Saturday, 31 December 2011


                                                              HAPPY HACKING :)

Stages of a Penetration Test

Friday, 30 December 2011

Heres' the Secret

It for most penetration tests these are the main stages that will take place in order, each stages has a higher level of access and control over the system.

- Information Gathering: This is using non intrusive techniques to gather as much information as you can on the target network. Such as crawling the internet webpages, using whois lookups, looking at company adverts and news.

- Network Mapping:
 This is a more technical approach to gaining more information on the system, here you will map all live hosts on the network and on the server. Scan the ports and services. Identify the operating systems, identify firewalls, switches and routers, fingerprint services and map out what is available publically over the internet and what services are interal only.

- Vulnerability Identification: This is where we will identify vulnerable services and systems. We will do this by using the service banners we attained in the previous phase. We will also perform vulnerability scans for known vulnerabilities and check for false positives. Once we discover vulnerabilities we enumerate these further and estimate the impact and privellages gained from the vulnerability. From here we can plan our attack path and scenario.

- Penetration: This is where we will find tools, scripts and exploits that will help us gain access by exploiting the vulnerabilities in the previous stage. We can also develop our own tools and scripts to exploit these vulnerabilities. Also in this stage we will optimise and customise any scripts we have so that they will work in this scenerio, it is very common that we will have to modify exploits to work in the current scenario. Once we have all our tools we can test the proof of concept and see if they work with the vulnerabilities so we can eliminate false positives. At the end of this stage we can document our findings and the possible impact of these exploits.

- Gaining Access:
 Here we will attempt to gain some sort of access to the target system, starting with low privellage access such as finding blank or default passwords in system accounts, brute forcing user accounts, and finding public services with poor configurations allowing us to read and write files for example. Here we also use our tools from the previous phase to gain what access we can.

- Privellage Escallation: It is likely that we have low access on the system and cannot complete our goal yet due to incorrect privellages. In this stage we can identify local vulnerabilities that can help us get administrator or root privellages over the system such as 'root' on unix systems and 'system' on Windows systems. Here we will have to bypass the systems internal antivirus and firewall systems. We can search for known exploits based on the findings of the internal services we have found or we can attempt to write our own.

- Enumerating Further: Now we are inside the network and can see many systems that weren't accessable from the outside. Here we can obtain the stored hashes on the current system and decrypt them to see if they work on any other network systems. We can also identify all other hosts, services, firewalls, routers and switches on the network and test if they are vulnerable as done in the previous stages. We can also sniff local traffic and attempt to get more passwords to compromise other systems. Other techniques that are used in this phase are gathering important data on the local system such as cookies and browsing history to attempt password attacks on exterior web pages. We can also gather email accounts that could enable us to perform phishing attacks on other uses in the network. Also we could execute client side attacks on other network users to compromise their system with a little social engineering.

- Compromising other Users/Systems: Here we put all the information found in the previous section to use and gain as much access as we can over the network. It is common to find many vulnerabilities here as often companies don't think they need to secure the local network as they do not think anyone can access it.

- Maintaining Access: This is where you setup a permanent method of accessing the system so you don't have to exploit it every time you want to access it. Also this could give you access even after the vulnerability was patched. There are number of methods of doing this. You could setup a backdoor on the system that you can connect to and feed commands to, simillar to a system shell. This is usually done by opening up a port on the system and allowing access by a user and password, it is important the backdoor has authentication otherwise anyone could have access to the system. Rootkits can be installed these have the highest privellages on a system even higher than the system administrator. You can also setup covert channels such as http-tunnels, icmp-tunnels and vpn tunnels which allows you to send and receive data to and from the target system undetected.

- Covering Tracks: This is where you do all you can to remain undetected on the system so you can keep access for as long as possible, here you hide files used to exploit the system and that may raise suspisions. You also should clear the logs files or alter them so the attack logs are not there. You can also disable antiviruses and IDS to prevent them from finding your backdoor/rootkit.

- Reporting:
 This is where you write your report on your findings, you must make sure you tailor your report to the skills of who will receive it, such as the developer must have detailed information on how to patch, or if it was the manager he may not have vast IT knowledge so it must be basic details with colourful graphs and images. You must include the summary of the attack, the impact, the tools used, the services that are vulnerable, the systems compromised, the information that was gathered, screenshots, dates and times of the tests, outputs of all the scans, and the next steps to work on to fix the system.


Thursday, 29 December 2011

What is binders ?
A binder binds two things into one :: for example say i bind a virus to a notepad.exe
so when person open it up :: it opens notepad as soon as it closes the notepad the virus behind the notepad.exe will be activated.
you can bind any virus to an exe of the software

Now how to do it

Heres' the SECRET

there are two ways to do it

one with software which is in built in window XP/vista/7

* Which is known as iexpress

Open run command (windows key + R)

type in there iexpress and press enter

** Another is software namely file joiner

and here is another software download it => Click on me

Backdoor for Windows XP & 7

Thursday, 1 December 2011

What is Backdoor ?

I tell you this question answer in layman's language as the name suggest backdoor which means the door at the back ::
Backdoor is the way created in windows xp and 7 to get inside the computer even it is password protected account ::
Say like this i have created a hidden backdoor in your house and you have put a lock in front gate of your house so i use my backdoor to enter into your house
In the same way i will make a hidden backdoor in your window xp or 7 so that if any time there is password to the account i can easily manage to enter the account with help of backdoor 

What We are  Doing ?

We are just changing the sticky keys into cmd (command prompt)
When a login page comes with password protection just :: click your shift key 5 times instead of opening sticky key command prompts open ups.



Now how to put a backdoor in Window XP and 7

Heres' the SECRET

How to make backdoor in Window XP

Just copy the cmd.exe from  C:\windows\system32

Now here is the step wise to do it
*Go to C:\windows\system32
** Copy cmd.exe on your desktop and rename it to sethc.exe .
***Now copy that file and paste again in system32 directory.

Here is the Video tutorial => videos will be available after some time

Now basically what we are do is we changing/replacing  sticky keys with cmd (command prompt)
so that when you open the computer and password protected login screen click five times on shift and boom command prompts opens

How to make backdoor in window 7
* Go to C:\windows\system32
** Copy cmd.exe on your desktop and rename it to sethc.exe .
***Now copy that file and paste again in system32 directory.

Now will have the problem of ACCESS DENIED

now here is two ways to remove the problem of ACCESS DENIED

First method => change operating system from window 7 to windows xp.... ( haha :))

Second method is

* Right click on sethc.exe and run as administrator.
** Again right click on sethc.exe, open properties.
*** Click on Advanced tab , then on owner and click edit, change the owner from "trusted installer" to "administrator" and click apply.
**** Then click on 'Edit' in security tab to edit permissions.
***** Click on 'Administrators' , give it full control
****** Apply changes.

Here is video tutorial => videos will be available after some time