EXTRACT EMAIL ADDRESS FROM GIVEN DOMAIN.

Yesterday i created simple script which extract email address from given Domain. We can gather email address from whois info; pgp key search ;domain name. With help of this script we can extract email address which are on the specified web page.In backtrack there is tool available which is uberharvester. It has many features ; […]

HOW TO EXPLOIT DIRECTORY TRAVERSAL VULNERABILITY?

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to bypass its filter , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available for this test which is […]

BYPASS AV USING VEIL IN BACKTRACK

Today this blog complete exactly one year.Before one year i started journey in security world & still now it`s going well.Ok get to the point.Most of time it happened that our payload is detected by AV ;we can use encoder to encode our payload ;So it can not be detected by AV. Today we show […]

EXPLOIT FOR FIREFOX 17 IN WINDOWS XP SP3

Recently Mozilla Firefox 0day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography.Now exploit is available in metasploit. Use msfupdate to get it. Exploit target: Id Name — —- 0 Firefox 17 & Firefox 21 / Windows XP SP3 msf > use exploit/windows/browser/mozilla_firefox_onreadystatechange msf exploit(mozilla_firefox_onreadystatechange) […]

ACCESS BACKTRACK FROM REMOTE COMPUTER USING SSH & VNC.

If you want to access your local computer through remote computer ; first you need configure ssh daemon .Because nowadays people are not using telnet due to plain text protocol. How to configure ssh in Backtrack 5 r3? (1)First we have to generate ssh key.So type following in terminal. ssh-keygen It will generate public/private rsa […]

HOW TO USE WEBSPLOIT?

Hey here is new tools which I found is WEBSPLOIT. First download WEBSPLOIT from here.Now install it. (it`s old article; view updated part at bottom to download latest version) Installation process are as follow. (1)First download WebSploit toolkit (2)Now unzip the file folder (3)Now change the permission of WebSploit file in WebSploit folder. Right click […]

Licensed Penetration Tester (LPT) course and training Benefits

Licensed Penetration Tester (LPT) EC-Council’s Licensed Penetration Tester (LPT) is a natural evolution and extended value addition to its series of security related professional certifications. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field. The objective of the LPT is to ensure that […]

How Be Use NeXpose Via Msfconsole

NeXpose Via Msfconsole The Metasploit/NeXpose integration is not limited to simply importing scan results files. You can run NeXpose scans directly from msfconsole by first making use of the ‘nexpose’ plugin. msf > load nexpose ▄▄▄ ▄▄ ▄▄▄ ▄▄▄ ███ ██ ██ ▄██ ██▀█ ██ ▄████▄ ████ ██▄███▄ ▄████▄ ▄▄█████▄ ▄████▄ ██ ██ ██ ██▄▄▄▄██ […]

How Be Use NeXpose Via Msfconsole

NeXpose Via Msfconsole The Metasploit/NeXpose integration is not limited to simply importing scan results files. You can run NeXpose scans directly from msfconsole by first making use of the ‘nexpose’ plugin. msf > load nexpose ▄▄▄ ▄▄ ▄▄▄ ▄▄▄ ███ ██ ██ ▄██ ██▀█ ██ ▄████▄ ████ ██▄███▄ ▄████▄ ▄▄█████▄ ▄████▄ ██ ██ ██ ██▄▄▄▄██ […]

How be Use WMAP Web Scanner in Metasploit

WMAP Web Scanner WMAP is a feature-rich web vulnerability scanner that was originally created from a tool named SQLMap. This tool is integrated with Metasploit and allows us to conduct webapp scanning from within the Framework. We begin by first creating a new database to store our scan results in, load the “wmap” plugin, and […]

How to Change Boot Order When Dual-Booting Ubuntu With Another OS

Here are the steps to follow: 1- To edit the grub file open terminal and type the following command : sudo gedit /etc/default/grub You will got something like this : GRUB_DEFAULT=0 #GRUB_HIDDEN_TIMEOUT=0 GRUB_HIDDEN_TIMEOUT_QUIET=true GRUB_TIMEOUT=10 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash” GRUB_CMDLINE_LINUX=”” # Uncomment to disable graphical terminal (grub-pc only) #GRUB_TERMINAL=console # […]

How to disable guest account in Ubuntu 12.04

By default ubuntu 12.04 comes with guest account.You can disable this account using the following procedure.Guest account is a paswordless account which allow users to get access to Ubuntu machine Open /etc/lightdm/lightdm.conf file from your terminal using the following command gksudo gedit /etc/lightdm/lightdm.conf Add the following line allow-guest=false Save and exit the file After adding […]

WHAT IS ROOTING ?

We all come down to diff. words daily but we didn’t know what they stand for,or how they help us. One of the word is ROOTING Well, rooting may refer to gaining of superuser control to android subsystem. Android derives from Linux kernel and rooting an Android device gives similar access administrative permissions as on Linux or […]

ASPHALT 7 HACK

We all like to play games in our phone and if it is a smart phone asphalt 7 is the game every one of us would like to play and if you are a racing game fan then you have won the jackpot. In asphalt 7 we all get free spin once in every 24 […]

Drag Racing Android Hack

INSTRUCTIONS FOR HOW TO HACK INTO DRAG RACING AND INCREASE YOUR RP+CASH+CARS 1)Make sure you have rooted your android mobile and downloaded root explorer from  https://play.google.com/store/apps/details?id=com.jrummy.root.browserfree 2) download save  and unzip it 3)with help of your root explorer go to  /data/data/com.creativemobile.DragRacing/files/save.dat 4) replace save.dat with one you just have downloaded 5)MOST IMPORTANT STEP :- Enjoy the game with RP+CASH+CARS