Backtrack Kali Tutorial – Exploit MS08-067 Vulnerability using Metasploit

This tutorial is for demonstration purposes only – Please use this knowledge responsibly

This video will show you how to create a reverse SSH connection to a server/workstation

This exploit is taking advantage of vulnerability MS08-067 using Metasploit on Kali.
This is a Kali VM attacking a Microsoft 2008 server (this will also work on any machine without the patch)

The moral of this is to update your system

http://www.kali.org

http://support.microsoft.com/kb/958644

Caintech.co.uk – Here comes Kali

Affected Software

Operating System

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2

Windows XP Service Pack 3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 1

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista and Windows Vista Service Pack 1

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems

51.526392 -0.091389

Here Comes Kali

The official update from BackTrack Central:

Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.

After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date.

Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux. Trying to list all the new features and possibilities that are now available in Kali would be an impossible task on this single page. We therefore invite you to visit our new Kali Linux Website and Kali Linux Documentation site to experience the goodness of Kali for yourself.

We are extremely excited about the future of the distribution and we can’t wait to see what the BackTrack community will do with Kali. Sign up in the new Kali Forums and join us in IRC in #kali-linux on irc.freenode.net and help us usher in this new era.

51.526392 -0.091389

What Most Schools Don’t Teach

51.526392 -0.091389

The 25 Most-used Passwords

How secure are your passwords? Hopefully they’re more clever than these top 25 most-popular (and therefore least secure) passwords.

SplashData, an online security management firm, compiled this list for 2012:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. gazwsx
24. michael
25. football

Are any of your passwords on the list? If so, it’s time to upgrade to one with varying numbers, capitalization and figures. Separate words with spaces or underscores. For crying out loud, don’t use your pet’s or your spouse’s name or even you children’s names.

51.526392 -0.091389

A 13 Year Old Tried to Hack a Steam Account, and got Hacked.

This is absolutely hilarious. This guy tried to phish for some dudes password via MSN. It ended up with him getting pwned. The lesson is, don’t phish, i love his end comment. You need to check this out!

br0kenrabbit: hi

Greg_ValveOLS: good evening

br0kenrabbit: What’s ip?

br0kenrabbit: up?

Greg_ValveOLS: my name is greg a member of the valve online Support team

br0kenrabbit: On MSN?

Greg_ValveOLS: yes icon smile

br0kenrabbit: Why?

Greg_ValveOLS: we logged multiple ips from your account and need to verify your information

br0kenrabbit: My information?

Greg_ValveOLS: we believe someone may have stolen your account mmmm you haven’t shared you’re account information with anyone have you?

br0kenrabbit: No. I don’t even have it written down.

Greg_ValveOLS: hmmm maybe a keylogger on you r PC then maybe you need a format?

br0kenrabbit: Well…

Greg_ValveOLS: if you can verify your account information to me i can insure that only your ip have access to it Its a new security feature were trying because this happens so much login names and passwords aint safe anymore You know. L:)

br0kenrabbit: Well

Greg_ValveOLS: dont worry this connect it secure

br0kenrabbit: Can I be honest with you, Greg?

Greg_ValveOLS: k

br0kenrabbit: Look, I don’t know how you go this MSN account name, don’t really care, either.

br0kenrabbit: Unlike you, I DO work for Valve. Trace my ip and you’ll see.

Greg_ValveOLS: huh?

Greg_ValveOLS: bs

br0kenrabbit: Trace it.

Greg_ValveOLS: how

br0kenrabbit says:Start/run/cmd type Tracert and then my IP address and hit enter.

Greg_ValveOLS: oh k

br0kenrabbit: As an employee, I know that Valve employees will NEVER contact users over MSN. I also know a valve employee will NEVER ask a user for his/her username and password.

br0kenrabbit: I’m putting a temporary hold on your Steam account.

Greg_ValveOLS: why?

br0kenrabbit: Have you read the ToS?

Greg_ValveOLS: Tod?

Greg_ValveOLS: tos

br0kenrabbit says:terms of service

Greg_ValveOLS: were?

br0kenrabbit: Greg, this is a serious infraction against the Tos. You are at risk of losing your account.

Greg_ValveOLS: why

br0kenrabbit: I just told you why

Greg_ValveOLS: icon sad

br0kenrabbit: I need some information from you if you want me to unlock you account. I’m going to write you up but I will only suspend you account for three days, since this is your first infraction, okay?

Greg_ValveOLS: k

br0kenrabbit says:First, what is the name the account is registered to. Not the user name, the persons real name who created the account. This is for verification purposes.

Greg_ValveOLS: xxxxx xxxxxxx

br0kenrabbit: Is this you?

Greg_ValveOLS: ya

br0kenrabbit: Are you the only user of this account?

Greg_ValveOLS: ya

br0kenrabbit: Okay, and what is the username

Greg_ValveOLS: xxxxxxxx

br0kenrabbit: Okay.

br0kenrabbit: I see you have purchased a few of our games, thank you. icon smile

Greg_ValveOLS: some. dude

Greg_ValveOLS: m

br0kenrabbit says:Do you always log on from the same IP?

Greg_ValveOLS: ya

br0kenrabbit says:And who is your internet providers, your ISP?

Greg_ValveOLS: xxxxxxx

br0kenrabbit says:Thank you. One moment, please, let me verify this information.

Greg_ValveOLS: am i gonna be bale to play 2nite?

br0kenrabbit: What is your city of residence?

br0kenrabbit: That depends on if you cooperate. You’re doing fine so far.

Greg_ValveOLS: xxxxxx

br0kenrabbit: Illinios?

Greg_ValveOLS: yes

br0kenrabbit: Okay. And what is the password associated with this account?

Greg_ValveOLS: xxxxxxx

br0kenrabbit: Okay. Do not try to log into steam. If you are connected now you need to log off.

Greg_ValveOLS: why

br0kenrabbit: So I can update your account.

Greg_ValveOLS: can I play 2 nite

Greg_ValveOLS: clan fight

Greg_ValveOLS: wont win without me heh

br0kenrabbit: Heh. You’ll have to wait a few minutes. Are you logged off?

Greg_ValveOLS: ya

br0kenrabbit: Okay. Give me just a moment.

br0kenrabbit: Try to log in now.

Greg_ValveOLS: k

Greg_ValveOLS: It says login failed wtf wtf!!@?

br0kenrabbit : Greg

Greg_ValveOLS: did u ban me???????????>WHY

br0kenrabbit: Greg

Greg_ValveOLS: what

br0kenrabbit: Valve will never ask for your username and password.

Greg_ValveOLS: what????

br0kenrabbit: I don’t work for Valve dude, but you just got pwnt.

Greg_ValveOLS: omg dude wtf why?

br0kenrabbit: Why were you trying to steal my account?

Greg_ValveOLS: i wanst

br0kenrabbit: Then why were you asking for my information?

Greg_ValveOLS: i was just making a joke but not serious honest dude just give my acount back pllllleeease i’m only 13 and save d up for like a year to buy it

br0kenrabbit: Greg

Greg_ValveOLS: dude pleas

Greg_ValveOLS: what

br0kenrabbit: Go mow some yards, bitch

51.526392 -0.091389

GodMode For Windows 8

Since the release of Windows 8 I am constantly asked “Where is this function, it is in Windows 7″. Well here is a quick way to find all the functions and features of Windows 8.

First off after you have booted Windows 8 and logged in select ‘Desktop’

Right click on the desktop and select ‘New>Folder

After the folder has been created, copy the below text, rename that folder, and paste the text as the file name.

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Once the above steps have been completed a new shortcut entitled GodMode will be visible. Opening this shortcut will display a Window similar to the below example.

Now you have all the power of the Gods.

51.526392 -0.091389

Top 15 Open Source/Free Security/Hacking Tools

1. Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra

A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

 

51.526392 -0.091389

Super Pi

Computational Engineers at the University of Southampton have built a supercomputer from 64 Raspberry Pi computers and Lego.

The machine, named “Iridis-Pi” after the University’s Iridis supercomputer, runs off a single 13 Amp mains socket and uses MPI (Message Passing Interface) to communicate between nodes using Ethernet.

The whole system cost under £2,500 (excluding switches) and has a total of 64 processors and 1Tb of memory (16Gb SD cards for each Raspberry Pi). Professor Cox uses the free plug-in ‘Python Tools for Visual Studio’ to develop code for the Raspberry Pi.

“The team wants to see this low-cost system as a starting point to inspire and enable students to apply high-performance computing and data handling to tackle complex engineering and scientific challenges as part of our on-going outreach activities,” says prof. James Cox.

If you want to build a Raspberry Pi Supercomputer yourself, see here.

 

http://www.raspberrypi.org

What is a Raspberry Pi?

 

 

51.526392 -0.091389

How to Check the Health of your Hard Drive

Hard disk failure is possibly the worst thing that can happen to your computer and it often occurs without giving any warning signs.

Test Your Hard Drive for Impending Problems

You may however run certain tests on your computer beforehand to get an idea about the current condition of your hard disk. This should  in turn help you decide whether a replacement drive is necessary or not.

Step 1: Check your hard disk for errors

All recent versions of Windows include a utility called Chkdsk.exe that can check your hard disk for any bad sectors.

You may either run Chkdsk from the command line (see details) or launch Windows Explorer, right click the drive that you wish to examine and choose Properties. Switch to the Tools tab and click the “Check Now” button under Error checking. Select “Scan for and attempt recovery of bad sectors” to perform a thorough disk check.

Step 2: Understand the sounds of your disk

Do you sometimes hear strange sounds coming out of the CPU box? Well, if the hard drive is making those sounds, it could be an alarming situation and your best bet would be that you turn off the computer before any further damage is done to the disk.

But how do you distinguish between sounds coming from a hard disk with noise that’s made by the fans or the power supply? Here’s a useful page where you can listen to recorded sounds of various hard drives that have lead to a crash. If your disk is making a similar sound, get a replacement quickly.

Step 3: Catch errors before they happen

Disk Checkup is a free hard disk monitoring utility that displays tons of diagnostic data about your disk. While the level of detail it provides may easily confuse even tech-savvy users, just ignore the numbers and keep the utility running in the background.

It monitors your disk’s temperature, read and write error rate, etc. and will alert you when the values of any of these parameters approach dangerous levels. These may be signs of an impending disk failure. Disk Checkup is free for personal use.

Step 4: Thoroughly test your Hard Disk

SeaTools is free diagnostic tool that can completely test your hard drive regardless of the OS installed on it. The tool is provided by Seagate but it works with non-Seagate   disk drives as well.

To get started, you need to download the ISO image of SeaTools for DOS and create a bootable CD. Now boot the computer with the CD in the drive, accept the license agreement and run a long test (the full scan). If any defects are found, a list will be offered at the end or after aborting the disk scan.

Other computer vendors /disk manufactures including Samsung, Hitachi, Toshiba (Fujitsu), Western Digital, Lenovo, Dell, etc.  too offer diagnostic tools that work only with their own brand of hard drives. If you are having frequent computer problems (like system hangs or fails to boot up), you may run these tools to confirm if the problems are hard drive related

51.526392 -0.091389

Excel – The Ultimate CheatSheet

So we have all been there, trying to create an Excel document and you just can’t think of a formula that will work. Well whether you are an Excel guru or just someone that wants to learn more, below it a cheatsheet to end all cheatsheets.

Excel The Ultimate Excel Cheatsheet.pdf

You’ll find everything from ‘Essential shortcuts’ to ‘Conversion formulas’, you will find examples and explanations for hundreds of formulas. So give it a go.

51.526392 -0.091389