Installing BackTrack 5 R1

What is BackTrack5

• BackTrack is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5, code name "Revolution."

• BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option

• BackTrack includes many well known security tools including
  • Metasploit integration
  • RFMON Injection capable wireless drivers
  • Aircrack-NG
  • Kismet
  • Nmap
  • Ophcrack
  • Ettercap
  • Wireshark (formerly known as Ethereal)
  • BeEF (Browser Exploitation Framework)
  • Hydra
• BackTrack Download
  • Download BackTrack5R1 
   
  
  

Create a New Virtual Machine. (See Below)

 New Virtual Machine Wizard

• Instructions:
  1. Select the radio button "Installer disc image file (iso):"
  2. Click the Browse Button.
  3. Navigate to where you BT5 iso is located.
  4. Select the BT5 iso
  5. Click Next
   
   

New Virtual Machine Wizard

• Instructions:
  1. Guest operating system:  Linux
  2. Version: Ubuntu
  3. Select Next

New Virtual Machine Wizard

• Instructions:
  1. Virtual machine name: BackTrack5R1
  2. Location: In my case, I saved it to my USB drive, located in H:\BackTrack5R1\
  3. Select Next
    

    

New Virtual Machine Wizard

• Instructions:
  1. Maximum disk size (GB): For our purposes use 20GB.
  2. Radio Button:  Store virtual disk as an single file
  3. Select Next 
   

New Virtual Machine Wizard

• Instructions:
  1. Click on the "Customize Hardware..." button

New Virtual Machine Wizard

• Instructions:
  1. Click on Memory (which is highlighted in blue)
  2. Click on 512 MB. (Recommended is 1024 MB, but not really needed for lab purposes).
  3. Do not click on OK
   

 New Virtual Machine Wizard

• Instructions:
  1. Click on Network Adapter
  2. Click on "Bridged: Connected directly to the physical network"
  3. Click OK. 

Click on the Finish button.

• Instructions:
  1. Click the Customize Hardware... button
   

Start the Boot Process

• Instructions:
  1. Press Enter

BackTrack Live CD

• Instructions:
  1. Select "BackTrack Text - Default Boot Text Mode"
  2. Press <Enter>
   

Bring up the GNOME

• Instructions:
  1. Type startx

 

Install BackTrack to Harddrive

Install BackTrack to Harddrive

• Instructions:
  1. Option 1: Double Click on the icon labeled "Install BackTrack"
     • OR
  2. Option 2: System --> Administration --> Install BackTrack Live 
   

2. Select Language
   • Instructions:
     1. In my case: English.
     2. Click Forward
3. Select Language
   • Instructions: (In my case)
     1. Region: English
     2. Time Zone: United States (Chicago)
     3. Click Forward
4. Select Language
   • Instructions: (In my case)
     1. Suggested option: USA
     2. Click Forward
5. Select Language
   • Instructions:
     1. Select "Erase and use the entire disk"
     2. Select Forward
   • OR Note (This is optional)
     1. If you select "Specify partitions manually", then you can create you own file systems layout.
        • /     - 2000 MB
        • /boot - 500  MB
        • swap  - 1280 MB (Double Memory)
        • /tmp  - 1000 MB
        • /home - 2000 MB
        • /var  - 2000 MB
        • /usr  - 3000 MB
        • Then use the rest as needed using volume management.
   
   
6. Select Language
   • Instructions:
     1. Click on Install
7. Informational
   • Note(FYI):
     • The installation process will take between 10 and 45 minutes depending on your systems resources.
8. Consistency Reboot
   • Instructions:
     1. Click on Restart Now

Section 3. Login to BackTrack

1. Edit Virtual Machine Settings
   • Instructions:
     1. Virtual Machine --> Virtual Machine Settings...
2. Edit CD/DVD (IDE)
   • Instructions:
     1. Select CD/DVD (IDE)
     2. Click on Use physical drive:
        • Select Auto detect
     3. Click the OK Button
3. Login to BackTrack
   • Instructions:
     1. Login: root
     2. Password: toor
   
   
4. Bring up the GNOME
   • Instructions:
     1. Type startx
5. Bring up a console terminal
   • Instructions:
     1. Click on the Terminal Console Icon
6. Change root's password
   • Instructions:
     1. passwd root
     2. Use our standard class password
7. Create a student account and set password
   • Instructions:
     1. useradd -m -d /home/student -c "Security Student" -s /bin/bash student
     2. passwd student
     3. Use our standard class password

 

All about VPN- little explanation

We must know there are three VPN protocols: PPTP, L2TP y SSL.

It must be clear an idea: the three VPN protocols are used to same target which is to encapsulate the PPP protocol. PPP protocol is network protocol stack uses to do a direct connection between two networking hosts. Therefore PPTP, L2TP y SSL have the common features of PPP, for example authentication schemes, Ipv4, Ipv6 and others. But this is another story.

So we have:

PPTP (Point-to-Point Tunneling Protocol):
It is very old, then it can be supported by old and new clients such as Windows 98, Windows NT, Windows 2000, etc.
This uses Encryption Method called MPPE.
It is very easy in his configuration, very firewall compatibility but hasn’t integrity. Besides it cannot use certificates.

L2TP (Layer 2 Tunneling Protocol):
This use encryption method called Ipsec, so this can use certificates or a preshared key but It needs new clients such as Windows XP, and Windows Vista,etc. His configuration is difficult and we have a lot of problems in firewall configurations. However it is very secure as it has remote computer and user authentication.

SSTP (Secure Socket Tunneling Protocol ):
It is the newest VPN protocol therefore it needs the newest clients and servers (Windows Vista SP1… and Windows Server 2008 …). It is very secure and easy in his configuration as this uses the well know protocol SSL (port TPC 443) therefore it needs a server certificate and we must also configure IIS (Internet Information Services). In general, it is configured easily in firewalls.
IKEv2:( Internet Key Exchange Version 2):
It is the newer VPN protocol used for Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012. Actually, this protocol is based on Ipsec but without complexity the others as L2TP.
This protocol uses UDP port 500 and it can use machine certificate or preshared key as the authentication method for IPsec.
It is very interesting as we can use in two important novelties respect to newer Microsoft’s operating systems as such DirectAccess or automatic reconnection.

To sum up:

When we have to choose a VPN protocol in an answer in a certification exam or in real cases if we work as IT Administrators we must take into account: client versions, firewall compatibility, security grade and if we are goint to have PKI.
Besides, we could use Ipsec only to configure VPN but this is very complex and these VPN,s which are based on Ipsec only are configurated by communication companies, however we can use IKE v2 if we’ve got newer Microsoft’s operating systems, this allows to configure easily DirectAccess and the automatic reconnection in the new mobile networks based on 3G, 4G or Wifi.  +

stay connected  and happy hacking with way2hackintosh and if you want to contact us  E-mail us on way2hackintosh@gmail.com

How long would it take to brute force 256 bit AES passwords

The issue with AES-256 isn't in brute forcing strong passwords.  If you password is strong (not on any dictionary, longer than 8 char, mixed symbols, uses a large random salt) it can't be bruted forced at any reasonable cost.  If it is 12+ char includes all 4 symbol classes or simply is a random string it can't be brute forced at any cost.

The issue with AES-256 is it is a very faster cipher.  For weak (or marginal) passwords it can be bruted forced.  How complex of a password is vulnerable depends on the resources available to the attacker and how long they are willing to to wait.

So if we consider a weak password to be one that (at least in theory) could be compromised by a dictionary, modified dictionary, or brute force attack using a computing on the magnitude available:
1) anything found in a standard dictionary or leaked/common password list (various lists usually in the tens of millions of pwd range).
2) anything with less than 8 characters.
3) anything all lower case with less than 10 characters.
4) anything not encrypted using 64bit or larger salt.
5) anything which has less than 3 substitutions from something listed above (p@ssword! vs password)

The reality is end users likely don't know if their password is strong or not. So developers should prevent users from hurting themselves.  As a developer you can implement a large salt and could require a minimum of 8 characters (don't impose special char requirements).  At that point brute force and precomputation are off the table; so the largest risk comes from dictionary or modified dictionary attacks.  There are lists of millions of previously compromised passwords.  If the password used is on one of those lists it can be found in a matter of minutes.  If you are paranoid about your user's security you could check their password against a list of known compromised passwords.  An alternative would be for someone to develop a webservice which took a hash (HMAC) or all known/weak/compromised passwords.  Users could send a HMAC hash of their potential password and get a "known" or "good" response.

One further step you could take is key stretching using a key derivative function. The bitcoin wallet does this.  Rather than simply use the passphrase it takes multiple iterative hashes of the password (generally thousands of tens of thousands).   So instead of key = passphrase it is key = SHA256(SHA256(SHA256(passphrase))). This increases the length of time necessary to try one key and thus reduces the throughput of the attacker.   Understand that if user's password is very weak (under 6 char or on a dictionary list) this is unlikely to help because even 2000x a 1 sec search is unlikely to stop an attacker.

The key stretching function (hash) used by the wallet is SHA-256 which is well optimized due to this thing called mining.  Security could be enhanced by replacing the key strengthening function with another one (say bcrypt of even PBKDF2 using SHA-512 or RIPEMD).

http://en.wikipedia.org/wiki/Key_derivation_function
http://en.wikipedia.org/wiki/Key_stretching
http://en.wikipedia.org/wiki/PBKDF2
http://en.wikipedia.org/wiki/Bcrypt

TL/DR:
It depends. Using a combination of:
a) require at least 8 digits (makes brute force prohibitively expensive)
b) use a large (64bit+) random salt (prevents precomputation attacks)
c) check password against known/compromised password list that hackers are likely to be using (prevent quick dictionary based attacks)
d) use key strengthening (reduces the attackers throughput by a couple orders of magnitude).
e) use an algorithm other than SHA-256 in the KDF to prevent "re-use" or mining research

Shutdown/restart computer using command prompt(cmd) part-6

Shutdown/restart computer using command prompt(cmd) part-6

Access Folder and Setting Using Command Prompt (part-5)

Access Folder and Setting Using Command Prompt (part-5)

How to see command prompt History (part 4)

How to see command prompt History (part 4)

How to Find IP Address using command prompt (part-3)

How to Find IP Address using command prompt (part-3)

How to Open Command Promt/cmd In a Folder Directly (part 2)

How to Open Command Promt/cmd In a Folder Directly (part 2)

How to Change Color of Command Prompt/cmd (part 1) video tutorial

Command Prompt For Beginners
How to Change Color of Command Prompt/cmd (part 1)  video tutorial
 

Secure yourself by identifying shortened URLs

URL shortening:

URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) can be made substantially shorter in length and still direct to the required page.

The URL shortening service was first launched by TinyURL. Later on many websites like google are also providing this service.

Why do we need it?

URL shortening is to disguise the underlying address. This can be used by some business services.
But This URL shortening service is open to abuse. Hackers can easily use it for malicious purposes. So Short URLs can also unexpectedly redirect a user to scam pages or pages containing malware or XSS attacks.

Some people use it to access blocked sites.

So it is needed to be able to identify the original form of suspected URL.

How to shorten your long URL:


You can simply go to www.tinyurl.com and enter your long URL. And click on "make tiny url"

you can also use google's service from here.


How to find out the real link of shortened URL?

Sucuri is nice little web based tool to let you see the destination of a shortened URL. The tool will also check the destination URL in two different ways to find out if it’s safe for you to go to the site.

Hope you liked it. Be the first to make a comment.

where to begin with hacking ? [how-to]

"where to begin with hacking".
So here is my opinion about how they should get around starting.

There are three types of hackers:

White Hats:

The White Hat hacker has dedicated himself to fight malware and help others with their computer problems. He is a person you can trust, and he will most likely end up in a good paying job as a computer programmer or a security consultant. He will most certainly not end up in jail.

Grey Hats:

The Grey Hat hacker are in between white Hats and Black Hats. He will most likely commit pranks at people that he thinks is harmless, but it can also be illegal. He can at one time be helpful and help you with a computer problem, but at the same time infect you with his own virus. There is a chance that the grey hat will end up in prison.

Black Hats:

The Black hat hacker also known as a cracker is the one who deface websites, steal private information and such illegal activity. It is very time consuming to become a black hat. It can be very hard for them to get a job because of the illegal activity. If law enforcements gets you, you can expect jail time.

So where to start?

You should know the answer to these questions before you start your hacking career.


Which type of hacker do you want to be (white hat, grey hat or black hat)?
Which type of hacking do you want to work with (website hacking, system exploits, pen testing etc.)?
What is your end-goal?

You should meet these requirements to become a successful hacker.

You shall be patient.
You shall dedicate a lot of time to hacking. You will never stop learning, since hacking is a lifestyle.
You should have a computer (I expect you to have one since you are reading this).
You shall be interested in how the different computer systems works, and how to control them.


Now that you have an idea of what kind of hacker, you want to be we will look closer into the different topics you can work with as a hacker.


Website Hacking:

You properly already guessed it, but website hacking is about hacking websites. You use your skills to find exploits and vulnerabilities in websites and web applications. Almost all major hacking stories in the news are about websites and databases that have been hacked. Once you have enough experience in website security you will be amazed about how easy it is to find vulnerabilities in websites. However, it will take a lot of effort and time to reach that level of skills. You will need to know a large amount of server-side languages and website construction languages like PHP, HTML, JavaScript, SQL, ASP, ASP.NET and Perl. This was just some of the languages you should know about. I will recommend you to take JavaScript, SQL and PHP very serious since it is in those languages you will find the most vulnerabilities.


Pen testing and Forensics:

Pen testing and forensics can earn you big money. It is these guys the company’s call when they have been hacked. They are experts in operating systems, wireless connections and exploiting computers. This way will take A LOT of time and effort since there is so much you should know about. You shall know about how the different operating systems works, which exploit there is to them, how to exploit them, routers, encryption, malware etc. the list is almost endless.


Code exploiting:

Not many people know about this. This will require you to be a complete expert at programming. You shall be at least as good at these programming languages as your main language like English. This kind of hacking is taking a lot of time, and will require you to be patient. Do not get me wrong, every company that releases software like Symantec, Google, Microsoft, Adobe, and Oracle have hackers with these skills employed to check their software for vulnerabilities. Sadly, they cannot find every security hole and therefore some very smart black hat hackers are able to find them, and exploit them before the companies get the vulnerability patched. You should know the most popular languages like C++, Java and C etc.

Computer security:

The work these people do looks a lot like the pentesters. These people is able to detect and analyze new viruses and malware. They are working for companies like Symantec, KasperSky and Avira etc. Some of them are also working on labs that tests AV’s and new viruses. They are experts in how viruses works and how they infect systems.

You should now have an idea on where to start and in which direction you want to go. If you found any errors or typos feel free to contact me, and I will look into it. I will be updating this thread recently and add more details. I will soon add a dictionary, which explains the most basic hacking terms. I have putted a lot of effort in this tutorial and my goal with this tutorial is to give computer-interested people an idea of where they should start.

To the so-called “noobs”, who reads this:

I hope I have inspired you to begin at hacking. I hope that I have cleared things up a little bit, so it does not seem so messy anymore. If you have any questions or something you did not understand, I would gladly explain it to you again. Welcome to the hacker’s world, a new world will open up for you and you will never regret that you chose to become a hacker.

Nmap (Network Mapper) - introduction

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. 

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. 

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Nmap is ...

* Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS 

detection, version detection, ping sweeps, and more.
 
* Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
 
* Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
 
* Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
 
* Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
 
* Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book!
 
* Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
 
* Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series.
 
* Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

Installing nMap:
http://nmap.org/book/install.html

Changelog:
http://nmap.org/changelog.html

How To Use:
http://nmap.org/book/man.html

Download
http://nmap.org/download.html