Sunday, September 13, 2009

Get Victim's IP Address in 3 steps!

This is a really small method of finding someone's IP address.

1.Go to : http://www.reza24.com/ip/
2.Fill in the username and you email address.
3.Click Submit.

Now you will be given a link. Just give that link to the victim somehow. When the victim will click the link, you will receive his/her IP address in your email and he/she will be led to an error page like 404 error. Don't worry, they won't find out that you're trying to get their IP address.

Note:You will not receive any spam from this website. But it's still better to have a separate account for such adventures.

Thursday, September 10, 2009

Metasploit Basics - Hack Windows XP

Metasploit is a tool which uses certain bugs in Windows and other platforms to carve and develop exploits and lets you apply them using simple commands. Thus, Metasploit is a script kiddie's dream! :D. Well, maybe not.

In this tutorial, I'll teach you:
1>>The basics of metasploit,
2>>How to choose and apply an exploit on a target machine,
3>>Gain control of the victim's computer.

We'll be hacking Windows XP with no firewall installed or enabled.

Here's what we will be doing:

1)Install Metasploit Framework
2)Choose a target machine
3)Choose an exploit
4)Apply the exploit

Now here are the steps you are going to take:

1>>Download and install Metasploit framework by clicking HERE.

2>>Now after installing the framework run the Framework by going to    Start>>Programs>>Metasploit3>>Metasploit 3 GUI.

3>>Now go to Window on the top and click on Console. You can also just press 'Ctrl + O'.


4>>Now you have the console infront of you.



5>>Here's where it all starts and you start typing the commands. Now first of all we'll see which exploits are available for our use. For that click infront of msf> and type: show exploits

6>>You will get the list of exploits available infront of you. It'll be a long list so don't worry if it takes a second to load.

7>>Now you have to choose the exploit which you want to apply. Keep in mind that not every exploit you apply will work and that what might work for each victim may not work for another. For this tutorial I will use the windows/smb/ms08_067_netapi exploit.

8>>Find  windows/smb/ms08_067_netapi in the list of exploits you have infront of you and copy it. You can also copy it from here if you want to.

9>>Now type 'use windows/smb/ms08_067_netapi' in the console where you can replace this exploit by any other exploit you later use for hacking. It should look like this:


10>>Now type 'show payloads' in the console and press enter. You have a list of payloads to use infront of you.

11>>Payload is actually shellcode written in assembly or machine language. If you want to know what shellcode is click HERE.

12>>Now you have to choose a payload to attack the victim. For this tutorial I'm going to use 'windows/shell/bind_tcp' payload.

13>>So you have to type 'set payload windows/shell/bind_tcp' and press enter.



14>>Now you have selected the payload and you just have to set the victim's ip address.

15>>After this type 'set rhost [ip]' and press enter.

16>>Now you're ready to exploit! Just type 'exploit' and press enter! And here you have access to victims's system32 as the promt now shows C:\WINDOWS\System32. Like this:



Use different exploits and play around! See you in the next tutorial!

Note: You can also set the port to attack using different commands. Ask in the comments if you want me to explain anything else.

Sunday, September 6, 2009

Change Your IP Address & HIDE Your Identity! - TOR

Tired of waiting for Rapidshare downloads? Want to skip the 'Orkut/Facebook' ban? Want to be anonymous? Or just don't want anyone to have a clue about your whereabouts? Changing your IP can solve all these problems for you. Need I say more?

Okay, this tutorial is going to teach you how to change your IP address using simple third part software. There are many programs out there which change your external IP address but today I'm going to review the one I find most useful, i.e TOR.

TOR

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships.

Here's what you have to do:

1>>Go to http://www.torproject.org/easy-download.html.en

2>>Now there are two options that you have here. Either you can download the complete TOR bundle for Windows which saves you from manually configuring everything for each browser or IM client that you use OR download a simple installer which you will have to configure yourself after you install it.

3>>I recommend that if you have good bandwidth available, just download the bundle and make your life easy.

4>>Okay, so you haven't downloaded the bundle and want to stick to the simple installer.

5>>Start installing it and you'll be asked whether you want to install the TOR plugin for Firefox which you should if you use Firefox otherwise, don't.

6>>Once you're done with it just Run the 'Vidalia' client by going to Start Menu>>All Programs>>Vidalia Bundle>>Vidalia.



7>>Now you have to first configure Vidalia to make TOR run for your internet connection.



8>>If you're connecting to internet by using a proxy provided by an organization or an ISP, just click on settings. A dialogue box will appear. Now click on Network on the top and select the option 'I use a proxy to access the Internet'. No you can enter the proxy settings here. If you have a port restriction or a firewall installed you can also enter the allowed ports by clicking on the option right below this one.

9>> Now after you're done with this click on the Advanced Tab on the top and look at the port TOR is using to connect you to the Internet. Note down these settings as these are the ones you're going to enter everywhere to connect to the Internet via TOR.

10>>Once you've noted down the settings click OK and come back to the Vidalia Control Panel.

11>>Now open the browser you want to use and enter the proxy settings for it.

12>>For Firefox, go to Tools>>Options>>Advanced and click on the Network tab and then click on the settings button against 'Configure how Firfox connects to Internet'. Here select Manual Proxy Setting and enter the settings you noted down.


13>>For IE go to Tools>>Internet Options>>Connections>>LAN Settings and select 'Use a proxy server' option and then enter the settings.

 Now go back to the Vidalia Control Panel and click on the button 'Start TOR'. You're done once TOR is connected to the internet. Now to check your IP address and location go to www.dnsstuff.com and you'll see that your IP is being wrongly traced.

Each time you want a new IP address just go to the Vidalia control panel and click on 'Use a New Identity'. Make your life a lot easier by skipping rapidshare and other bandwidth and time based bans! :D

Have fun! With complete privacy! ;)

Note: TOR doesn't change your IP address, it actually hides it behind a proxy.

Friday, September 4, 2009

Cain and Abel - Using the sniffer to get passwords in 15 STEPS!

Okay, so now when you've learnt all the basics of Cain and Abel and the cracker, let's get to the real business. You are now ready to use the sniffer to get the passwords of the people who are on the same network as you. This is unbelievably simple and also warns us of the dangers we are prone to while we are on a network.

Make sure that you've configured Cain before moving on to read this article. If you still haven't configured it, look at the links at the bottom of this article.

So here is what you have to do:

1>>Open Cain and first of all click on the 'Start sniffer' button in the right top corner of your screen beside the radioactivity sign button. Don't worry you're just activating the sniffer.

2>>Now click on the sniffer tab. It should be blank if you're using it for the first time.

3>>Right click and select 'Scan for MAC addresses' and without touching anything click OK.

4>>Now you have a list of IP addresses and MAC addresses on your network.

5>>Now click on 'APR' tab at the bottom beside the 'hosts' tab.

6>>The function of APR is to Hijack the network traffic and pass it through your computer.

7>>Now single click in the upper segment of the empty form-like space on the right side of the window.

8>>Click on the blue PLUS sign (+) on the top which is meant to add new addresses to poison and sniff.

9>>Here, on the left side you have a list of available addresses. I prefer selecting the address of the router so select the address of the router and then on the right side select the addresses of the computers you want to sniff. You can choose as many computers as you like.

10>>Now just click okay and you'll see that address listed in the upper segment of your screen.

11>>Select the addresses with your mouse and click on the 'Start APR' button which appears like a radioactivity sign.

12>>Bingo! You just started sniffing and poisoning the network.

13>>Now click on the 'Passwords' tab at the bottom and here you have a list of all the activity going on and you can sneak the passwords from here.

14>>For web passwords see the HTTP tab and if you want the login information just click on 'SMB' on the left side of your screen where there is a list of the type of passwords available.

15>>From here, select the password you want to crack, right click it and send it to the cracker.

If you still don't know how to use the cracker, refer to the links below.

Related Posts

Still haven't configured Cain? Learn how to configure it!

Learn how to use the Cain's cracker for a Dictionary Attack to crack passwords!

Learn to use Rainbow Tables to crack passwords!

Want to watch the above tutorial as a video? Click HERE.