps (application) for their hacking attack. Android has faced different challenges from hacking application and below is the list of application for android hacking.

The Android Network Tool kit

In the last Defcon conference a new tool has been released by a security researcher and the tool is called “The Android network toolkit”. The has been developed for penetration tester and ethical hackers to test any network and vulnerabilities by using their mobile phones. This toolkit contain different apps that will help any hacker to find vulnerabilities and possibly exploit it. The company behind the app is an Israeli security firm called Zimperium.

Nmap for Android

Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.

FaceNiff- Session Hijacker for Android

Your Facebook account is at risk, just like a Firesheep (for firefox hacking) there is a FaceNiff for hijacking the session of famous social networking websites includes facebook and twitter. FaceNiff is developed by Bartosz Ponurkiewicz who created Firesheep before but faceniff is for android OS.

AnDOSid- DOS Tool for Android

DOS or denial of service attack is very dangerous attack because it takes down the server
(computer).AnDOSid allows security professionals to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.AnDOSid is designed for security professionals only!

SSHDroid- Android Secure Shell

Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android.
This application will let you to connect to your device from a PC and execute commands (like "terminal" and "adb shell").

If you want the .apk files of these apps the comment below i will publish here. Thank you. Please let me know that my work had helped you. :-)

Fast Track Hacking-Backtrack 5 Tutorial

Posted by b 0 comments

Backtrack 5 contains different tools for exploitation, as discussed before about metasploit and armitage for this article i will discuss about fast track, however I have received different request to write more tutorial forarmitage, i will write for armitage too later. Fast Track is a compilation of custom developed tools that allowpenetration testers the ease of advanced penetration techniques in a relatively easy manner.

Some of these tools utilize the Metasploit framework in order to successfully create payloads, exploit systems, or interface within compromised systems.

If you are beginner and dont have any idea about vulnerability, payload and shell code than first read the article " Introduction to metasploit".

For this tutorial i will use backtrack 5, however you can use some other version(s).

How To Use Fast-Track For Payload Generation

There are three interface available for fast track on backtrack 5, i will show you how to generate payload by using fast track, you can use fast track web interface too for different purposes like auto-pwn. Follow the procedure.

· Click on Applications-->Backtrack-->Exploitation tools-->Network exploitation tools-->Fast-Track-->fasttrack-interactive

· You will get the first window that is menu windows, enter number 8 that is payload generator number.

· On the next window will ask you about payload enter number 2 that is "Reverse_TCP Meterpreter".

· Now we need to encode our payload so that it can easily bypass antivirus software's and IDS. I enter number 2 you can enter of your choice.

· On the next we have to enter IP address of the victim than port number, I have scanned my local network using nmap. Then select the type of payload either EXE or shell code.

· Now a file name payload.exe has been created, you can get the file by going on filesystem-->pentest>exploit-->fasttrack-->payload.exe.

· Use some social engineering technique to run this payload on the victim box than on the fast-track window start listing your payload to get the hack done. When everything is fine you will get the command window of the victim.

Upgrade From BackTrack 5 R2 to BackTrack 5 R3

Posted by b Sunday, 19 August 2012 0 comments

Recently, we released the long-awaited BackTrack 5 R3 but for those of you who don’t want to start fresh with a new installation, have no fear because you can easily upgrade your existing installation of R2 to R3.

Our primary focus with this release was on the implementation of various bug fixes, numerous tools upgrades and well over 60 new additions to the BackTrack suite. Because of this, the upgrade path to BackTrack 5 R3 is relatively quick and painless.

First, you will want to make sure that your existing system is fully updated:

apt-get update && apt-get dist-upgrade

With the dist-upgrade finished, all that remains is the install the new tools that have been added for R3. An important point to keep in mind is that there are slight differences between the 32-bit and 64-bit tools so make sure you choose the right one.

32-Bit Tools

apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r artemisa rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack uberharvest acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

64-Bit Tools

apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter multiforcer bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

That’s all there is to it! Once the new tools have been installed, you are up and running with BackTrack 5 R3.

BackTrack 5 R3 Released & Available To Download

Posted by b 0 comments

BackTrack 5 R3 Released & Available To Download!!

In our last post about BackTrack we mention the release date of long awaited BT 5 Release 3. So finally the countdown is over. The time has come to refresh our security tool arsenal – BackTrack 5 R3 has beenreleased world wide. First BT5 R3 preview was released in BlackHat 2012 Las Vegas for the enjoyment of conference attendees. The main aim of that pre-release was to figure out their last bug reports and tool suggestions from the BH / Defcon crowds. This final release mainly focuses on bug-fixes as well as the addition of over 60 new tool. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

As usual KDE and GNOME, 32/64 bit ISOs, have been released a single VMware Image (Gnome, 32 bit).

We would also like to give to reminder that the first release candidate (R1) of BackTrack 5 was released in August last year. Later in March this year we got the second release candidate (R2) of BT 5.

For those requiring other VM flavors of BackTrack If you want to build your own VMWare image then instructions can be found in the BackTrack Wiki. Direct ISO downloads will be available once all our HTTP mirrors have synched. But still you can download BackTrack 5 R3 via torrent from the below links.

BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)

BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)

BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)

BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)

BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)

Hack a Remote Windows PC using Backtrack 5 | Social Engineering Tools

Posted by b Monday, 13 August 2012 0 comments

Hi folks...

Guys i already described some of the methods about remote PC hack. But today we are going to hack a remote PC using Backtrack. Backtrack is a live OS and much powerful tool for hacks and in it we are going to use SET toolkit. So first you have to know about SET.

What is Social Engineering Toolkit?

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Step (1)

Change your work directory into /pentest/exploits/set/

Or Goto:

Step (2)

Open Social Engineering Toolkit(SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options.

Step (3)

Usually when user open a website, sometimes they don't think that they are opening suspicious website that including malicious script to harm their computer. In this option we will choose "The Metasploit BrowserExploit Method" because we will attack via victim browser.

Step (4)

The next step just choose "Web Templates", because we will use the most famous website around the world that already provided by this Social Engineering Toolkit tools.

Step (5)

There are 4 website templates Ready To Use for this attack methods, such as GMail, Google, Facebook, and Twitter. In this tutorial I will use Google, but if you think Facebook or Twitter more better because it's the most accessed website, just change into what do you want.

Step (6)

For the next step…because we didn't know what kind of vulnerability that successfully attack the victim and what type of browser, etc, in this option we just choose "Metasploit Browser Autopwn" to load all vulnerability Social Engineering Toolkit known. This tools will launch all exploit in Social Engineering Toolkit database.

Step (7)

For payload options selection I prefer the most use Windows Shell Reverse_TCP Meterpreter, but you also can choose the other payload that most comfortable for you.

Step (8)

The next step is set up the Connect back port to attacker computer. In this example I use port 4444, but you can change to 1234, 4321, etc

Step (9)

The next step just wait until all process completed and also wait until the server running.

Step (10)

When the link given to user, the victim will see looks-a-like Google(fake website). When the page loads it also load all malicious script to attack victim computer.

Step (11)

In attacker computer if there's any vulnerability in victim computer browser it will return sessions value that mean the exploit successfully attacking victim computer. In this case the exploit create new fake process named "Notepad.exe".

Step (12)

To view active sessions that already opened by the exploit type"sessions -l" for listing an active sessions. Take a look to the ID…we will use that ID to connect to victim computer.

Step (13)

To interract and connect to victim computer use command"sessions -i ID". ID is numerical value that given when you dosessions -l. For example you can see example in picture below.

Step (14)

Victim computer owned (Hacked). :)

Step (15)

Now you can do lots of stuffs with victim machine if u know the power of meterpreter.

If you have Any Queries Ask me in form Of Comments and don't forget to share and join this blog and like us on Facebook......