Pentest using Raspberry Pi Unknown rwxr-xr-x 0 22:21

Title	Pentest using Raspberry Pi
Permission	rw-r--r--
Author	Unknown
Date and Time	22:21
Category
Share

What is Raspberry Pi? Raspberry Pi is an ARM GNU / Linux box mini size. It used by some people to create mini PC to support their works. Raspberry Pi can be plugged in to your LCD monitor using HDMI and your USB keyboard or mouse because Raspberry Pi have not output and input device. Raspberry Pi is also used as a penetration testing box. By installing Backtrack Linux or Kali Linux it will be a pentesting device. You can install some tools for penetration testing for information gathering, vulnerability exploitation, maintaining access, reverse engineering, social engineering, etc.

Now let’s choose some penetration distribution for pentesting. Out beloved penetration distribution, Backtrack Linux, can't run on Raspberry Pi without modifications. But BackTrack Linux’s successor “Kali Linux” can run on Raspberry Pi. Not only available for Raspberry Pi , but also available for other ARM architectures. Kali Linux is based on Debian GNU / Linux distribution.

Kali Linux’s tools are categorized as Top 10 Security Tools, there are :

1. Information Gathering
2. Vulnerability Analysis
3. Web Applications
4. Password Attacks
5. Wireless Attacks
6. Exploitation Tools
7. Sniffing/Spoofing
8. Maintaining Access
9. Reverse Engineering
10. Stress Testing
11. Hardware Hacking
12. Forensics
13. Reporting Tools

You can download Kali Linux Raspberry Pi version from http://cdimage.kali.org/kali-images/kali-linux-1.0-armel-raspberrypi.img.gz

Now the other distribution is Raspberry Pwn. Raspberry Pwn is an installer from Pwnie Express for transforming a Debian distribution on Raspberry Pi into a penetration testing tool.

Installation of Raspberry Pwn

• Resize the root partition and use the whole SD card.
• Start the SSH service and SSH into your Raspberry Pi so that you can have access into the terminal or console of your Debian box
• Change to the root user:
  # sudo -s
• Install git (Must connected to the Internet):
  # apt-get install git
• Download or clone the Raspberry Pwn installer from:
  # git clone https://github.com/pwnieexpress/Raspberry-Pwn.git
• Move into the Raspberry-Pwn directory and run the installer script:
  # cd Raspberry-Pwn
  # ./INSTALL_raspberry_pwn.sh

Not only these 2 Linux penetration distribution for Raspberry Pi but there are many of them, PwnPi, PwnBerryPi, and etc.

Best Penetration Testing Tools Unknown rwxr-xr-x 0 22:20

Title	Best Penetration Testing Tools
Permission	rw-r--r--
Author	Unknown
Date and Time	22:20
Category
Share

There are many penetration testing tools on the market. They have been selected to cover a range of testing techniques from web based testing to network mapping, but the best penetration testing  tools are not complete because there are different tools to use for specific tests.



Acunetix
Acunetix are web vulnerability scanner is. It can  a variety of different types of web vulnerabilities, such as SQL Injection and XSS exploits. With built in crawlers, http editors and fuzzers, it providers a large set of useful diagnostic tools to help validate and verify flaws. Today it is one of the best website penetration testing tools.

Metasploit
Metasploit Framework is a key penetration testing tool when it comes to exploit development, host vulnerability validation and exploit execution. It is an opensource project that was created by HD Moore in 2003. It comes with over 800 exploits for Windows, Linux and Mac Operating Systems, with a very simple to use modular system for loading the desired payload. Metasploit also provides the option of encoding the payload in a variety of different formats to help bypass intrusion detection systems, prior to execution. This is a very powerful  and one of the most popular penetration testing tool for exploit development and testing with huge community backing.

Nmap
Nmap is one of the most common tools in a penetration testers arsenal. The tool allows fast host discovery, port mapping, service/operating system identification and enumeration to assist in gathering as much potential basic information about the network and alive hosts. It was developed by Fyodor and was originally an open source project for use on Linux/BSD. Now, It is developed to work on platforms such as Windows and Mac. A relatively new GUI version of Nmap, ‘Zenmap’  was released to work in Windows along side the CLI version.

Wireshark
Wireshark is an opensource packet analyser (network sniffer), which will capture and dump network activity sniffed on active wireless or wired LAN cards. You can capture data and save it as a pcap file watch the network traffic in real-time.  It is able to capture through USB showing what a great tool it is when it comes to analysis of data traffic. It is very useful when trying to monitor network resources, worm activity or general network abuse. Now, the penetration testing tool is available on Windows, Mac and Linux platforms.

Cain and Abel
Cain and Abel is a Windows based password recovery / cracking tool. Cain for short – the software is one of the most versatile password recovery tools available, currently supporting Windows password hash recovery, wireless passwords, MSSQL Passwords, Kerberos, Cisco, VNC, Radius and many more. It has been developed to crack passwords using brute force dictionary attacks, cryptanalysis and rainbow tables.

So, you can choose the best penetration testing  tools for your better and faster work now. Have a nice try.

Information Gathering Using Domain Name Unknown rwxr-xr-x 0 22:18

Title	Information Gathering Using Domain Name
Permission	rw-r--r--
Author	Unknown
Date and Time	22:18
Category
Share

Hacker can gather lots of information just by identifying a domain name of the website. Yes you are right, Information Gathering Using Domain Name. Domain name is a system where we provide a hostname which is automatically converted into the real IP address, so people don’t need remember the IP address, just the domain name or DNS address. When gathering information from a domain name, the first thing need to do is WHOIS. A domain name stores the information about the registered user of domain name itself, IP address, IP address range, and etc. Not only that, with WHOIS we can get the information about domain’s registrant, his contacts, his address, when the domain will expire, etc.

WHOIS can only reveal basic information, not all of the available information of domain name. Ok lets try using WHOIS to gathering a domain information. Open your Terminal and run the WHOIS program or you can search and use free service of WHOIS in the internet.

whois google.com

Now you get domain name information. There are domain name, registered through, registrant, and domain servers. Usually, WHOIS will return the following information about a domain:

• Inetnum
  The IP range the address.
• Route
  The address prefix to be routed.
• Descr
  A short description of related to the domain.
• Origin
• Mnt-by
• Changed
  The Information about who last updated the database object of domain name.
• Source
  The database place / source of the registered domain name.

And some optional attributes are:

• Country
  The country of the domain registrant. Two letter code of the country.
• Holes
  The Lists about address prefixes that are not reachable through the route.
• Member of
• Inject
  Specifies which routers perform the aggregation.
• Aggr-mtd
• Aggr-bndry
• Export-comps
• Components
  The component routes used to form the aggregate.
• Remarks
• Notify
  The email address where the notification of updated information will be send. 
• Mnt-lower
• Mnt-routes

Remember, not all of the domain name stores its registrant data. Some of domain are private. So Information Gathering Using Domain Name is easy, right?

What is Cross-Site Scripting (XSS) Unknown rwxr-xr-x 0 22:17

Title	What is Cross-Site Scripting (XSS)
Permission	rw-r--r--
Author	Unknown
Date and Time	22:17
Category
Share

There are lots of vulnerabilities in the web applications today. One of the most popular web application vulnerability is Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) is one of the top 10 Web Application Security Risks for 2010 by OWASP. So what is Cross-Site Scripting (XSS)?  Cross-Site Scripting (XSS) is one of the injection technique, like sql injection. But Cross-Site Scripting (XSS) injects a malicious scripts like VB, JS, etc. The malicious scripts are injected into a trusted web site.


Cross-Site Scripting (XSS) allows the attacker to execute a dangerous scripts in the victim’s browser. Then the script can access victim’s crucial data, like cookies, session, cache, etc. Attacker also can rewrite the HTML page.

There are 3 basic XSS flaws, they are reflected, stored and DOM based.

Reflected
Reflected is most common type of the XSS flaw that found in the web applications. The injected code will reflected off the web server. The attacker attacks victims via another route, such as email message or other web server. Attacker will sends a malicious link to the victims.

Stored
This ismore devastating variant os XSS. Attackers can inject malicious code in the web applications and the injected code is permantly store on the target servers. This is a dangerous attack. For example attacker leaving malicious code in a blog’s comment of vulnerable blog web application. The malicious code will execute in the browser of the other blog visitor.

DOM based.
DOM is a World Wide Web Consortium (W3C) specification. DOM is a object model for representing XML and HTML structures. Attacker payload is executed as the result of modifying the DOM in the victim’s browser. Like the other XSS, DOM based XSS can be used to steal victim’s data or hijack the victim’s banking account.

Cross-Site Scripting (XSS) is one of the popular technique of penetration. So you must be careful and use a internet security software to protect you from hacker.

How to using Fern-WiFi-Cracker on Backtrack 5 R3 Unknown rwxr-xr-x 0 22:16

Title	How to using Fern-WiFi-Cracker on Backtrack 5 R3
Permission	rw-r--r--
Author	Unknown
Date and Time	22:16
Category
Share

Fern-WiFi-Cracker is a Wireless Penetration Testing Tool written in python. It provides a GUI for cracking wireless networks. Fern Wi-fi cracker automatically run aireplay-ng, airodump-ng and aircrack-ng when you execute Fern-WiFi-Cracker. They are run separately but Fern-WiFi-Cracker  uses the aircrack-ng suite of tools. You can use Fern-WiFi-Cracker  for Session Hijacking or locate geolocation of a particular system based on its Mac address. Before using Fern-WiFi-Cracker make sure that your wireless card supports packet injection.

You can open Fern-WiFi-Cracker with go to
Backtrack >> Exploitation Tools >> Wireless exploitation tools >> WLAN exploitation >> Fern-WiFi-Cracker

Then select your wireless interface

Click the Wi-Fi logo button on the top and it will start the network scanning. You can set setting by double click in the application window.

After scanning you will see active button of WiFi WEP cracking or WPA cracking. Because the available of WiFi is WEP click the button

New dialog box will open. Set the setting  with select the WEP network from the list and select the type of attack. After you complete set the setting now launch the attack with click the Attack button.

Wait until the progress bar 100% complete and after it’s complete the Fern WiFi Cracker will starts aircrack for cracking wifi password.

Password will be shown in the button of window.

Basic Skills of Penetration Tester Unknown rwxr-xr-x 0 22:12

Title	Basic Skills of Penetration Tester
Permission	rw-r--r--
Author	Unknown
Date and Time	22:12
Category
Share

If you want become a hacker or a penetration tester, you must have basic skill of it. Basic skill of hacker needed so you can be a professional pentester. There are 10 basic skill and you must take over all of them.

1. Expert of operating system.

Operating System is a basic skill of hacking. You must become master in Operating System. So many people want to be a hacker without any knowledge of Operating System. Learn now, learn Unix Operating System. You must know about the OS details so you can find the vulnerability of it.

2. Good knowledge of networking

Networking is a main of hacking art. Learn about networking and network protocols. You must know TCP (Transmission Control Protocol), what is TCP / IP, understand routing, understand of package exchange, how DNS works, understand ARP, understand DHCP, IP address, OSI layer, etc. You must expert on it.

3. "How does it work?"

You must know how something works. Learn the concepts and you can get the answer of your questions about it.

4. Learn basic scripting

Try to learn bash so you can make your own program that will help you. Although bash is a basic scripting in Linux so you must learn it if you want mastering operating system.

5. Basic Firewall

Firewall is annoying "wall". It’s difficulty to defeat. You must find about the firewall details and learn hos to defeat it.

6. Know some forensics

This is optional, but if you learn forensics, it makes you better at covering your tracks.

7. Learn a programming language

You can make a program that will help you to automate something or a Trojan, backdoor, virus, etc.

8. Learn new stuff

Stay up to date about security news and learn something new so you can upgrade yourself.

9. Learn a little about databases

Database is a storage of crucial data. Learn how to operate it and how to hack it.

10. Interact and share your knowledge with like minded professionals

Try to sharing with other hacker to learn what you never learn.

Backtrack for Computer Forensics Unknown rwxr-xr-x 0 22:09

Title	Backtrack for Computer Forensics
Permission	rw-r--r--
Author	Unknown
Date and Time	22:09
Category
Share

Computer or Digital Forensic has become popular right now. Computer forensics is a part of a digital forensic scientific discipline concerning authorized evidence seen in computer systems and also digital hard drive media (Wikipedia). Backtrack as the greatest security tool offers numerous resources intended for computer forensics. Not just penetration tests and also security attack, Backtrack additionally supports computer forensic. We are able to evaluate all kinds of operating systems, such as DOS, Windows, MAC, or UNIX.

The fundamental ways of computer forensics:

1. Preparation
2. Collection
3. Examination
4. Analysis
5. Reporting

Computer forensic applications is actually work to investigate a digital evidence since numerous gadget could be potential evidence which help your computer analyst discover the reality. Evidence is found in data files and other facts locations. The consumer isn't aware which their own data has been created to their documents.

Backtrack linux offers several possible source to become trusted digital forensic applications. Backtrack offers a lot of resources that support computer analyst to accomplish several work such as Examine drive, Analyzing drive, Recovery drive, Vulnerabilities scan, Penetration testing, and also File interogration.

Classification of digital forensic tool.

Data Acquisition.
Data Acquisition is defined of software that is responsible to interrogate harddrive and get neccessary info from them.
Data Recovery and Carving.
The details Retrieval resources is placed of application that responsible to obtain remove data back again, inspecting invisible and also remove partition, as well as repairing the damaged block of filesystem. Information carving is actually taking out details (files) from undifferentiated blocks (raw data) with regards to data file identification.

Meta Data Analysis.
Meta Data Exploration is seeking invisible variable, to complete the meta details examination we want several software which could carry out exercise just like dissassembling a file (ducument/image/audio/video) and have invisible variable such as while had been data file final accessed, when had been it revised, or even simeting such as whenever had been data file may be produced and also utilizing exactly what applications it is may be produced

Network Forensic.
Network Forensic equipment isn't a lot different when match up against network security plan, cause that's have actual very same formula although most people do the reverese enginnering kinds. Network forensic tools protected this sort of jobs like make a good analysis of network visitors, captures data transmitted as part of TCP connections (flows)

Log File Analysis.
You will find the different parts of data files that could have got evidentiary value for example the day and also time of creation, modification, deletion, access, user name or identification, and file attributes. computer-created data files (log) which may be possible evidence are backup data files, log files, configuration files, printer spool files, cookies, swap files, hidden files, system files, history files, temporary files, link files, event logs.

Man In The Middle Attack Unknown rwxr-xr-x 0 22:08

Title	Man In The Middle Attack
Permission	rw-r--r--
Author	Unknown
Date and Time	22:08
Category
Share

Man In The Middle attack is the kind of attack exactly where attackers intrude straight into a current connection to intercept the exchanged information and inject fake information. That involves eavesdropping on the network, intruding in a network, intercepting messages, and also selectively changing information.
The definition of "Man-in-the-middle attack" (MITM attack) describes the kind of attack in which the attacker intrudes in the connection between endpoints on a network in order to inject fake data and also intercept the data transmitted amongst all of them.

The actual name "Man in the Middle" hails from the basketball scenario when 2 players want to pass the ball to one another while 1 player in between them tries to grab it. Man In The Middle attacks are often known as "bucket brigade attacks" or maybe "fire brigade attacks. " Those names are actually based on the fire brigade procedure of dousing over fire by simply passing buckets from one individual to another one between the water resource and also the fire.

The Man In The Middle attack is extremely effective due to the character of the http protocol and also data exchange which are all ASCII structured. In this manner, it’s potential to view and also interview inside the http protocol plus in the information transferred. As a result, as an example, it’s possible to catch the session cookie reading through the http header, however it’s also possible to modify some money transaction in the application context.

The Man In The Middle attack is also carried out over a good https connection using the same exact method; the only real significant difference is made up in the establishment of 2 independent SSL sessions, 1 over each TCP connection. The web browser sets the SSL connection with the attacker, and also the attacker establishes one more SSL connection with the world wide web server.

Generally the web browser alerts the user that the digital certificate used isn't valid, however the user could ignore the caution simply because he or she doesn’t understand the actual risk. In certain specific contexts it’s possible which the notice doesn’t show up, for example, once the Server certificate is usually affected through the attacker or even when the attacker certificate is actually authorized by a reliable CA and also the CN may be the same on the original web page. Man In The Middle isn't just a great attack method, but can be generally used throughout the development stage of the web application or even is still utilized for Web Vulnerability tests.

There are many tools to obtain the Man In The Middle attack. These kinds of tools tend to be especially effective within LAN network environments, since they implement additional uses, such as the arp spoof abilities which enable the interception of connection between hosts.

John the Ripper, The Password Cracking Program Unknown rwxr-xr-x 0 22:06

Title	John the Ripper, The Password Cracking Program
Permission	rw-r--r--
Author	Unknown
Date and Time	22:06
Category
Share

John the Ripper is a totally free password cracking software program. Primarily created for your UNIX operating-system, this presently works on 15 unique platforms. This has become the most popular password testing and also breaking applications since it brings together several password crackers in one bundle, autodetects password hash types, and also provides a easy to customize cracker. It may be work towards numerous encrypted password types such as many crypt password hash types most often available on various Unix types.

Extra modules have got expanded its capability to contain MD4-based password hashes and even passwords stored in LDAP, MySQL, and others. One of many modules John the Ripper may use is the dictionary attack. It will take word string samples (usually from a document, known as a wordlist, that contains words and phrases found in a dictionary), encrypting it within the exact same format as the password getting analyzed (including both the encryption algorithm and also key), and also evaluating the result for the encrypted string.

Additionally, it may execute a number of adjustments for the dictionary words and also try out all these. Several adjustments will also be applied to John the Ripper's single attack mode, that changes a great related plaintext (such as a username with the encrypted password) plus check ups any varieties up against the encrypted hashes.

John the Ripper also provides a brute force mode. With this kind of attack, the program passes through all of the possible plaintexts, hashing each one of these as well as evaluating this on the input hash. John the Ripper works by using character frequency tables to test plaintexts that contains more often used characters very first. This process is useful to get cracking passwords that don't include dictionary wordlists, however it will take quite a long time to operate.

Download the John the Ripper

Mantra Security Toolkit on Backtrack 5 R3 Unknown rwxr-xr-x 0 22:05

Title	Mantra Security Toolkit on Backtrack 5 R3
Permission	rw-r--r--
Author	Unknown
Date and Time	22:05
Category
Share

Mantra Security Toolkit is a variety of absolutely free and also open source applications built-into a browser, which often can turn out to be useful for penetration testers, webmaster, security experts and so on. It is portable, ready-to-run, lightweight and also uses the real style of free and open source software program. Mantra Security Toolkit is really a security framework which may be great within executing all of the five stages of attacks which include reconnaissance, scanning and also enumeration, getting access, escalation regarding privileges, keeping up with access, and protecting paths.
After that this also includes a group of equipment focused for web-developers and also code debuggers that makes it helpful to get both offensive protection and defensive protection correlated assignments.
Mantra Security Toolkit is lite, flexible, portable and easy to use using a great graphical user interface. You are able to make Mantra Security Toolkit inside memory cards, flash drives, CD/DVDs, and so on. It can also be operate natively on Linux, Windows and also Mac OS.

It is also installed to your system in a few minutes. Mantra Security Toolkit is absolutely totally free and also takes no time to setup. The Mantra is a impressive number of equipment to create the attacker's task much easier.

Mantra Security Toolkit Available on Backtrack 5 R3

If you work with other distro of Linux, Windows and MACINTOSH than you should download Mantra Security Toolkit and also set up mantra, but as said earlier if you use backtrack 5 you will get this on. Mantra Security Toolkit is available on backtrack 5, you may get this by check out Applications >> Backtrack >> Vulnerability assessment >> Vulnerability scanner >> Mantra.