Defcon 19 presentations with dvd

Finally the wait for Defcon 19 presentation is over. Dvd containing the hacker material is up on Defcon media. Defcon is a yearly hacker conference which was held at las vegas in august this year.

Here is the download link to defcon 19 dvd
.ISO of the DEF CON 19 Conference DVD - original and with updated slides
dc-19/defcon-19-dvd-original.iso (~1.6 GB)
dc-19/defcon-19-dvd-updated.iso (~1.7 GB)

Link for individual rss feeds of defcon slides
https://www.defcon.org/podcast/defcon-19-materials.rss

next update will be of defcon videos, music.


Subscribe to our mailing list so you don't miss any updates.

DROIDSHEEP

DROIDSHEEP SESSION HIJACKING ANDROID APPLICATION: 
Droidsheep is free alternate of faceniff which is available on download droidsheep website for free.Its one click hijacking tool which supports

- amazon.de
– facebook.com
– fl ickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)


Limitations of Droidsheep

DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data

What do you need to run DroidSheep?
- You need an android-powered device, running at least version 2.1 of Android
- You need Root-Access on your phone (link)
- You need DroidSheep (You can get it in the “GET IT” section)


you can download Droidsheep android application here

Metasploit Framework v4.0.0!

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool . The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“

Official Change LOG

Statistics:

• Metasploit now ships with 716 exploit modules, 361 auxiliary modules, and 68 post modules.
• 20 new exploits, 3 new auxiliary modules, and 14 new post modules have been added since the last release (3.7.2)

New Modules since 3.7.2:
New Exploit Modules:

• VSFTPD v2.3.4 Backdoor Command Execution
• Java RMI Server Insecure Default Configuration Java Code Execution
• HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
• HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow
• Mozilla Firefox nsTreeRange Dangling Pointer Vulnerability
• Black Ice Cover Page ActiveX Control Arbitrary File Download
• Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
• MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
• Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview
• RealWin SCADA Server DATAC Login Buffer Overflow
• Siemens FactoryLink vrn.exe Opcode 9 Buffer Overflow
• Iconics GENESIS32 Integer overflow version 9.21.201.01
• Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
• Sielco Sistemi Winlog Buffer Overflow
• Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
• HP OmniInet.exe Opcode 20 Buffer Overflow
• HP OmniInet.exe Opcode 27 Buffer Overflow
• Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow
• Lotus Notes 8.0.x – 8.5.2 FP2 – Autonomy Keyview

New Post-Exploitation Modules:

• Winlogon Lockout Credential Keylogger
• Windows Gather Microsoft Outlook Saved Password Extraction
• Windows Gather Process Memory Grep
• Windows Gather Trillian Password Extractor
• Windows PCI Hardware Enumeration
• Windows Gather FlashFXP Saved Password Extraction
• Windows Gather Local and Domain Controller Account Password Hashes
• Windows Gather Nimbuzz Instant Messenger Password Extractor
• Windows Gather CoreFTP Saved Password Extraction
• Internet Download Manager (IDM) Password Extractor
• Windows Gather SmartFTP Saved Password Extraction
• Windows Gather Bitcoin wallet.dat
• Windows Gather Service Info Enumeration
• Windows Gather IPSwitch iMail User Data Enumeration

 New Auxiliary Modules:

• John the Ripper Password Cracker Fast Mode
• Microsoft Windows DNSAPI.dll LLMNR Buffer Underrun DoS
• Kaillera 0.86 Server Denial of Service
• 2Wire Cross-Site Request Forgery Password Reset Vulnerability
• SIPDroid Extension Grabber
• MSSQL Password Hashdump

Notable Features & Closed Bugs:

• Feature #4982 – Support for custom executable with psexec
• Feature #4856 – RegLoadKey and RegUnLoadKey functions for the Meterpreter stdapi
• Feature #4578 – Update Nmap XML parsers to support Nokogiri parsing
• Feature #4417 – Post exploitation module to harvest OpenSSH credentials
• Feature #4015 – Increase test coverage for railgun
• Bug #4963 – Rework db_* commands for consistency
• Bug #4892 – non-windows meterpreters upload into the wrong filename
• Bug #4296 – Meterpreter stdapi registry functions create key if one doesn’texist
• Bug #3565 – framework installer fails on RHEL (postgres taking too long to start)

Armitage:
Armitage integrates with Metasploit 4.0 to:

• Take advantage of the new Meterpreter payload stagers
• Crack credentials with the click of a button
• Run post modules against multiple hosts
• Automatically log all post-exploitation activity

Revision Information:

• Framework Revision 13462

Several import parsers were rewritten to use Nokogiri for much faster processing of large import files. Adding to Metasploit’s extensive payload support, Windows and Java Meterpreter now both support staging over HTTP and Windows can use HTTPS. In a similar vein, POSIX Meterpreter is seeing some new development again. It still isn’t perfect nor is it nearly as complete as the Windows version, but many features already work. Java applet signing is now done directly in Ruby, removing the need for a JDK for generating self-signed certificates. The Linux installers now ship with ruby headers, making it possible to install native gems in the Metasploit ruby environment.

Another flexibility improvement comes in the form of a consolidated pcap interface. The pcaprub extension ships with the Linux installers as of this release and support for Windows will come soon. Modules that used Racket for generating raw packets have been converted to Packetfu, which provides a smoother API for modules to capture and inject packets.

DOWNLOAD

source

RefRef - DDOS Tool By The Anonymous

RefRef - DDOS Tool By The Anonymous

Previously you saw the source code of XerXes by The Jester . The Anonymous Team Have Also Developed their own DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. Previously they had been using LOIC for many of their operation . But due to this tool many of the Anonymous got caught may the tool was not capable of hiding their tracks . So this time they made their own.


According to Developer "RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection."


This DDOS tool #RefRef s set to be released in September, according to an Anon promoting it on IRC this afternoon Developed with JavaScript, the tool is said to use the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to #RefRef’s usage. An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favor the brute force of a DDoS attack sourced from bots or tools such as LOIC.


The tool is very effective, a 17-seconds attack from a single machine resulting in a 42-minute outage on Pastebin yesterday. The Pastebin Admins Weren't happy and tweeted 

The effectiveness of RefRef is due to the fact that it exploits a vulnerability in a widespread SQL service. The flaw is apparently known but not widely patched yet. The tool's creators don't expect their attacks to work on a high-profile target more than a couple of times before being blocked, but they don't believe organizations will rush to patch this flaw en masse before being hit.


This means there are a lot of possible targets out there that will be hit at least once. "This tool only makes you vulnerable if you don't keep your systems patched, perform the basic security, which is how Sony got caught with it's pants down," the RefRef developers said.


The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool's GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Some security experts have been skeptical that the success of Anonymous's DDoS attacks can be explained through LOIC alone. They proposed that some of the group's supporters also have access to botnets, a theory that has partially proven to be correct.


source

ROUTERPWN-ROUTER EXPLOITING/HACKING

Routerpwn.com is a application which helps you in the exploitation of vulnerabilities in routers.

routerpwn is a compilation of ready to run local and remote web exploits.
Programmed in Javascript and HTML in order to run in all "smart phones" and mobile internet devices.
It is only one page, so you can store it offline for local exploitation without internet connection.

It has collection of 103 router exploits listed below:

# 103 Total (2 Generators) 7/26/2011 #
Huawei HG5XX Mac2wepkey Default Wireless Key Generator
Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore)

20x 27x authentication bypass (xss + info disclosure)
17x 18x 20x 27x CRLF denial of service remote MDC
17x 18x 20x 27x CRLF denial of service
17x 18x 20x 27x password_required.html authentication bypass
17x 18x 20x 27x CD35_SETUP_01 authentication bypass
17x 18x 20x 27x CD35_SETUP_01 password reset
17x 18x 20x 27x DSL denial of service
17x 18x 20x 27x mgmt_data configuration disclosure
17x 18x 20x 27x H04 authentication bypass
17x 18x 20x 27x 38x Add domain to hosts table CSRF
Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore)
iMC Intelligent Management Center configuration disclosure
iMC Intelligent Management Center traversal
OfficeConnect command execution
AP 8760 auhentication bypass
OfficeConnect configuration disclosure
OfficeConnect 3CRWE454G72 configuration disclosure
3cradsl72 configuration disclosure
3cradsl72 information disclosure & authenication bypass
812 denial of service
812 denial of service 2
Arris Password of The Day (list.txt)
Arris password of the day web interface
F5D7234-4 v5 admin password md5
F5D8233-4 v3 configuration disclosure
F5D8233-4 v3 router reboot
F5D7230-4 factory reset
F5D7230-4 change dns servers
MIMO F5D9230xx4 configuration disclosure
WAG120N Change admin password
WAG120N Add admin user
WAP54Gv3 debug interface (Gemtek:gemtekswd)
WRT54G enable remote interface
WRT54G config disclosure
WRT54G restore factory defaults
WRT54G last password in plain text
WRT54G disable wifi encription
WRT54G change admin password
D-Link WBR-1310 Authentication Bypass set new password
D-Link DIR-615, DIR-320, DIR-300 Authentication Bypass
D-Link DAP-1160 Authentication Bypass
D-Link DIR-615 change password & enable remote admin
D-Link DIR-615 configuration disclosure
DSL-G604T change DNS servers
704P denial of service
DSL-G624T directory traversal
DWL-7x00AP configuration disclosure
DSL Routers "firmwarecfg" Authentication Bypass
HG5XX mac2wepkey default wireless key generator
HG520c HG530 enable remote management CSRF
HG520c HG530 Listadeparametros.html information disclosure
HG520c HG530 AutoRestart.html denial of service & factory reset
HG520 LocalDevicejump.html denial of service
SmartAX MT880 default password
SmartAX MT880 add administrator account
SmartAX MT880 disable firewall/anti-dos w/default pass
ZyNOS configuration disclosure
SBG900 change admin password
SBG900 turn off firewall
SBG900 enable remote access
SBG900 disable DHCP & add custom DNS server
FlexiISN auth bypass AAA Configuration
FlexiISN auth bypass Aggregation Class Configuration
FlexiISN auth bypass GGSN general Configuration
FlexiISN auth bypass Network Access & services
5200 Default administrator account
5200 Host authentication bypass
5200 Configuration disclosure /.cfg
SE461 denial of service
ST585, TG585n user.ini arbitrary download vulnerability
ST585 Redirect domain CSRF
ST585 Add administrator account CSRF
bthomehub call number (voice-jacking) auth bypass
bthomehub authentication bypass
bthomehub enable remote access and change tech password
bthomehub disable wifi
TEW-633GR A-to-C authentication bypass
TEW-633GR unauthorized factory reset
G-570S configuration disclosure
Prestige configuration disclosure
Prestige privilege escalation
Prestige default password
ZyWALL USG client side authorization config disclosure
ZyNOS configuration disclosure
Zywall2 Persistent Cross Site Scripting
Prestige unauthorized reset
WWNAP210 authentication bypass
WNDAP350, WNAP210 BackupConfig.php config disclosure
CG3100D privilege escalation
RP614v4 config disclosure
WNR2000 information disclosure
WNR2000 information disclosure
WNR2000 config disclosure
DG632 auth bypass (config disclosure)
DG632 auth bypass
DG632 'firmwarecfg' denial of service
WGR614v9 denial of service
SSL312 VPN denial of service
FVS318 content filtering bypass
FVS318 log file arbitrary content injection
DG834G enable telnet root shell
WG602 undocumented admin account (superman)
WG602 undocumented admin account (super)  

We already have a whitepaper on router exploitation & its potential you can check it here

You can use the tool from this url: www.routerpwn.com

Ani Shell DDoser, Mass Mailer, Web Fuzzer

Ani-Shell is a simple PHP shell with unique features like Mass Mailer , A simple Web-Server Fuzzer , and a DDoser. Ani-shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Features of Ani-Shell

• Shell
• Plateform Independent
• Mass – Mailer
• Small Web-Server Fuzzer
• DDoser
• Design

alt="anishell"

 Default Login password for anishell

Username : lionaneesh
Password : lionaneesh

As it is writeen in PHP it is OS independent and also uses less resources. It is just the first edition of the Ani-shell we hope there are many improments and additions.
Download Ani-Shell v1.0 (ani-shellv1.0.rar) here

Sniffjoke Antisniffing Framework & Tool For Session Scrambling

What is sniffjoke?

SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer).

An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server support is needed!

The internet protocols have been developed to allow two elements to communicate, not some third-parts to intercept their communication. This will happen, but the communication system has been not developed with this objective. SniffJoke uses the network protocol in a permitted way, exploiting the implicit difference of network stack present in an operating system respect the sniffers dissector.

How Does It Work?

It works only under Linux (at the moment), creates a fake default gateway in your OS (the client or a default gateway) using a TUN interface check every traffic passing thru it, tracks every session and
applyies two concepts: the scramble and the hack.

The scramble is the technology to bring:

A sniffer to accept as true a packet who will be discarded by the server, or
A sniffer to drop a packet who will be accepted by the server.

The scramble technology brings in desynchronisation between the sniffer flow and the real flow.

The bogus packet accepted by the sniffer is generated by the “plugin” is a C++ simple class, which in a pseudo statefull tracking will forge the packet to be injected inside the flow. is pretty easy to develop

anew one, and if someone wants to make research on sniffers attack (or fuzzing the flow searching for bugs) need to make the hand inside its.

The configuration permits to define blacklist/whitelist ip address to scramble, a degree of aggressivity for each port, which plugin will be used.

Download SniffJoke here: sniffjoke-0.4.1.tar.bz2

Credit Card Scanner:PANBuster

What is PANBuster ?

PANBuster is a tool which search for credit card numbers stored in clear-text on a system.

As required by the PCI DSS standard, Primary Account Numbers (PAN) - also known as "credit card numbers" - must never be stored without strong encryption and a proper keys management.

PANBuster is provided to help PCI QSA, system administrators, developpers, auditors and forensics identify clear-text PAN with minimum false-positive detections.

Features of Panbuster

• Binaries available for Linux (32-bits and 64-bits), Windows (32-bits) and Mac OS X (Universal)
• Low false-positive rates
• Complexe regular expression allowing various PAN format detection
• Able to identify card brands (VISA, Mastercard, American Express, JCB, Discover, China Union..) and issuing banks (more than 1000 BIN)
• Able to parse compressed files in memory, without deflate (.ZIP, .GZ, .TGZ...)
• Skip unregular files and overlong datastream
• Detect PAN in : MySQL datafile, MSSQL (backup files only), PostgreSQL, Oracle (Dump).

Example of use

MYCOMPUTER: xmco$ ./panbuster -f ../
FOUND - 544688xxxxxx9691 - MASTERCARD - Meridian Credit Union Debit and Exchange Network Card - [..//REP2/dir_test/test.xls]
FOUND - 456396xxxxxx1999 - VISA - Electron ROI - [..//db.mdf]

Download PANBuster

PANBuster for Windows PE 32-bits, compatible 2000/XP/2003/7/2008 MD5 (exe): 5f40b9d912828b0fd143145cc087f46a / MD5 (zlib.dll): f42601d4ac18bb06d830b6f8e4500adf
PANBuster for Linux ELF 32-bits and 64-bits 32-bits release MD5: 5b9d3dc5aafeb5c2abe7cd8d88675caa 64-bits release MD5: a00387403ddc2df477c2c4e080387a97
PANBuster for Mac OS X Universal Binary (Leopard compatible) MD5: b0ceebf041fc672f65eca8b23067ac86

Metasploit Framework 3.7.0 Released!

The Metasploit team has spent the last two months focused on one of the least-visible, but most important pieces of the Metasploit Framework; the session backend. Metasploit 3.7 represents a complete overhaul of how sessions are tracked within the framework and associated with the backend database. This release also significantly improves the staging process for the reverse_tcp stager and Meterpreter session initialization. Shell sessions now hold their output in a ring buffer, which allows us to easily view session history -- even if you don't have a database.

More details about this release can be found in the 3.7.0 Release Notes. As always, the latest version is available from the Metasploit download page.

Metasploit installation (GnackTrack & BackTrack)

     wget http://www.rapid7.com/redirect/metasploit_p/linux32/

    chmod +x metasploit-3.7.0-linux-installer.bin 

    sudo ./metasploit-3.7.0-linux-installer.bin

    cd /opt/metasploit-3.7.0/
    
    ./msfpro

NMAP TUTORIAL

NMAP(Network Mapper) is one of the most basic & advanced fingerprinting tool.I recommend this tool to everyone.


Basically NMAP is port scanner with advanced features like host identification topology etc

The six port states recognized by Nmap

OPEN

An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports  are also interesting for non-security scans because they show services available for use on the network.

CLOSED

A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.     

FILTERED 

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.

 

UNFILTERED 

The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.

 

open|filtered

Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.

 

closed|filtered

This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.

here are the two videos showing basics of nmap








For those who have low bandwith nd cant go through videos

 Here i used Zenmap(nmap GUI) to scan my windows machine on vmware i used intensive scan with all 65535 ports to scan

 Results were really cool showing all my open ports + os detection was accurate

you can download nmap from here 

do share your views for this tut

Infondlinux: Install Useful Security Tools & Firefox Addons for hackers

Infondlinux is a script that installs most of the hacking tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.

It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.

List of security tools included:
Debian packages:

• imagemagick
• vim
• less
• gimp
• build-essential
• wipe
• xchat
• pidgin
• vlc
• nautilus-open-terminal
• nmap
• zenmap
• sun-java6-plugin et jre et jdk
• bluefish
• flash-plugin-nonfree
• aircrack-ng
• wireshark
• ruby
• ascii
• webhttrack
• socat
• nasm
• w3af
• subversion
• mercurial
• libopenssl-ruby
• ruby-gnome2
• traceroute
• filezilla
• gnupg
• rubygems
• php5
• libapache2-mod-php5
• mysql-server
• php5-mysql
• phpmyadmin
• extract
• p0f
• spikeproxy
• ettercap
• dsniff :
  • arpspoof Send out unrequested (and possibly forged) arp replies.
  • dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
  • dsniff password sniffer for several protocols.
  • filesnarf saves selected files sniffed from NFS traffic.
  • macof flood the local network with random MAC addresses.
  • mailsnarf sniffs mail on the LAN and stores it in mbox format.
  • msgsnarf record selected messages from different Instant Messengers.
  • sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  • sshow SSH traffic analyser.
  • tcpkill kills specified in-progress TCP connections.
  • tcpnice slow down specified TCP connections via “active” traffic shaping.
  • urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
  • webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  • webspy sends URLs sniffed from a client to your local browser
• unrar
• torsocks
• secure-delete
• nautilus-gksu
• sqlmap

Third party packages:

• tor
• tor-geoipdb
• virtualbox 4.0
• google-chrome-stable

Manually downloaded software’s and versions:

• DirBuster (1.0RC1)
• truecrypt (7.0a)
• metasploit framework (3.6)
• webscarab (latest)
• burp suite (1.3.03)
• parosproxy (3.2.13)
• jmeter (2.4)
• rips (0.35)
• origami-pdf (latest)
• pdfid.py (0.0.11)
• pdf-parser.pym (0.3.7)
• fierce (latest)
• wifite (latest)
• pyloris (3.2)
• skipfish (1.86 beta)
• hydra (6.2)
• Maltego (3.0)
• SET

Author made scripts:

• hextoasm
• md5crack.py (written by Corbiero)
• chartoascii.py
• asciitochar.py
• rsa.py
• Firefox extensions:
  
• livehttpheaders
• firebug
• tamperdata
• noscript
• flashblock
• flashgot
• foxyproxy
• certificatepatrol
• chickenfoot 1.0.7

Pretty good list of applications we must say.
How to install/download

# download:
$ wget http://infondlinux.googlecode.com/svn/trunk/infondlinux.sh
# install:
$ sudo infondlinux.sh

enjoy it :)

Infondlinux: Install Useful Security Tools & Firefox Addons for hackers

Infondlinux is a script that installs most of the hacking tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.

It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.

List of security tools included:
Debian packages:

• imagemagick
• vim
• less
• gimp
• build-essential
• wipe
• xchat
• pidgin
• vlc
• nautilus-open-terminal
• nmap
• zenmap
• sun-java6-plugin et jre et jdk
• bluefish
• flash-plugin-nonfree
• aircrack-ng
• wireshark
• ruby
• ascii
• webhttrack
• socat
• nasm
• w3af
• subversion
• mercurial
• libopenssl-ruby
• ruby-gnome2
• traceroute
• filezilla
• gnupg
• rubygems
• php5
• libapache2-mod-php5
• mysql-server
• php5-mysql
• phpmyadmin
• extract
• p0f
• spikeproxy
• ettercap
• dsniff :
  • arpspoof Send out unrequested (and possibly forged) arp replies.
  • dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
  • dsniff password sniffer for several protocols.
  • filesnarf saves selected files sniffed from NFS traffic.
  • macof flood the local network with random MAC addresses.
  • mailsnarf sniffs mail on the LAN and stores it in mbox format.
  • msgsnarf record selected messages from different Instant Messengers.
  • sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  • sshow SSH traffic analyser.
  • tcpkill kills specified in-progress TCP connections.
  • tcpnice slow down specified TCP connections via “active” traffic shaping.
  • urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
  • webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  • webspy sends URLs sniffed from a client to your local browser
• unrar
• torsocks
• secure-delete
• nautilus-gksu
• sqlmap

Third party packages:

• tor
• tor-geoipdb
• virtualbox 4.0
• google-chrome-stable

Manually downloaded software’s and versions:

• DirBuster (1.0RC1)
• truecrypt (7.0a)
• metasploit framework (3.6)
• webscarab (latest)
• burp suite (1.3.03)
• parosproxy (3.2.13)
• jmeter (2.4)
• rips (0.35)
• origami-pdf (latest)
• pdfid.py (0.0.11)
• pdf-parser.pym (0.3.7)
• fierce (latest)
• wifite (latest)
• pyloris (3.2)
• skipfish (1.86 beta)
• hydra (6.2)
• Maltego (3.0)
• SET

Author made scripts:

• hextoasm
• md5crack.py (written by Corbiero)
• chartoascii.py
• asciitochar.py
• rsa.py
• Firefox extensions:
  
• livehttpheaders
• firebug
• tamperdata
• noscript
• flashblock
• flashgot
• foxyproxy
• certificatepatrol
• chickenfoot 1.0.7

Pretty good list of applications we must say.
How to install/download

# download:
$ wget http://infondlinux.googlecode.com/svn/trunk/infondlinux.sh
# install:
$ sudo infondlinux.sh

enjoy it :)

Armitage 04.24.11

Armitage is a graphical attack management tool for Metasploit that visualize your target, recommends exploits, and expose the advanced capabilities of the framework. Armitage's aim is to make Metasploit usable for security practitioners who understand hacking but do not use Metasploit every day. 

New features in Armitage updated version.

• Armitage -> Listeners -> Reverse now binds to 0.0.0.0.
• Host import now posts an event to the collab mode shared event log

• Added an option to display an MOTD message to clients that connect to Armitage in the collaboration mode. Use -m or –motd before –server and specify a file, e.g.  

               armitage -m /path/to/motd.txt --server ...

• Fixed a potential dead-lock condition with the screenshot/webcam shot tab.

_ User message on connect _

• Added Meterpreter -> Access -> Pass Session to send a meterpreter session to a handler set up on another host.
• Armitage now sets ExitOnSession to false for multi/handlers started within Armitage.
• Pivoting and ARP Scan dialogs now highlight first option by default.
• Added a sanity check to the Route class to prevent malformed IPs from screwing up sorting.
• Removed sqlite3 from the database options. I should have done this long ago–it has no place in Armitage.
• Armitage now intercepts meterpreter “shell” command and opens a new tab with the cmd.exe interaction in it.

You can download Armitage from 


WINDOWS-here
LINUX-here
MacOS X - here

Learn more about Armitage -fastandeasyhacking

Armitage 04.24.11

Armitage is a graphical attack management tool for Metasploit that visualize your target, recommends exploits, and expose the advanced capabilities of the framework. Armitage's aim is to make Metasploit usable for security practitioners who understand hacking but do not use Metasploit every day. 

New features in Armitage updated version.

• Armitage -> Listeners -> Reverse now binds to 0.0.0.0.
• Host import now posts an event to the collab mode shared event log

• Added an option to display an MOTD message to clients that connect to Armitage in the collaboration mode. Use -m or –motd before –server and specify a file, e.g.  

               armitage -m /path/to/motd.txt --server ...

• Fixed a potential dead-lock condition with the screenshot/webcam shot tab.

_ User message on connect _

• Added Meterpreter -> Access -> Pass Session to send a meterpreter session to a handler set up on another host.
• Armitage now sets ExitOnSession to false for multi/handlers started within Armitage.
• Pivoting and ARP Scan dialogs now highlight first option by default.
• Added a sanity check to the Route class to prevent malformed IPs from screwing up sorting.
• Removed sqlite3 from the database options. I should have done this long ago–it has no place in Armitage.
• Armitage now intercepts meterpreter “shell” command and opens a new tab with the cmd.exe interaction in it.

You can download Armitage from 


WINDOWS-here
LINUX-here
MacOS X - here

Learn more about Armitage -fastandeasyhacking

Detecting Google hacking against your Website

Google or other search engines have been used for many purposes such as finding useful information, important websites and latest news on different topics, Google index a huge number of web pages that are growing daily. From the security prospective these indexed pages may contain different sensitive information.

Google hack involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications.
GHH is a “Google Hack” honeypot. GHH is designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources so it implements honeypot theory to provide additional security to your web presence.
To install the Google Honeypot on your website you follow the install instructions. This allows you to monitor attempts by malicious attackers to compromise your security. The logging functions that GHH implements allows you, the administrator, to do what you like with the information. You can use the attack database to gather statistics on would-be-attackers, report activities to appropriate authorities and temporarily or permanently deny access to resources.

Detecting Google hacking against your Website

Google or other search engines have been used for many purposes such as finding useful information, important websites and latest news on different topics, Google index a huge number of web pages that are growing daily. From the security prospective these indexed pages may contain different sensitive information.

Google hack involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications.
GHH is a “Google Hack” honeypot. GHH is designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources so it implements honeypot theory to provide additional security to your web presence.
To install the Google Honeypot on your website you follow the install instructions. This allows you to monitor attempts by malicious attackers to compromise your security. The logging functions that GHH implements allows you, the administrator, to do what you like with the information. You can use the attack database to gather statistics on would-be-attackers, report activities to appropriate authorities and temporarily or permanently deny access to resources.