Showing posts with label backtrack 5. Show all posts
Showing posts with label backtrack 5. Show all posts

Thursday, November 6, 2014

Harvesting Email Address (Part-1)

Today we will learn about harvesting email address from any domain. For this you need Kali Linux or Backtrack, if you don't have any of this then first install them on your virtual machine (recommended). Refer to my earlier post on how to install Kali Linux or Backtrack.

Step 1: Start your Kali Linux machine.

Step 2: Open terminal.

Step 3: Type:   theharvester
            Here you will come to see many options on using this.

Step 4: To harvest email address from a site: victimsite.com... 
            Type: theharvester -d victimsite.com -b google
            Here we have chosen Google to harvest site. You can choose any other option like Linkedin, Bing, pgp or even all by just typing all.

Step 5: If you want more of the result you can use -l option. It restricts on how many result you want to see. By default its 100 for Google and 50 for Bing. 
            Type: theharvester -d victimsite.com -l 500 -b google

If you are facing any problem then view this video tutorial for complete reference.


Don't forget to subscribe my Youtube channel and Like us on Facebook.

Author: Unpredictable

Feel free to send us your query @ prashantsavior@gmail.com
Posted by at No comments:
Labels: , , , ,

Thursday, October 9, 2014

Install Backtrack 5 in VMware

Hello friends, I hope you all must have enjoyed your holiday. So, lets get back on track and start the show once again. 

When we search for hacking related tutorials in Google, we come across many tutorials which require Backtrack or Kali Linux. But it is not possible for everyone to install Backtrack into their computer. So in that scenario we can install our penetration testing OS onto a Virtual machine. Before we go to the tutorial part lets have a basic idea on Backtrack and Virtual machine.

Q. What is Backtrack?
--> Backtrack is an OS which has all the pre-installed script and repositories required for performing a penetration testing (in layman language required for hacking). It is the Linux based OS. The present stable version of Backtrack is Backtrack 5. There are few other penetration testing OS like Kali Linux, Black Box, etc.
I would recommend you to use Kali Linux, because the online support for Kali Linux is available and is easy to get. Steps of using are some what same. However, here I will be using Backtrack 5, which is very famous in the field.

Q. What is Virtual Machine?
--> A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both. Some of the Virtual machines are VMware, Virtual Box, etc. Here we will be using VMware.

Lets start with the tutorial --------->

Requirement:
Before we start with our tutorial, download these things:
1. VMware
2. Kali Linux or Backtrack 5

Follow these simple steps to Install:

Step 1: Install VMware.
Step 2: Open Vmware 

Step 3: Click on Create a new virtual machine

Step 4: Click on next and select the iso file from your hardisk.

Step 5: Select Linux and select your version (I have 32 bit iso file so I selected just Ubuntu, if you have got 64 bit then go for 64 bit Ubuntu)

Step 6: Write the name of your machine and click on Next (make sure you have around 12 GB of space in your C drive else choose the path somewhere else where you have got ample of space)

Step 7: Finally click on Finish

Step 8: Press enter and the booting will start then select the first option and press enter


Step 9: To go into the GUI view type startx and press enter

Step 10: Click on install Backtrack and follow the further simple steps to install


Note:

Default username and password are:
username: root
password: toor

For more information feel free to write us @ prashantsavior@gmail.com and don't forget to like us in Facebook.
Posted by at No comments:
Labels: , , , ,

Monday, July 7, 2014

Distributed Denial of Service Attack - DDoS attack (Part-1)

Hey guys! Sorry for being away for quite long. Today I am going to post on a very easy but harmful hack.
We can easily take down many sites from this although it is for small period but yet it can suffer a huge loss.
I hope many of you have guessed my topic of today's discussion. Yes its Distributed Denial of Service (DDoS) attack.
We can perform this attack in many ways but today I am posting the tutorial on slowloris but before we start lets see what is DDoS attack.

About: DDoS, fairly called as Denial of Service attack is one of the most powerful attack which is very tough to stop by any of the server although it takes time to perform.
In this we send a huge amount of packets to the port of the site which is open usually it is port 80 or attacks on those port which are open and ready to accept the packets.
These huge amount of packets creates a great traffic in the site and ultimately take it down till the attack is being performed or the server blocks the ip which is sending the packets.

Many of you must be thinking that what will happen if the site goes down for few hours???
Think about the big shopping sites like flipkart, ebay, amazon, etc., if they get down for few hours how much they will suffer a loss. Similarly, if someone attacks on stock exchange then just think how much unthinkable loss can happen in hours.

***Performing DDoS attack is under cyber crime. So think before you act.
Words for white hat hackers: Report the admin of the web page if you find any unimportant open port which is accepting the packets.
Words for programmers: Please check your codes and make sure most of the ports are closed and the codes are properly written and has no open segments.
Words for black hat hackers: Follow the tutorial to take down the site and don't forget to use proxy.

DDoSing via Slowloris:
Step 1: Download and install "active perl" from the link Click here to download Active Perl
Step 2: Download this slowloris script by clicking here Click here to download slowloris and save in any of your desired location and file extension as .pl (this is extension for perl script files). Like I have saved it in C:\downloads\DDOS\slowloris
Step 3: Open cmd by pressing windows+r (run dialog box appears) and then type cmd and hit enter.
Step 4: Go to the location by typing its address.
C:\downloads\DDOS
and press enter
Step 5: Run the slowloris script on the site. Here my target site is www.target-site.com
C:\downloads\DDOS> slowloris.pl -dns www.target-site.com -port 80 -timeout 1 -num 1000 -cache

Here you can change the port number to any other port which is open.

Check the site after few hours. Boom... You have taken it down.
For any query please comment below or write to us @ prashantsavior@gmail.com and don't forget to like our Facebook Page

Author: Unpredictable

Posted by at No comments:
Labels: , , ,

Sunday, May 18, 2014

Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:
  • Nikto is an open source.
  • It can check a web server for over 6400 potentially dangerous files/CGIs.
  • It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
  • It checks the plug in and un-configured files.
  • Fast & Effective.
  • It finds out the default files and programs.
  • It finds out the insecure files and programs.
Features:


  • Full HTTP proxy support.
  • Apache user name enumeration.
  • Logging to Metasploit.
  • Secure Socket Layer support (SSL).
  • Sub-domain brute forcing (guessing).
  • Easy to update.
  • Save report on multiple format.

Requirements:
  • Backtrack 5 / Kali Linux with Perl installed in it.

Tutorial:


The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.


Open Nikto by following this:



1. To scan a website for the vulnerability we type:
$ perl nikito.pl -host http://www.mytargetsite.com/
or
$ perl nikito.pl -h http://www.mytargetsite.com/



2. For help:
$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]



4. If you want this test via proxy than you can use by this command:
$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:
$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):
$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:
$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt


Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable



                  Posted by at No comments:
                  Labels: , , , ,
                  Subscribe to: Posts (Atom)