USEFUL THINGS IN BACKTRACK LINUX

I'm trying to write 5 most useful things you should know in Backtrack Linux. Please check it below.


1. About user name and password Backtrack use root for the username and toor for the password. You should provide it at the first time login in your first time installation.


2. startx command Don't shocked if you see the black screen with command only when you use backtrack. Backtrack designed to use command line, but if you want to enable the window, you can type startx command after you log in.


3. Metasploit Framework The most famous tools in Backtrack is Metasploit framework, this tools is used for penetration testing into vulnerable system. You can go to metasploit framework by typing /pentest/exploits/framework3/msfconsole, and there's also /pentest/exploits/framework2/msfconsole.


4. Log Out In Backtrack you cannot restart or shutdown your computer from X-Window. One thing you can do when you finish use backtrack from X-Window is Log Out. To do this, click the Dragon icon at the bottom left of your Backtrack and then Click Log Out.


5. Shutdown and Restart When you finish use the X-Windows, you will be inside the terminal again. To shutdown your Backtrack : poweroff To restart your Backtrack : reboot That's it…very simple right? just try it yourself.

EVILGRADE 2.0 ERROR ON BACKTRACK 5 - SOLVED

I'm running Evilgrade on Backtrack 5 Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.


It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.


When I'm trying to running Evilgrade(./evilgrade), there's some error :


./evilgrade


Can't locate Data/Dump.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at isrcore/Shell.pm line 28.


To solve this error, just run

cpan Data::Dump

in your terminal Finish

SECURE SOCKETS LAYER (SSL) - AN INTRODUCTION

In the OSI model a reference model for effective communication we find a layer named transport layer. Just like a physical layer (where viruses attack normally) transport layer also need some sort of security because transport layer is responsible for transmission of data.


So what actually makes transport layer to make the transmission secure and to protect the data from any intruder.


Have you ever noticed that when you visit some website it starts with http:// and whenever you visit some sort of money transfer and other important websites you find https:// point is clear https means a secure communication it means that your data that transfer from this connection secure by using some cryptography techniques.



SSL or secure sockets layer are cryptographic protocols that provide secure communication over the Internet. So what actually a cryptography is " Cryptography is a science of secrete communication".
SSL uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.


                                                         HTTP VS HTTPS

The above picture shows that when ALICE sends the confidential information over insecure channel that there is a chance to sniff this confidential information (it might be a credit card information or may be your password etc). So the point is that an attacker can easily sniff this data and can easily read, understand and use for illegal activities because the data transfer in plain text regardless of any encryption it is simply a HTTP connection.

 

Now consider the second picture when an user send some sort of information over secure channel means if someone using HTTPS than the data first encrypt by using cryptography technique than it sends over channel, so in this case if someone sniff this data than he/she not able to understand it.


The above broad picture has clearly shows that HTTPS is secure, but how HTTPS is secure? Because it uses secure sockets layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate.

Where there's a will there's a way. By following this amazing quote some researcher has discovered some ways to crack/hack SSL certificate too. To hack SSL certificate we will post an article later on.

C# COLLECTION OF SOURCE CODES – MEGA PACK

I am posting a new pack, this time with C/C++ sources. Many people asked me for C/C++ pack, so here it is.. you can learn a lot from it.

The pack contains the following sources:

------------------------------------------------

Quote:

Port Scanner

Dark Crypter
FireFox 3.6 Decrypter
Agony
Aryan RAT v0.3
Aryan RAT v0.4
Aryan RAT v0.5
Basic Keylogger Source
Black Sun
BlindSpot v1.0 (Binder)
Files Merger
Call Of Duty 6 - Modern Warfare 2 - MPHack
Cryptic3 Crypter
DCI Bot
Down Trojan RAT
Client RAT
El Backdoor Small v1/2.0
Example Drag&Drop
F0xit 0.1
FBI RAT
gh0st 3.6
Harvecter bot
hBot Source
JABT1.2 - Justin Another Binder Tool
Juu2 IE7+FF steal
Little Joiner
Loading DLL infect PE
LocustPEA
Mail Sender - C++
Dump MSN Contacts
Nerzhul
Net Bot Attacker 5.5 RAT+DDOS
Polymorphic crypter
ProAgent V1.21
PsyRAT 2
Rat-b
Ratling
Reptile Bot
Rhapsody reverse connecting RAT
ri0tv5 Bot
UDP Tunnel
SpecialTrojan V5.0
Viotto OCX registrator - Source

Download link (mega pack of source codes):

Uploading.com

MediaFire

How to make your computer a Server to host a website (Hosting a phishing website)

Steps to make your computer a server to host website from home:





1. Download WampServer and install it in your computer. If you don't know what it is, Wampserver is a simple server with PHP and mysql support which is fully capable of hosting sites in your home computer.


2. Create your website. If you want to make a phishing website within few minutes with both fake login page and php script, read my earlier article on Start Phishing any site in less than 5 minutes.


3. Copy your folder that contains your website files or phishing files and paste them inside "www" directory inside "wamp" folder. Typically it is in C:\wamp\www.


4. Now go to your browser and in the address bar, type "http://localhost". You will be prompted with your wamp page. Just scroll down and click on your folder that you copied in the www directory. That's it, you will see your website running.


5. Wait, it is right now only viewed from your computer. To make it visible to the world, you need to click on the wampserver icon on the taskbar, and then click on "put online".


6. If you have dynamic IP address thus making it difficult to host a website, just go to DynDns.org website. This website allows you to have a host name for dynamic IP address and the service is totally free. So just register with dyndns.org and get a host name for your computer so that even if your IP address changes, the service automatically updates the change to your host settings.


7. If you are behind the router, then you need to login to your router and on the port forwarding option, just write down your IP address and port.


That's it. If you follow these steps, you have successfully made your computer a server to host a phishing website or a legitimate website from home, within an hour. Enjoy!

Start phishing any site in less than 5 minutes

Phishing is certainly an exciting hacking arsenal for any hacker. It is completely a social engineering. It is an art of tricking the user to think that it is a legitimate website while we silently store the login information. So, today I am writing a tutorial on how to setup a complete phishing site so that you can start phishing in less than 5 minutes. So lets start.


First of all, you will need to make an exact replica of the website you are trying to perform phishing. Don't worry, we will use a simple tool that will do all the stuff. Secondly, you need a php script that logs in all the information typed by the user in the form. That's it.



You will need to download "automatic phish creator". The password of the rar file is "hackingguide". All you need to do is just fill in the website name you want to phish. Fill in the name of the php file you will get and the name of the log file you desire. The phishing creator will then create a exact replica of the website and a php script file. That's it. Now you are ready to start phishing.


Now, you will need to host your file to a server. You can use t35.com, awardspace.com or any similar hosts and register a free hosting space. Or you may buy a space. Its your choice. Now, go to the control panel and upload your two files. Then change the permission of the file to "777", i.e. full permission. Now, your site is ready for phishing. Send the link of your site to victims and then when people type in their credential thinking its a real site, you will have their username and password. It is this easy.


Note: Antivirus may alarm the phishing creator software. This is normal. Just turn of your antivirus while you are doing phishing and later turn it on after you are finished..

BACKBOX LINUX 3.0

A Linux distribution based on Ubuntu

BackBox is a Linux distro based on the Ubuntu operating system, developed to perform security assessments and penetration tests.

BackBox is designed to be easy to use and fast. It provides a minimal but powerful and complete desktop environment.

What's New in This Release: [ read full changelog ]

· System upgrade
· Bug corrections
· Performance boost
· Improved start menu
· Improved Wi-Fi dirvers (compat-wireless aircrack patched)
· New and updated hacking tools

DOWNLOAD