Archive for February, 2012
Go to Start menu > All programs > Accessories, right click on Command Prompt and select Run as administrator
Now type diskpart and press Enter
Next type Lis Disk command and note down the Disk number of your USB flash drive. Select disk 1
Now you can use following commands step by step
create partition primary
select partition 1
Now insert your Windows7/Windows 8 DVD in your CD/DVD drive and check the drive letter of the DVD drive and note down the “drive letter” of your DVD drive. In my case, it is “j:” Now type the following list of commands as shown below:
J: cd boot (Where “j” is my DVD drive letter).
bootsect.exe /nt60 h: (Where “h” is my USB drive letter)
Copy your Windows 7 DVD contents to the USB flash drive.
Your USB drive is ready to boot and install Windows 7.Google+
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
- Backtrack 5
- Windows XP Machine (Target)
Open Your Backtrack terminal and Type cd /pentest/exploits/set
Now Open Social Engineering Toolkit (SET) ./set
Now choose 2, “Website Attack Vectors”.
In this option we will choose 2 “The Metasploit Browser Exploit Method” because we will attack via victim browser.
Now choose 1, “Web Templates” to have SET create a generic webpage to use.
Now choose 2 In this tutorial I will use Gmail, but if you think Facebook or Twitter or Google more better because it’s the most accessed website, just change into what do you want.
Now choose 22 “Metasploit Browser Autopwn” to load all vulnerability Social Engineering Toolkit known. These tools will launch all exploit in Social Engineering Toolkit database.
Now choose 2 “Windows Reverse_TCP Meterpreter”, but you have several to choose from including your own program.
Connect back port to attacker computer. In this example I use port 1234, but you can change to 1456, 4521, etc
Now it creates the backdoor program, encodes and packs. It creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this:
When the link given to user, the victim will see looks-a-like Gmail (fake website). When the page loads it also load all malicious script to attack victim computer.
In attacker computer if there’s any vulnerability in victim computer browser it will return sessions value that mean the exploit successfully attacking victim computer. In this case the exploit create new fake process named “Notepad.exe“
You now have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
The ‘ps‘ command displays a list of running processes on the target.
As in Linux, the ‘ls‘ command will list the files in the current remote directory.
The ‘shell‘ command will present you with a standard shell on the target system.
|meterpreter>help||The ‘help’ command, as may be expected, displays the Meterpreter help menu.|
|meterpreter>sysinfo||To Get System Information|
|meterpreter>background||The ‘background’ command will send the current Meterpreter session to the background and return you to the msf prompt|
|meterpreter>migrate||you can migrate to another process on the victim|
|meterpreter>download||The ‘download’ command downloads a file from the remote machine|
|meterpreter>getuid||Running ‘getuid’ will display the user that the Meterpreter server is running as on the host.|
- You can write this image with any image burning software. We are using our traditional software Nero.
- Now go to the system and boot form this CD.
Press Enter on boot options
This window bootable Linux scripts will search your entire hard disk and show all the available partitions on hard disk.
Press 1 and than Enter
Press 1 ( To reset the Password ) and than Enter
Press 2 ( To change the syskey status) and then Enter
Press y and then Enter
Now we will reset windows administrator password
Now press ALT + CTRL + DEL to restart the system
- Open command prompt and Type ping example.com and press Enter.
- Now you can find the IP address of the web server of your website.
Example: ping hackingarticles.in
Type ip:IP-Address in the Bing or Yahoo search box to get the list of websites hosted on the respective IP address.
In Bing Search Box
In Yahoo Search Box
You Get Signal
You Get Signal have just the tool for this. It’s called a “Reverse IP Domain Check” and it takes a site URL or IP address and tells you all or many of the domains pointing to that server.
MY IP Neighbors
My IP Neighbors lets you find out if any other web sites (“virtual hosts”) are hosted on a given web server. The tool is a great way to find out who your hosting neighbors are, or just to see how many other websites your hosting company runs from the same machine. Or perhaps you’d like to know if that flashy company still uses cheap hosting like the rest of us.