Windows

All posts tagged Windows

NOTE : This guide also works with recently released Kali Linux 2016.2 

Hi Friends. as you already know, the latest version of Kali, Kali rolling edition 2016.1 has been released. The rolling edition of Kali Linux gives users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community. The best feature I like in this version is constantly updated tools. Now let us see how to install this latest version of Kali linux in virtualbox and I assure you, this will be the easiest guide.

For this howto, I am using the latest version of Oracle Virtualbox, i.e version 5.0.20. Ever since Sana has been released, the makers of Kali Linux have also released Pre-built virtual images for virtualbox and Vmware. We will use that virtualbox image in this howto. Go here and download the Pre-built virtualbox image. They are as shown below.

sanarvb0

I downloaded the first image from above. After the download is finished, extract the contents of this file as shown below.

sanarvb1

After extraction, we will get a OVA file as shown below.

sanarvb2

Now open Virtualbox and click on File>Import Appliance as shown below.

sanarvb3

A window like below will open. Click on “Expert mode”.

sanarvb4

The window will change as below. Now browse to the location of OVA file as shown below. You can change the settings of the virtual machine like name, location, RAM etc as you like below. After configuration is over, click on Import.

sanarvb6

The importing process will start as shown below. It will take some time, but it will be worth the wait.

sanarvb7

After import is completed, a new virtual machine is automatically created as shown below.

sanarvb8

Power on the machine. As the virtual machine powers up, it will prompt for username and password. The default username is “root” and password is “toor”.


sanarvb9

Given below is our Kali Linux rolling 2016.1 successfully installed in Virtualbox. No need of installing guest additions. If you face any problems during installation, plz comment. I will be happy to help you.

sanarvb12

 

 

 

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory named test and download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

expeg1

 

Go to Folder Options”, go to View tab”deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

expeg2

 

Open Notepad, type the following text and save it with the extenson .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

expeg3

 

Download BAT to EXE converter and convert the batch file we just created to an exe.

expeg4

 

expeg5

 

 

Rename the file “samy.exe” to  “samy_3.jpg”. Windows will prompt a warning. Ignore it.

expeg6

 

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

expeg7

 

Rename the shortcut to “samy_0.jpg”. Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

expeg8

 

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

expeg9

 

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll” and click on “OK”.

expeg10

 

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

expeg11

 

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

expeg12

 

 So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not open “CMD” and type the command “net user” before executing the image. It will show us all the users on the system.

expeg13

 

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

expeg14

 

A new user named hacker has been created. So the trick worked.

Cisco Certified Network Associate certification has become must for anybody who wishes to start  a career in networking. This certification validates that you have the ability to install,configure and troubleshoot a network. You need  lot of practice for achieving success in this exam. Apart from the labs where you are getting trained for CCNA what if you had a chance to practice at home. Or what if you want to self learn for CCNA? Well for both of the questions above, Cisco Packet Tracer is the perfect answer. To quote from Cisco’s official website,Packet tracer is

“a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions.”

It further says,

“The simulation-based learning environment helps students develop 21st century skills such as decision making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curricula, allowing instructors to easily teach and demonstrate complex technical concepts and networking systems design.”

Nothing could have defined that better. This software is available for free from Cisco’s website provided you are a registered Networking Academy student, alumni, instructor, or administrator. Even if you are not one among the above you could still get hold of this software,just google it.

Now I’m gonna show you how to install packet tracer in Windows and Linux.

1.Windows

Any installation in Windows is just clicks and mouse and the same applies to Packet tracer. Click on the exe file downloaded. The below screen appears.Select “I accept the agreement” and click on “Next”.

pt1

Setup will show the folder in which the program’s shortcuts will be created. If you want to change the folder, you can change it. Click on “Next”.

pt2

 

Then the program will ask whether to create a Desktop icon and create a Quick Launch icon. Make your own choice and click on “Next”.

pt3

 

Then the summary of the settings we selected is displayed. Click on “Install”.

pt4

The installation starts as shown below.

pt5

 

In seconds,installation gets completed and the below screen is shown.Click on “Finish”.

pt6

 

Then the below popup appears asking you to close or restart your computer. Click on “OK”.

pt7

As we selected Launch option, Packet tracer is automatically launched.

pt8

2. Linux

To install Packet Tracer in Linux, we need a .deb package of Packet tracer which can be downloaded from here. Now I am going to install it in Ubuntu Precise Pangolin (12.04). Download the above file to the desktop.

pt9

 

Start the terminal and see your current working directory by typing “pwd”. If the current directory is not desktop move to the Desktop directory using “cd”. After reaching the Desktop directory, type “ls” to see if the packet tracer binary is there.

pt10

 

Left click on the packet tracer .bin file displayed after typing “ls” above,the entire word will be selected. Then right click and select copy. Now type “chmod +x” and then hit “CTRL+SHIFT+V “to paste the text we copied above. Our command should look like this.

                       chmod +x  PacketTracer533_i386_installer-deb.bin

What chmod +x command does is that it gives all users permission to execute.

pt11

 

Then type “./PacketTracer533_i386_installer-deb.bin” in the terminal.This will start extracting the binary package.

pt12

 

Then terminal prompts us to hit Enter to read the End User License Agreement.Hit Enter.

pt13

 

After displaying a rather long EULA, terminal asks us if we accept the terms of EULA. Type “Y”.

pt14

 

Then system asks us for the sudo password.Type the password and hit Enter.

pt15

 

When the installation is finished, close the terminal,go to Dashboard, if packet tracer is not seen,type ‘pac’ in the search box. When Packet Tracer is shown, click on it.

pt16

 

A messagebox shows up saying that we are starting packet tracer for the first time and our files will be stored in a specific folder. Click on “OK”.

pt17

 

Another message box pops up.Click on OK”.

pt18

 

Packet tracer is started.

pt19

 

Hi everybody, today I’m gonna show you remote password cracking with Brutus. For the newbies, script kiddie is a person with little knowledge  of hacking or any programming languages and instead searches for automatic tools to hack the computers. In this scenario, script kiddie is using a Windows XP machine and two tools Zenmap and Brutus avilable for free to download. As you will see, Zenmap is used for scanning for any open ports of  live machines and Brutus is a password cracker.



Imagine I am the script kiddie, I  first find out my own computer’s  ip address by typing the command “ipconfig” in the command line.

The ip address of my system happens to be 10.10.10.1. I decide to scan the following range of ip addresses to look for any live hosts. In the target option, I specify ip address as 10.10.10.2-10 and I choose profile as intense scan to get maximum information about the target. After performing the scan, the results show that only one system 10.10.10.3 is alive.

The scan  also shows that the victim machine which is live  is running a ftp server and its operating system is Windows XP.

I decide to use Brutus to crack the remote FTP password. Brutus has both dictionary and bruteforce attack options. I decide to choose dictionary attack since it is faster than bruteforcing. Brutus comes with a built in username(users.txt) and password list(pass.txt).As the victim machine is running Windows xp which comes with a default administrator account, I decide to  add “administrator” to the users.txt file.

I choose type as FTP since I am about  to crack a FTP server.

Then I select the file pass.txt containing some common passwords and just hope to crack the password.

Then after starting the cracker, Brutus runs and gives one positive authentication result.

Username : administrator

Password: 123456

Then I try to log into the FTP server of the remote machine using cmd with the authentication result achieved above.

I successfully logged into the FTP server.Once I am into the remote machine I try some ftp commands but before that I change my local directory to Desktop.

Then I use DIR command to list the directories in the FTP server.

There are four directories in the FTP server:Detroit,Images,lena and users. I  go to the users directory using command cd users and then list the files in the directory by using command ls. There is one text file named users.txt in the directory.

I decide to download the file users.txt to my machine using the command get users.txt. Since I had set my local directory to desktop it will be downloaded to desktop.

Let’s see the contents of the users.txt file just downloaded. It contains some usernames and passwords.

In the same way, I enter into another directory of interest to me “Images” and download the only image present in it to my desktop.

In this way, I can download any number of files from the remote server to my local machine. That’s all for now.