How To Use Fast-Track | Fast Track Tutorial

Hello guys, Today I will show you how to use Fast-Track on Backtrack / Linux. Fast-Track is a tool used for exploiting. It uses other tools, to make pentesting a lot easier for us.
Fast-Track is available in three different forms,

• CLI
• Web
• Interactive

My favorite is WEB, because it's much easier to use, and this tutorial will be based on it as well.

There are many things that Fast-Track can do, but in this tutorial, I will just generate a payload just to give you a general idea on how Fast-Track is used.

The first thing you need to do is, Open your 

menu > BackTrack > Exploitation Tools > Network Exploitation Tools > Fast-Track > fastrack-web

or if You want to use your terminal, Open your terminal and type the following commands:

cd /pentest/exploits/fasttrack

and then

./fast-track.py -g

you should get output like this:

now open your browser, and open this:

http://127.0.0.1:44444

you should get a Fast-Track page, it looks something like this:

That's basically 50% of our job! Now all we have to do is choose the option, and fill in the input that it needs, or choose the number of your option in the terminal!
Alright, Now lets see an example of using it, we will generate a metasploit payload using Fast-Track. Follow me!

First thing you need to do is click on Payload Generator from the list on the left:

Now Fast-Track will provide you with a little description about the option you chose, and some fields that you need to fill (no all the time).

Now click on launch, a terminal should pop-up and show you some options that you need to choose from, just enter the number of the option and click enter.

Look at the pictures:

I chose Windows Shell Reverse_TCP which is option number "1"

in this picture I also chose option number "1" which was "avoid_utf8_tolower"

In this step it is asking for the IP of the attacker, just enter your IP address. You can find your IP address using the command "ifconfig" and then enter the PORT

And the last step, it will ask you if you want to start a listener, I answered with "yes"

Thats it! Now look in the directory that contains fast-track.py, you will find your payload there! =)

See how easy it is? Now you just have to brows and check all the different options you have!

Thank you for reading! =)

Read More

How To Secure Your Admin Panel Using .htaccess and .htpasswd

Hello guys,
Today I'm going to show you how to protect your admin panel with a username and password, and make it only accessible for admin IP addresses only!
And, if you have a login page outside of the admin panel, we will look it as well!
To start this, we first need the code bellow to secure the panel:

AuthUserFile /home/admin/.htpasswd
AuthName EnterPassword
AuthType Basic

require valid-user


order deny,allow
deny from all
allow from 111.222.333.444

Now change that code to suit your website, first change the path /home/admin/.htpasswd to the path that you have.
and change the IP address 111.222.333.444 to your IP address!

after editing the code, paste it into .htaccess file inside the admin directory, or just upload it!

Now we need the code bellow:

Security:Geeks
admin:password

You can add as many as you want in the same way.
after you're done, paste that code in the .htpasswd that you mentioned in the .htaccess code /home/admin/.htpasswd
Paste it there, or just upload it!

Finally, for those who doesn't have an "Admin directory" you can lock you admin page/login and make it only accessible for your IP address only!
To lock it, you need the code bellow:

<Files login.php>
Order Deny,Allow
Deny from all
Allow from 111.222.333.444
</Files>

in the code above, the login page is called "login.php" change the name to whatever your admin login page is called.

Now change the 111.222.333.444 to your IP address, then paste the code to the same directory of your login page. or upload it.

That's it guys, hope this was helpful for you.

Read More

ASCII Art Generators Linux | Backtrack

Hello again guys, today I'm going to show you how to generate ASCII Art in your Linux terminal. Things like this:                 

and even more!
Today I have three programs for you, two for ASCII fonts, and one for changing pictures.

# Figlet:
The above ASCII font is generated using Figlet. To install Figlet, run the following command:

sudo apt-get install figlet

Now all you have to do is type "figlet" in the terminal, and then type whatever text you want to generate! Just like the pictur bellow:

You can type "figlet --help" in your terminal for more options!

# Toilet:
Toilet is another program with the same idea as figlet, but with more cool options!
With this one, you can generate with colors, and more fonts!
In Toilet, you can use the same fonts that are available in figlet, but in this one you can change the colors.
In this program, you can also generate your colored font in an HTML code.
To install this program, type this in the terminal:

sudo apt-get install toilet

here are some examples for the fonts, and commands:

Different fonts:

Different colors:

HTML code generator:

and here are some of fonts names:

• banner
• big
• bigmono12
• bigmono9
• block
• bubble
• circle
• future
• ivrit
• lean
• mini
• script
• shadow
• slant
• small
• smblock

# Jp2a
Jp2a is a program to change any picture that you want, to ASCII art, and it generates HTML codes as well.

To install jp2a, run the following command in your terminal:

sudo apt-get install jp2a

now to change the picture to ASCII, just enter the directory of the picture, and run this command:

jp2a Picture.jpg

and if your picture is in .PNG, you have to convert it to .JPG first to change to ASCII. to convert run this command:

convert Picture.PNG Converted-Pictrue.JPG

Now just have fun!

if you want to generate an HTML code, run the following command:

jp2a --html Picture.jpg

Thats it guys :)
have fun, I hope you liked it!

Read More

How To Scan A Website For Vulnerabilities Using BackTrack - Uniscan

Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server.
In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning.
First of all, open your terminal and type this command:

cd /pentest/web/uniscan && ./uniscan.pl

Something like this will be printed on your terminal. Now all we have to do is follow the instructions.

First of all we need a target to scan, I've chose one already and I will use it in my pictures.
To start the scan, first you have to check the options which you want to use in your scan.

# HOW TO USE OPTIONS:

Check the letter beside your option, and include it after the URL like this:

./uniscan.pl -u http://www.website.com/ -b -q -d -w

or put them all together.

./uniscan.pl -u http://www.website.com/ -bqdw

This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE COMMEND!!

Now the scan will start, and the terminal will look something like this:

This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more.

Here are some examples:

PHP.info() disclosure:

External Links/Hosts:

Source Code disclosure:

Dynamic Scan, Vulnerability Identification:

This program can also get all the sites in a server, and then you will be able to scan all of them.
To do that, run this command:

./uniscan.pl -i "ip:127.0.0.1"

Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory.

Now to scan those sites in the list, run this command:

./uniscan.pl -f sites.txt -bqwd

You can change the options to whatever you want.

Thats it guys, thank you for reading :)

Download Uniscan HERE

Read More

How To Install MyBB, On Your Localhost

Hello guys, today I have a video tutorial made by me on how to install Mybb on your localhost using xampp.
The video is available in HD, and feel free to ask any question as a message on our Facebook page.

I hope you enjoy the video :)

Best Played In Full Screen Mode! & In HD! :)

Read More

How To Add A Custom Domain To Blogger

Hello guys,

So today I'm going to show you how to add a custom domain name to blogger blogs. this tutorial will be from Creating the blog, to adding the domain and using it. =)

First of all, you have to make the blog in blogger.com, call it anything you want because we will change the name with a custom domain after that.

It will look like the picture above. Remember the "Title" should be something unique because it will not change with the domain name. choose it carefully, and don't worry you can change it at anytime from blogger's dashboard.

After making the blog, go to you Domain name provider, (I Will use Dot.Tk for this tutorial - It's free) and apply those settings to your DNS records:


  Type                  HostName                              IP Address
A Record      -    YourDomain.Com             -    216.239.32.21
A Record      -    YourDomain.Com             -    216.239.34.21
A Record      -    YourDomain.Com             -    216.239.36.21
A Record      -    YourDomain.Com             -    216.239.38.21
CNAME       -    www.YourDomain.Com    - ghs.google.com

It will look like this:

NOTE:- Those setting will be exactly the same in any other register. even .com and .net domains.

After applying those settings, go to your blogger account again, open up your blog's dashboard, and follow those steps:
1- Click on settings from the list on your lift hand side in blogger:

2- Click on "Add Custom Domain" :

3-Then Click on "Switch to advanced settings" :

4- put your domain, and then save.

Blogger might ask you to verify you ownership of the domain, just follow their steps and you will be good to go =)

Enjoy your blogger with the new domain name =)

Read More

How to Install Joomla On your Localhost

Hello guys,
today I have a video tutorial by SOG on how to setup Joomla on your localhost using Xampp =)
The video is available in HD and it's very helpful,
Installing webapps on your localhost is the best way to test their security and find any vulnerabilities/0days in them.
I hope you enjoy the tutorial :)
For any questions, feel free to send us your question as a message on Facebook

Read More

How to setup Wordpress on Localhost with Xampp

Hello Guys :)
Today I have a tutorial from my friend Soldier Of God aka SOG on installing Wordpress on your localhost using Xampp.
The best way to find 0days and test the security of any webapp is using your localhost, because its faster, safer, and even more reliable!
The Video is in HD, and feel free to ask you questions at our page on Facebook as a message, and we will answer you as soon as possible! =)

Read More

How To Get All Subdomains Of A Website and Bypass Cloudflare Protection

Hello guys :)
Today I have a new video tutorial for you :)
I will show you how to get all the subdomains of a target, with their IP's which will allow us to bypass cloudflare protection sometimes :)
Hope you enjoy this video :)

Best Played In Full Screen Mode!Btw, I mean "server names" not "hostnames" in USA.gov test :P

Read More

How To Fix Blogger 404 Error (DNS Redirect)

Hello guys,
So last week I was facing a problem with blogger "naked domain" redirecting, and when I check the box in blogger to redirect it, it won't work. So I opened a couple of other blogger websites ad noticed that they have the same problem!
a couple of days ago, I figured out how to fix this issue using Google Apps, Here are the steps.

First thing you want to do is open this link www.google.com/a
Make an account, even if its free!
Set you DNS and do all the steps!
Then login to your account the page will look like this:

Now what you have to do is open "Domain Settings" Tab, like the one in the picture above^
After you open that tab, you will find something like a Sub-Tab called "Domain Names" Like the picture bellow:

Now you will see a page like this:

Now click on "Change Redirect", You're almost DONE!
Now Google will show you some steps to do, do them and your URL will be fixed :)

Read More

Linux Fun Trick #2

Hello guys,
today I'm going to show a cool program that not many people know!
as many people say, "Hackers Live in Termianls". So today I'm going to show you how to browse the internet inside your terminal! xD
check facebook, search google, etc.. ;)

[#] How To Install:

- run the following command:

sudo apt-get install w3m w3m-img

Now all you have to do is open your terminal and run this command:

w3m www.securitygeeks.net

or change the URL to any website you want!
if you want to view images as well, open your terminal and run:

xterm

this terminal supports images, now just run the same command above to browse the web in your terminal and with pictures!
It will look something like this if you're using backtrack:

Enjoy :)

Read More

Buffer Over Flow Exploition

Hello guys,
Today I have a video tutorial made by my friend SOG aka Soldier Of God which he explains how to exploit buffer over flow vulnerabilities. I've watched this video and it really useful for newbies :)
Enjoy the video!

Full ScreenMode Recommended! 

Read More

Blogger DNS 0day Vulnerability 2012

New BlogDNS 0day, Discovered By Shadow008
Lets just say, any site pointing to Google server can Be Hacked and Defaced

1st) Find a target where as its subdomain or its main domain is pointing to google or blogger server I.P
2nd) If it is pointing to Google Server I.P, You will see a page 100% like this >> http://ghs.google.com/

404. That’s an error.

The requested URL / was not found on this server. That’s all we know.



If that shows, That means its vul to BlogDNS 0day

3rd) Go to http://www.blogger.com/ and Login / Create an account
4th) Create a Blog
5th) Name it anything you want as a subdomain for blogger.
6th) Once blog is created, Go to Settings > Publishing > Switch To Advanced Mod and add that site URL domain. (example:direct.madleets.com) Please note that it MUST be pointing to google or blogger server I.P.
and Save it.

Clear You cache and go to that sites subdomain which you added. You will see its in your control .
Now go to Design > Edit HTML > Revert to Classic Template > Add Deface Code There (Switch of Navbar to OFF) and Hit Save, Clear Cache and check site will be defaced .


Note: I have used Old Blogger Interface, I don't use the New Blogger Interface as I find the old one more easy

I hope it was clear and understood
Have fun and don't share

Special Thanks To Shadow008 for all this

Sites which are hacked using this method:
http://direct.thehackernews.com/
Mirror: http://zone-h.org/mirror/id/18307796

http://direct.pkhackerz.com/
Mirror: http://zone-h.org/mirror/id/18307953

http://mail.dl4hacks.net/
Mirror: http://zone-hc.com/archive/mirror/8d752fd_mail.dl4hacks.net_mirror_.html

Source: HackersMedia

Read More

Linux Fun Trick #1

Hello guys, Today I'm going to show you a trick made by me, just for fun :)
I will be posting some fun tricks on linux later on, this will be the first one :)
so what this trick do is when you type "whoami" in linux it will answer you with your user.
in this trick you will be able to ask "whothefuckami" and your PC will answer you "you are motherfucking USER" where USER = your user on that PC. here are two examples where user is root, and "retz" (Retz is RetnOHacK my friend)

On Backtrack:

On Ubuntu:

you can find out how to make your linux GNOME look like XP like the picture above click here

So lets see how to do that trick. I've made a script to do it all for you, you just have to run it as root.

[#] For Backtrack Users, and Linux With root User:

1. Copy the code in the bottom save it as "setup.sh" on your Desktop

2. Open Terminal And Run the following commands:

cd Desktop

then

chmod +x setup.sh && ./setup.sh

#########################################################################


[#] Other Linux Distros (User NOT root)
1. Copy The Code in the bottom save it as "setup.sh" on your Desktop
2. Open your terminal and run the following commands:

sudo su

Enter your password then run those commands:

cd Desktop && chmod +x setup.sh && ./setup.sh

########################################################################
The Script:

#!/bin/sh
echo "[+]Downloading Needed scripts"
wget -q http://pastie.comli.com/securitygeeks
echo "[+]Downloading Done!"
sleep 1;
echo "[+]Setting Script Up!";
mv securitygeeks whothefuckami;
sleep 1;
cp whothefuckami /usr/bin;
chmod 777 /usr/bin/whothefuckami;
echo "[+]Cleaing Up Our Mess xD";
sleep 1;
rm whothefuckami;
echo "[+]Everything Installed, and Mess cleaned! :P"; sleep 1;
echo "[+]Installing Done!"; sleep 1;
echo "[#]Visit WwW.SecurityGeeks.NET"; sleep 1;
echo "[#]Here I will show you how this works!"; sleep 1;
echo "[#]Type 'whothefuckami'"; sleep 1;
echo "The Reslut Will be this:"; sleep 2;
whothefuckami;

Read More

How To Make Linux GNOME Look Like Windows XP

Hello guys, today I'm going to show you how to make your linux look like windows with just one click!
this trick first appeared in GnackTrack OS to make social engineering easier, because people will totally think that its just a normal windows XP working here.
Now the same guy who made GnackTrack released the script for all the Distros out there. It says it's for backtrack, but I've tried it on a simple Ubuntu and it worked. you just have to run it as root else you won't see your old linux look again! xD

the picture above is a Backtrack 5 R3 Gnome edition, as you can see it totally like windows XP (really cool right? :P)

So I will tell you how to do this to your linux also

[#] First Method

If you're using backtrack or a distro which run as root user it will be really simple, just Click Here to download the program then install it and you will be able to start using it. (Look at video bellow for more understanding)

For other systems, you will have to do somethings first to be able to run it. Follow those steps:

1. Click Here to download the program, then install it.

2. Open your terminal and the following command:

sudo su

then you will be asked for root password put it, now you're root. now run the following command:

cd /pentest/misc/LookLikeXP/ && ./LookLikeXP.sh

First you will get a pop-up warning saying that your system will look totally like windows XP click "Yes"
Then Your terminal will look like this:

You're done! Your system is in windows XP theme now!

Now how to restore this?

Easy, run the following commands:

First sign in as root:

sudo su

Put your password, then run this command:

cd /pentest/misc/LookLikeXP/ && ./Restore_Settings.sh

That will restore Your system to GNOME look again!

Always remember RUN THIS AS ROOT! RUN THIS AS ROOT! RUN THIS AS ROOT!
Else you will not be able to see your original look again!

Read More

Most Important Steps To Secure Joomla!

Hello guys, today I'm going to tell you most important steps to secure your Joomla! website. With those steps you can prevent almost 98% of the attacks!
Joomla! is one of the most popular webapps used on the internet, and from my point view only 5% of them are actually secured! xD
For hackers, when they see a joomla website on the server, they think it an easy target (It is an easy target if you didn't secure it!) and start attacking it!

So let's start with our steps! =)

1. Make Your Password Super hard!

Joomla! hashes are hard to crack, but not very hard though. So a hard password for Login brute-forcing cannot secure your hash from getting cracked if the attacker got an SQLi in your website.
what I will suggest is, making your password long, full of special characters, and full of numbers and letters. A hard password would be like this following:

W#W#W.S3cUr!tYg3Ek$.N3t|R0(k$s$z

You might be wondering, How in the hell would I remember this?! o_O
well easy, save it in you computer, mobile and somewhere else (In case you lost them) to use them when needed!
The above password would take forever to get cracked, usually hackers will target another site when the hash doesn't crack xD and still you can make it much longer, like copy that and paste it three times and use it as a password :D

2. Securing From Symlink

For those who don't know what symlink can do, If an attacker got access to the server, he can make a symbolic link to your configuration file, sign in to your database and then change your password!
what you have to do is change your configuration file permissions to 400 | HOW? Open your Cpanel and you can find the option to change the file permissions. OR you can change it using FTP using filezilla. another way (Most dangerous but best) is uploading a shell on your site, and changing the permissions from there! :)
How can I change with shell?
run this command in your Public_html directory:

chmod 400 configuration.php

3. Securing From Shell Upload

In Joomla, hackers upload the shell as in media section, after allowing PHP extension in global configuration. what we should do is, securing from shell upload even if they have access to the admin panel somehow.
chmod /images/ directory to 400 when you don't need to upload anything. that will make it not write-able for uploading even if .php is enabled.
disabled your FTP when you are not using it, and avoid opened FTP as much as possible. by doing those two things you will prevent many shell upload attempts by any attacker.

4. Scanning And Being Up-To-Date

Scan your website every time you install a plugin, and keep checking exploits Databases like 1337day and exploit-db to see if your joomla have any vulnerabilities or not.
after installing your joomla, scan it with JoomScan to see what vulnerabilities and patch them before you even launch your website.

4. Fast Tips/Tricks

# NEVER use the same password on two different things related to your website! for example your admin panel and FTP password, database password and FTP password and so on. even don't use the same password as your email or facebook!

# DO NOT use "admin" or "administrator" as your username in your website.

# Disable FTP when it's not needed.

# Try to change your admin password every once and a while!

# Check This Link to apply more security stuff!

Read More

How To Make 404 Page For Blogger (FULL 404 PAGE)

Hello guys, today I'm going to show you how to make a 404 page for your blogger blog! I found this way by my self because I really didn't like that 404 ERROR blogger give, and wanted to make a full 404 page like normal websites.

So here are the steps in the video bellow:

1. Make a new blog, call it whatever you want

2. Change to blogger old interface

3. Click on design of the new blog, then Edit Html (Design > Edit HTML)

4. Look at the bottom of the page, you will find "Revert To Classic Template" > Click on that

Now you will be able to change the whole code of the blog, with no errors! in other words fully deface it!

5. Paste your 404 page inside that blog, then save it.

6. Go to your Domain Name host and add that blog as 404.YourWebsite.COM (Note:- You can change to anything not 404.yourwebsite.com, but i thought 404.yourwebsite.com will look better)

7. Now go to Your main blog, click on Settings > Search Preferences 

8. You Will find custom 404 page there, click on "SET" and paste this code in it:

<script type="text/javascript"><!-- window.location = "http://404.securitygeeks.net" //--></script>

9. Change the link in the Code to your 404 page blog, to redirect the user to it.

Now whenever someone open a broken link, the blogger 404 error message will have this javascript will run and redirect him/her to the 404 page!

Now watch this video for more Understanding!

               

The code:
<script type="text/javascript"><!-- window.location = "http://404.securitygeeks.net" //--></script>

-----------------------------------------------------
UPDATED!
after Blogger removed the classic theme, the video above is not fully useful now. BUT, now here is the new way to FULLY change the blogger page (deface it) with the new theme.
1.Click on your blog, and then click on "Template"
2.Scroll down to the bottom of the page until you see something like this:

3. Click on "Revert to classic templates" and you will see something like this:

4. Now click on "Revert to classic template", and you're DONE!
now you will be able to change the main index :)

Enjoy =)

Read More