How to encrypt sensitive data?

Encryption Wizard (EW) is a simple, strong, Java file and folder encryptor for protection of sensitive information (FOUO, Privacy Act, CUI, etc.). EW encrypts all file types for data-at-rest and data-in-transit protection. Without installation or elevated privileges, EW runs on Windows, Mac, Linux, Solaris, and other computers with Sun Java. Backtrack 5 has already come with ewizard ; it `s located in the /pentest/misc/ewizard . But it`s not latest...

Read More

Extract metadata from file in Backtrack

Metadata is stored in any document by authoring application which can be user-name ; comment ;creation date;modification date.Metadata is very important in computer Forensic ; well know hacker group Anonymous `s members are arrested due to metadata. Because they upload document without clearing metadata ; so by reading metadata we can find lots of juicy information.Previous we saw how we can extract metadata using FOCA from website ; But we can also...

Read More

Wordpress Pingback Port Scanner

WordpressPingbackPortScannerWordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.(1)Download...

Read More

List of vulnerability in wordpress 3.5.1.

Recently true-caller and Tango messenger is hacked by Syrian-Electronic-Army.And large amount of Database has been stolen. Now what is common in these sites?They have word-press 3.5.1 which is vulnerable to some attack.A weakness and multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to disclose certain system information and bypass certain security restrictions and by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, and cause a DoS (Denial...

Read More

How to solve metasploit problem in SET?

If you installed metasploit from git repository then you donot face any problem with SET. But If you have installed metasploit from its binary version then when you tried to running social engineering toolkit metasploit attack then might be you get error of some ruby bundle. Here is solution of that problem. I tested on SET Version: 5.2.1 & metasploit v4.6.2-1.We are going to install Ruby 1.9.3 using RVM. Running all this command in msf3 folderroot@bt:~# cd /opt/metasploit/apps/pro/msf3/root@bt:/opt/metasploit/apps/pro/msf3# bash -s stable...

Read More

Information Gathering Using FOCA

Last month I put some of tutorial on Information gathering which is first step of penetration testing  , & today we will go ahead in this series . As you know Backtrack has all tools for penetration testing , but this tool is not come with backtrack ; It`s very powerful  tool for information gathering and its name is FOCA (Fingerprinting Organizations with Collected Ar­chieves). It is windows based  tool ; you can install it in...

Read More

Firefox Add-ons for penetration testers

In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools. If you are using BACKTRACK than use OWASP Mantra which has lots of useful Add-ons.(1)FirebugFirebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s...

Read More

Open source Information Gathering tool-Maltgo

Maltego is an open source intelligence and forensics application. It allows you to mine and gather information, and represent the information in a meaningful way. The word "open source" in Maltego means that it gathers information from the open source resources; it does not mean that Maltego is open source software. Maltego allows you to enumerate Internet infrastructure information, such as: • Domain names • DNS names • Whois information...

Read More

Information Gathering using Public Resources

On the Internet, there are several public resources that can be used to collect information regarding a target domain. The benefit of using these resources is that we don't generate network traffic to the target domain directly, so the target domain may not know about our activities. Following are the resources that can be use (1)http://www.archive.org :-Contains an archive of websites. (2)http://www.domaintools.com:-Domain name intelligence. (3)http://serversniff.net:-Free "Swiss Army Knife" for networking, serverchecks, and routing (4)http://centralops.net:-Free...

Read More

Exploit for Java version 7u21 and earlier

Java Applet ProviderSkeleton Insecure Invoke Method:-This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.Exploit Targets    0 - Generic (Java Payload) (default)    1 - Windows x86 (Native Payload)    2 - Mac OS X x86 (Native Payload)    3 - Linux x86 (Native Payload)$ msfconsolemsf > use exploit/multi/browser/java_jre17_provider_skeletonmsf...

Read More

How to exploit Directory traversal vulnerability?

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to bypass its filter , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available for this test which is DOTDOTPWN.If you are on other distro , then you can download it form here.It's a very flexible intelligent...

Read More

Exploit HP sytem managment

 There are two modules available for exploitation of hp system management.(1)HP System Management Anonymous Access Code ExecutionThis module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled.Exploit Targets    0 - HP System Management 7.1.1 - Linux (CentOS) (default)    1 - HP System Management...

Read More

CIsco Global Exploter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers.  CGE is command-line driven perl script which has a simple and easy to use front-end.Vulnerabilities list :[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability[2] - Cisco IOS Router Denial of Service Vulnerability[3] - Cisco IOS HTTP Auth Vulnerability[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability[5]...

Read More