Network Hacking

Ways To Attack a Network: Ping The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net. Open the DOS shell and enter the following PING command: Ping –a 123.123.12.1 Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.: dialup21982.gateway123.provider.com Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets. All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below. Click Start and then click Run. Now type ping <ip address or hostname> (For example: ping yahoo.com) This means that the attacker logged on using “provider.com”. Unfortunately, there are several IP addresses that cannot be converted into domain names. For more parameter that could be used with the ping command, go to DOS prompt and type ping /?. Ping Sweep If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap (http://www.insecure.org) also contains an option to perform ping sweeps. Tracert: Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP. Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below. Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed. If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming. Go to DOS prompt and type tracert <destination address> (For example: tracert yahoo.com). But there are some tools available like Visual Traceroute which help you even to find the geographical location of the routers involved. http://www.visualware.com/visualroute Port Scanning:- After you have determined that your target system is alive the next important step would be to perform a port scan on the target system. There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from: http://www.sourceforge.net/projects/nmapwin. Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more. Common ports: Below is a list of some common ports and the respective services running on the ports. 20 FTP data (File Transfer Protocol) 21 FTP (File Transfer Protocol) 22 SSH 23 Telnet 25 SMTP (Simple Mail Transfer Protocol) 53 DNS (Domain Name Service) 68 DHCP (Dynamic host Configuration Protocol) 79 Finger 80 HTTP 110 POP3 (Post Office Protocol, version 3) 137 NetBIOS-ns 138 NetBIOS-dgm 139 NetBIOS 143 IMAP (Internet Message Access Protocol) 161 SNMP (Simple Network Management Protocol) 194 IRC (Internet Relay Chat) 220 IMAP3 (Internet Message Access Protocol 3) 389 LDAP 443 SSL (Secure Socket Layer) 445 SMB (NetBIOS over TCP) Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system. Vulnerability Scanning: Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system. There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security. Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit http://www.securityfocus.com vulnerabilities and exploit codes of various operating systems. Packet storm security (http://www.packetstormsecurity.com) is also a nice pick.

Tools Descriptions: 1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series. Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source. Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results. Get Nmap Here - http://www.insecure.org/nmap/download.html 2. Nessus Remote Security Scanner Recently went closed source, but is still essentially free. Works with a client- server framework. Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. Get Nessus Here - http://www.nessus.org/download/ 3. John the Ripper Yes, JTR 1.7 was recently released! John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. You can get JTR Here - http://www.openwall.com/john/ 4. Nikto Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those). Get Nikto Here - http://www.cirt.net/code/nikto.shtml 5. SuperScan Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan. If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice. Get SuperScan Here - http://www.foundstone.com/index.htm subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm 6. p0f P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on: - machines that connect to your box (SYN mode), - machines you connect to (SYN+ACK mode), - machine you cannot connect to (RST+ mode), - machines whose communications you can observe. Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine. Get p0f Here - http://lcamtuf.coredump.cx/p0f/p0f.shtml 7. Wireshark (Formely Ethereal) Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later. Get Wireshark Here - http://www.wireshark.org/ 8. Yersinia Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP). The best Layer 2 kit there is. Get Yersinia Here - http://yersinia.sourceforge.net/ 9. Eraser Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License. An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass. Get Eraser Here - http://www.heidi.ie/eraser/download.php 10. PuTTY PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4. 0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients. Get PuTTY Here. - http://www.chiark.greenend.org.uk/~sgtatham/putty/ 11. LCP Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing. A good free alternative to L0phtcrack. LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article. Get LCP Here - http://www.lcpsoft.com/english/download.htm 12. Cain and Abel My personal favourite for password cracking of any kind. Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Get Cain and Abel Here - http://www.oxid.it/cain.html 13. Kismet Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. A good wireless tool as long as your card supports rfmon (look for an orinocco gold). Get Kismet Here - http://www.kismetwireless.net/download.shtml 14. NetStumbler Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving. NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses: Verify that your network is set up the way you intended. Find locations with poor coverage in your WLAN. Detect other networks that may be causing interference on your network. Detect unauthorized rogue access points in your workplace. Help aim directional antennas for long-haul WLAN links. Use it recreationally for WarDriving. Get NetStumbler Here - http://www.stumbler.net/ 15. Hping To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills. hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Get hping Here - http://www.hping.org/

Ways To Attack a Network: Ping The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net. Open the DOS shell and enter the following PING command: Ping –a 123.123.12.1 Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.: dialup21982.gateway123.provider.com Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets. All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below. Click Start and then click Run. Now type ping <ip address or hostname> (For example: ping yahoo.com) This means that the attacker logged on using “provider.com”. Unfortunately, there are several IP addresses that cannot be converted into domain names. For more parameter that could be used with the ping command, go to DOS prompt and type ping /?. Ping Sweep If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap (http://www.insecure.org) also contains an option to perform ping sweeps. Tracert: Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP. Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination. To perform a tracert follow the procedure below. Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed. If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming. Go to DOS prompt and type tracert <destination address> (For example: tracert yahoo.com). But there are some tools available like Visual Traceroute which help you even to find the geographical location of the routers involved. http://www.visualware.com/visualroute Port Scanning:- After you have determined that your target system is alive the next important step would be to perform a port scan on the target system. There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap (http://www.insecure.org) which has a wide range of options. You can download the NmapWin and its source code from: http://www.sourceforge.net/projects/nmapwin. Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more. Common ports: Below is a list of some common ports and the respective services running on the ports. 20 FTP data (File Transfer Protocol) 21 FTP (File Transfer Protocol) 22 SSH 23 Telnet 25 SMTP (Simple Mail Transfer Protocol) 53 DNS (Domain Name Service) 68 DHCP (Dynamic host Configuration Protocol) 79 Finger 80 HTTP 110 POP3 (Post Office Protocol, version 3) 137 NetBIOS-ns 138 NetBIOS-dgm 139 NetBIOS 143 IMAP (Internet Message Access Protocol) 161 SNMP (Simple Network Management Protocol) 194 IRC (Internet Relay Chat) 220 IMAP3 (Internet Message Access Protocol 3) 389 LDAP 443 SSL (Secure Socket Layer) 445 SMB (NetBIOS over TCP) Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system. Vulnerability Scanning: Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system. There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security. Some of such vulnerability scanners include Shadow Security Scanner,Stealth HTTP Scanner, Nessus, etc. Visit http://www.securityfocus.com vulnerabilities and exploit codes of various operating systems. Packet storm security (http://www.packetstormsecurity.com) is also a nice pick.

Tools Descriptions: 1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series. Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source. Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results. Get Nmap Here - http://www.insecure.org/nmap/download.html 2. Nessus Remote Security Scanner Recently went closed source, but is still essentially free. Works with a client- server framework. Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. Get Nessus Here - http://www.nessus.org/download/ 3. John the Ripper Yes, JTR 1.7 was recently released! John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. You can get JTR Here - http://www.openwall.com/john/ 4. Nikto Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those). Get Nikto Here - http://www.cirt.net/code/nikto.shtml 5. SuperScan Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan. If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice. Get SuperScan Here - http://www.foundstone.com/index.htm subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm 6. p0f P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on: - machines that connect to your box (SYN mode), - machines you connect to (SYN+ACK mode), - machine you cannot connect to (RST+ mode), - machines whose communications you can observe. Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine. Get p0f Here - http://lcamtuf.coredump.cx/p0f/p0f.shtml 7. Wireshark (Formely Ethereal) Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later. Get Wireshark Here - http://www.wireshark.org/ 8. Yersinia Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP). The best Layer 2 kit there is. Get Yersinia Here - http://yersinia.sourceforge.net/ 9. Eraser Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License. An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass. Get Eraser Here - http://www.heidi.ie/eraser/download.php 10. PuTTY PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4. 0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients. Get PuTTY Here. - http://www.chiark.greenend.org.uk/~sgtatham/putty/ 11. LCP Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing. A good free alternative to L0phtcrack. LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article. Get LCP Here - http://www.lcpsoft.com/english/download.htm 12. Cain and Abel My personal favourite for password cracking of any kind. Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Get Cain and Abel Here - http://www.oxid.it/cain.html 13. Kismet Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. A good wireless tool as long as your card supports rfmon (look for an orinocco gold). Get Kismet Here - http://www.kismetwireless.net/download.shtml 14. NetStumbler Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving. NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses: Verify that your network is set up the way you intended. Find locations with poor coverage in your WLAN. Detect other networks that may be causing interference on your network. Detect unauthorized rogue access points in your workplace. Help aim directional antennas for long-haul WLAN links. Use it recreationally for WarDriving. Get NetStumbler Here - http://www.stumbler.net/ 15. Hping To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills. hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Get hping Here - http://www.hping.org/

hacking tool

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. C4 - WAST gives users the freedom to select individual exploits and use them. BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it. Download  The Mole: Automatic SQL Injection Exploitation Tool  Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily.  Read more Download  Sqlninja 0.2.6 Features: >> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) >> Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental). >> Creation of a custom xp_cmdshell if the original one has been removed >> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed). >> TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell. >> Direct and reverse bindshell, both TCP and UDP >> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box.>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works).>> Evasion techniques to confuse a few IDS/IPS/WAF. >> Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection. Download HexorBase - The DataBase Hacker Tool To Audit Management and Multiple Databases HexorBase is a database application designed for management and audit multiple database servers simultaneously from a single location, is able to perform SQL queries and brute force attacks against servers common database ( MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ). This tool is simple to use and very practical, may have to know a little SQL, but the basics. Video: HexorBase runs on Linux and presumably Windows, and requires: python-qt4 python python-MySQLdb cx_Oracle python-psycopg2 python-python-qscintilla2 pymssql To install it you must download and from the console: root @ host: ~ # dpkg-i hexorbase_1.0_all.deb Project website and download HexorBase:  http://code.google.com/p/hexorbase/ Net Tools 5.0 (Net Tools 5.x) This tools is a hacker friendly. Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET. There has a 175 tools list in one software.. Tools Content Download

ARPwner – ARP & DNS Poisoning Attack Tool ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python. Download Read more  Intercepter Sniffer Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/ WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/ AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality. Download  Havij v1.15 Advanced SQL Injection Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. Download  Ani-Shell Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization. Customisation  1. Email Trace back is set to Off as default and emails will not be sent , If you are setting this feature on make sure you change the default email address (lionaneesh@gmail.com) to Your email address , Please Change it before using. 2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better security. 3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed. Default Login Username : lionaneesh Password : lionaneesh Features  Shell Platform Independent Mass - Mailer Small Web-Server Fuzzer DDoser Design Secure Login Deletion of Files Bind Shell Back Connect Fixed Some Coding errors! Rename Files Encoded Title Traceback (Email Alerts) PHP Evaluate Better Command Execution (even supports older version of PHP) Mass Code Injector (Appender and Overwriter) Lock Mode Customization Latest Version Addition Mail Bomber (With Less Spam detection feature) PHP Decoder Better Uploader Fixed some Coding errors Download SQL MAP 0.9  sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Its a good tools for find Sql Vulnerability. New Features/Changes--> Rewritten SQL injection detection engine (Bernardo and Miroslav). Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav). Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav). Implemented support for SQLite 2 and 3 (Bernardo and Miroslav). Implemented support for Firebird (Bernardo and Miroslav). Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav). Added support to tamper injection data with –tamper switch (Bernardo and Miroslav). Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav). Added support to fetch unicode data (Bernardo and Miroslav). Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav). Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav). Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav). Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns. Download DRIL – Domain Reverse IP Lookup Tool: DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key. DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too. There are various other tools which carry out similar tasks.. Download

Windows Hacking

>>New: As we heard that Microsoft officially closed security updates for Windows XP on 8th Apr 2014. But here you can do Security Updates for Windows XP. Below method can updates your Windows XP up-to April 2019. STEPS TO FOLLOW: 1. Open Notepad 2. Copy and paste the follow code Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 3.Save file as .reg extension 4. Double click on it When it runs then it you automatically get notification for Windows Update. Enjoy..!! >>Open COMMAND PROMPT while Locked by User. >open notepad >type www.command.com > then save as cmd.bat at desktop >then enter now its open.....enjoy >>If your computer is slow? then clean up the ram.. >Open notepad >type FREEMEM=SPACE(64000000) >Save it as ram.vbs now run the script. Check out !! >>CracK BIOS Password >Open the CPU >Observe the Motherbord >Remove the Silver Battery(3v) >Wait 2 minutes and place the Battery >>Restoring a Lost Desktop- >Start >Run Type a period " . " Then press Enter >>If ur PC is hanged then do this. Press shift+ctrl+esc or ctrl+alt+del n den click on 'END TASK' ur PC is runing now >>create folder without name >select any folder >rename it >press alt & type 0160 or 255 >enter >>Amazing trick for use Windows Backup Utility if installed go to run type ntbackup ok Now use backup >>Increase the speed of your file sharing Simple Way to Share Multiple Folders : Goto Run and Type SHRPUBW.EXE then press Enter Select the folder you want to share and Set permissions, your share folder is ready now..... >>Turning off the Help on Min, Max, Close Icons When the mouse goes over the minimize, maximize and close icons on the upper right hand side of a window. To disable that display: 1. Start Regedit 2. Go to HKEY_CURRENT_USER \ Control Panel \ Desktop 3. Create a String Value called MinMaxClose 4. Give it a value of 1 5. Reboot >>FIX CORRUPTED FILE IN WINDOW XP 1.Load XP cd into cd drive 2. go to Run 3. type sfc/scannowok 4. Then copy its lost file frm cd. >>AUTO DELETE TEMPORARY FOLDER.!! what i prefer is %temp% " without quotes.. at Start -> Run.. this opens ur temp folder n den u cal erase it nearly First go into gpedit.msc Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder Then right click "Do Not Delete Temp Folder Upon Exit" Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.

>>Locking Folders: Consider you want to lock a folder named XXXX in your E:\, whose path is E:\XXXX. Now open the Notepad and type the following [code]ren xxxx xxxx.{21EC2020-3AEA-1069-A2DD-08002B30309D}[/code] Where xxxx is your folder name. Save the text file as loc.bat in the same drive. Open another new notepad text file and type the following [code]ren xxxx.{21EC2020-3AEA-1069-A2DD-08002B30309D} xxxx[/code] Save the text file as key.bat in the same drive. Steps to lock the folder: To lock the xxxx folder, simply click the loc.bat and it will transform into control panel icon which is inaccessible. To unlock the folder click the key.bat file. Thus the folder will be unlocked and the contents are accessible. >>Locking Drives: We don’t usually prefer to lock our drives, but sometimes it becomes nesscary. Say for instance you might have stored your office documents in D:\ and you don’t want your kids to access it, in such case this technique can be useful for you. Please don’t try this tweak with your root drive (usually C:\ is the root drive) since root drives are not intended to be locked because they are mandatory for the system and application programs. Start & Run and type Regedit to open Registry editor Browse HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer Create a new DWORD value NoViewOnDrive and set its value as 2^ (Alpha Number of Drive Letter-1) where Alpha number are simple counting of alphabets from A to Z as 1 - 26 For example: to lock C:\, Alpha number of C is 3 so 2^ (3-1) = 4 (decimal value) To lock more drives, calculate the value of each drive and then set sum of those numbers as value To unlock your drive just delete the key from the registry. >>To Remove Recyle Bin From Your Desktop Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop. >>Disable the Security Center warnings Follow the given steps to edit the computer registry for disable message: First click on Start button then type Regedit in Run option. Here locate the location to: • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Here in right side panel, double click on Anti Virus Disable Notify and set its value 1. Now close the registry editor and restart your computer after any changes to go into effect. >>HIDE DRIVES How to Hide the drives(c:,d:,e:,a:...etc) To disable the display of local or networked drives when you click My Computer. 1.Go to start->run.Type regedit.Now go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies \Explorer 2.In the right pane create a new DWORD item and name it NoDrives(it is case sensitive). 3.Modify it's value and set it to 3FFFFFF (Hexadecimal) . 4.Restart the computer. 5.Now when you click on My Computer, no drives will be shown(all gone...). To enable display of drives in My Computer, simply delete this DWORD item that you created. Restart your computer. All the drives are back again. >>Show your name in taskbar Trick to Show Your name after time in taskbar... Try this trick to add up ur name in place of AM and PM beside time Its simple Step-1:- Navigate to -> Start -> Control Pannel -> Regional and Language Option -> Click on Customize -> Go to TIME Tab -> Change AM symbol and PM symbol from AM and PM to ur name -> Apply -> Ok ... Did It change? If not, follow step-2 below. Step2:- Now go to time in taskbar and Double Click it to open "Date and time property" ...Look place where time changes in digital form i.e. 02:47:52 AM , click to arrow to change the AM or PM by selecting and press arrow. It will Show ur name or name that was entered by u, Apply -> OK Done

Hack Facebook Account

Hence we know that there are many techniques for Hacking Facebook Account like Phishing Attacks, Keylogging and other Social techniques but today we are going to see how to hack passwords using new feature introduced by Facebook the 3 Trusted Friends Password Recovery Feature in this what happens if you have lost your password and you don’t have any access to your default email address than this feature will handy by sending request to your 3 trusted friends and hence gaining your account password again.
For this technique you need to create 3 fake Facebook account and you need to surely add these as friends into your victims account whose account you are going to hack.

After success full addition of your fake accounts into victims account as friends follow the below steps .:

1. Go to Facebook and click Forgot your Password ?

2. Than you will get something like below just enter the details you know about him enter his Username, email address and full name.

3. After entering everything check it again and click on search.

4. After succeful search for the user Facebook will show some information about how many emails are linked to the account and there is simple option saying 
No Longer Access to These click that one.

5. Now it will promote you to enter a new email address on which you will get the password resetting option so enter your email address I suggest you creating a Fake or Temporary email address for safety purpose.

6. Than it will promote you to enter the Security well if you have some security guess about that one than that’s ok but if you don’t know it than simply enter 3 wrong answers and it will take you to the 3 trusted friends recovery page like below.

7. Now just click continue and facebook will ask you to choose 3 trusted friends choose the 3 fake profiles of your which you created and added into the victims account. 
8. After selecting 3 accounts facebook will send security codes to these accounts just enter these codes and you will get Password Resetting email from Facebook on the account you created in Step 5

That’s it now you are successful in Hacking Facebook Password with the 3 Trusted Friends Method.