CHMag Issue 14th, March 2011 Download !
Sunday, April 3, 2011
ClubHack : CHMag Issue 14th, March 2011 Download !
Description:
14th issue of ClubHACK magazine is out.
Contents of this issue:
Tech Gyan - Remote Thread Execution in System Process
Tool Gyan - JS Recon: Java Script Network Reconnaissance Tool
Mom's Guide - Choosing Right Secure Mobile
Legal Gyan - Law Related Unauthorized Access
Command Line Gyan - Backup & Bulk Copy
Maruix Vibhag - Introduction Part 1
PDF download link: http://chmag.in/issue/mar2011.pdf
News Source : Abhijeet Patil
URL: http://chmag.in
Description:
14th issue of ClubHACK magazine is out.
Contents of this issue:
Tech Gyan - Remote Thread Execution in System Process
Tool Gyan - JS Recon: Java Script Network Reconnaissance Tool
Mom's Guide - Choosing Right Secure Mobile
Legal Gyan - Law Related Unauthorized Access
Command Line Gyan - Backup & Bulk Copy
Maruix Vibhag - Introduction Part 1
PDF download link: http://chmag.in/issue/mar2011.pdf
News Source : Abhijeet Patil
URL: http://chmag.in
CAT – Web Application Security Test & Assessment Tool
CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.
There are a number of differences between CAT and currently available web proxies. They include:
Download CAT Beta 4
There are a number of differences between CAT and currently available web proxies. They include:
- CAT uses Internet Explorer’s rendering engine for accurate HTML representation
- It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes
- It offers integrated SQL Injection and XSS Detection
- Synchronized Proxies for Authentication and Authorisation checking
- Faster performance due to HTTP connection caching
- SSL Version and Cipher checker using OpenSSL
- Greater flexibility for importing/exporting logs and saving projects
- Tabbed Interface allows for multiple tools at once e.g. multiple repeaters & different logs
- The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
- It’s free!
- Do bear in mind that this is a free tool, but it is NOT Open Source. Also take a good look at the EULA before using it (especially Section 6).
Download CAT Beta 4
Forensic Tools for System administrators
Hello ..I have collected a number of useful tools for keeping a network secure. Note that this list is in no way exhaustive. Some of the tools are difficult to find, so you can download them right of this page. Please do not send any email asking support for these tools. For questions, please use the forums. PLEASE NOTE, I am NOT RESPONSIBLE FOR WHAT YOU DO WITH THESE FILES...
I will update this page regularly for new cool tools. If you have a cool utility you want me to review, email me. I have divided the security utilties in the following categories:
* Forensic Tools
* Security Tools
* Admin Tools
* Monitoring Tools
I will update this page regularly for new cool tools. If you have a cool utility you want me to review, email me. I have divided the security utilties in the following categories:
* Forensic Tools
* Security Tools
* Admin Tools
* Monitoring Tools
Hacking With Nmap – The Network Mapping Tool
Nmap is most widely used port scanning & network mapping tool used widely by network administrators & security administrators to scan their ports for potential vulnerabilities. If you are not aware of Nmap & you don’t have it then you can download it here for both Linux & Windows.
1. Open Closed
2. Filtered Unfiltered
3 .Open / filtered Closed/unfiltered
Scanning through Nmap gives you list of ports that are opened or filtered. Most of closed ports are not disclosed as there are almost 65000 ports in a computer for communication.
(Filtered packet : It means the data packets that are sent or received are filtered by firewall to secure it.)
Ok, So ready to hack with Nmap,
There are three types of basic scans you can perform on ports which is as follows :
SYN Scan : It is the most simple & common scan that is used to scan for ports. The scan results are very faster compared to other types , but it gives generalized results.
FIN Scan : FIN scan can detect if any kind of filtered packets or weak firewalls, and warns attacker to create stealth for attacking the victim network.
ACK Scan : Filtered and unfiltered ports can be scanned with this type of port scan. It is the most advanced scanning done with nmap.
SYN scan :
For scanning www.sampledomain.com
Type in your terminal of linux:
#nmap -sS -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Result will be having three tables :
Port State Service
This will give you port number its state open?filtered like that & services will give you what is service running on that ports.
FIN Scan :
#nmap -sF -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Live host & filtered ports are found out with this method
ACK Scan :
#nmap -sA -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
All closed ports are eliminated with this ACK scan. And you’ll only see ports that are up for attack.
So this was a basic Nmap hacking or port scanning tutorial. You can also find OS running, web server & mail server scanning & this data can be used as Passive attack gathering stage which we have discussed in pre attack stages.
We will discuss web server hacking in upcoming posts. Please post your queries regarding nmap by commenting here. So that we can help you the most.
Nmap Hacking Theory
Following are the states that ports are available in1. Open Closed
2. Filtered Unfiltered
3 .Open / filtered Closed/unfiltered
Scanning through Nmap gives you list of ports that are opened or filtered. Most of closed ports are not disclosed as there are almost 65000 ports in a computer for communication.
(Filtered packet : It means the data packets that are sent or received are filtered by firewall to secure it.)
Ok, So ready to hack with Nmap,
There are three types of basic scans you can perform on ports which is as follows :
SYN Scan : It is the most simple & common scan that is used to scan for ports. The scan results are very faster compared to other types , but it gives generalized results.
FIN Scan : FIN scan can detect if any kind of filtered packets or weak firewalls, and warns attacker to create stealth for attacking the victim network.
ACK Scan : Filtered and unfiltered ports can be scanned with this type of port scan. It is the most advanced scanning done with nmap.
Hacking With Nmap
So let us start with commands of Nmap operation in Linux:SYN scan :
For scanning www.sampledomain.com
Type in your terminal of linux:
#nmap -sS -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Result will be having three tables :
Port State Service
This will give you port number its state open?filtered like that & services will give you what is service running on that ports.
FIN Scan :
#nmap -sF -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Live host & filtered ports are found out with this method
ACK Scan :
#nmap -sA -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
All closed ports are eliminated with this ACK scan. And you’ll only see ports that are up for attack.
So this was a basic Nmap hacking or port scanning tutorial. You can also find OS running, web server & mail server scanning & this data can be used as Passive attack gathering stage which we have discussed in pre attack stages.
We will discuss web server hacking in upcoming posts. Please post your queries regarding nmap by commenting here. So that we can help you the most.
How To Crash Small Websites (NOOB FRIENDLY)
Ok so your friend or your enemy has made a little shitty website for whatever maybe a private server or anything.. And your feeling devious and want to crash it .
TOOLS:
>>Port Scanner<<
>>rDos<<
>>HotSpotSheild Proxy!<<
Step One: First we need to find the websites IP Adress. This is very easy todo.
Ok so say they URL is http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /'s)
EXAMPLE:
![[Image: 2w68nys.jpg]](http://i25.tinypic.com/2w68nys.jpg)
Step Two: Now we must test to see if port 80 is open (it usually is).
This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you todo a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.
[X] = Closed
[X] Vulnerable = Open
EXAMPLE:
![[Image: 23u67h1.jpg]](http://i27.tinypic.com/23u67h1.jpg)
Step Three ALMOST DONE:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!
Ok open Up rDos that you download.
Enter your victims ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *=Flooding -=Crashed Or didn't connect!
EXAMPLE:
![[Image: bhzlp0.jpg]](http://i28.tinypic.com/bhzlp0.jpg)
Thanks for reading i hope this helps :)
TOOLS:
>>Port Scanner<<
>>rDos<<
>>HotSpotSheild Proxy!<<
Step One: First we need to find the websites IP Adress. This is very easy todo.
Ok so say they URL is http://www.yoursite.com ok now that you have your URL open Up Cmd todo this press Start>Run>cmd Once you have CMD open you type ping http://www.yoursite.com press enter and you will get the ip of the website. (YOU MUST REMOVE HTTP:// AND ANY /'s)
EXAMPLE:
Step Two: Now we must test to see if port 80 is open (it usually is).
This is very easy todo to Ok open up the port scanner you downloaded.
Once in the port scanner type in your Victims ip that you got from step 1.
It will ask you todo a range scan or a full scan (SELECT REANGE SCAN!) It will ask for conformaition you have to use a capital Y or a capital N! Now enter 79 for lowest port and 81 for highest hit enter than hit cap Y.
[X] = Closed
[X] Vulnerable = Open
EXAMPLE:
Step Three ALMOST DONE:
The final and easiest step (IF PORT 80 IS CLOSED PICK A NEW SITE!)
If port 80 is open your on your way to crashing!!
Ok open Up rDos that you download.
Enter your victims ip that we got from step 1.
It will ask you for the port to attack use port 80 that is why we scaned to make sure 80 was open! If it is closed it will not work.
Hit enter.. *=Flooding -=Crashed Or didn't connect!
EXAMPLE:
Thanks for reading i hope this helps :)