Jul 9, 2011

Howto: Compile "Slowloris with TOR" Source Code.

Slowloris, DoS tool, holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they'll allow. Slowloris must wait for all the sockets to become available before it's successful at consuming them, so if it's a high traffic website, it may take a while for the site to free up it's sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they'll still be able to see the site. So it's a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later.

From my twitter, I got c source code of "slowloris with TOR" from someone in my following. SanguineRose / William Welna is owner of this link. I tried to compile it and I make this tutorial for someone want to compile it in Backtrack5.

*** After I compile it, I haven't test it yet. This tutorial just for compile it only.

1. Get the source code from Source and take it into file.
    $ vim slowloris-tor.c

2. Edit in line#154 from "fprintf(stderr, "Usage: %s <ip/hostname> <port>\n");" to " fprintf(stderr, "Usage: %s <ip/hostname> <port>\n",n);"

3. Save it.

4. Compile it.
   $ gcc -o slowloris-tor -l lpthread slowloris-tor.c

5. It's done. Try to run it with
   $ ./slowloris-tor

Source: http://pastebin.com/j6uVQ3yF

If you like my blog, Please Donate Me

Jul 8, 2011

Howto: Install evilgrade on Backtrack5

EvilGrade exploits weaknesses in the auto-update services of multiple common software packages. It is able to trick the service into believing there is a signed update available for the product, thus prompting the user to install the upgrade. Unfortunately the upgrade is in actuality an attacker’s payload. The nefarious part about this product is that it is very difficult for the average user to detect! Since it utilizes the software’s own update process, there is no suspicious looking box or popup that would seem out of the ordinary; it would look just like any other legitimate upgrade

How to install(1):
1. Download it from http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz
   $ wget http://www.infobytesec.com/down/isr-evilgrade-2.0.0.tar.gz

2. Extract it.
   $ tar xzvf isr-evilgrade-2.0.0.tar.gz

3. Install required perl module
   $ cpan Data::Dump

4. Run it.
   $ ./evilgrade

How to install(2):

1. Install via aptitude
   $ apt-get install isr-evilgrade -y

2. Install required perl module
   $ cpan Data::Dump

3. Run it
   $ cd /pentest/exploits/isr-evilgrade
   $ ./evilgrade

Thank you @Benjamin for "How to install(2)"

Vega | Open Source Web Application Scanner

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript.

Vega was developed by Subgraph in Montreal.

Download Link: http://www.subgraph.com/vega_download.php

Source: http://www.subgraph.com/products.html

Jul 7, 2011

Exposed Anonymous and LulzSec by Teampoison

After LulzSec and Anonymous released the Operation Anti Security = #AntiSec that some hackers disagree and agree and LulzSec  broke up the group. Now hacker group name's Teampoison has released about information of LulzSec and Anonymous members. You can view it in the below link.

Download Link: http://www.wupload.com/file/45239054/expose_lulzsec_and_anonymous.docx

Pastebin Link: http://www.pastie.org/2173213

Jul 4, 2011

Article: Penetration Testing with Brute Forcing Tool.

This article will show you how to use Metasploit for penetration testing with brute forcing module or another technique of Metasploit and how to post exploitation without TTY. This article has written by myself and sorry about my bad English. Please download pdf to view.

[Attacker Machine]
OS: Backtrack 5 GNOME 64bit Version.
Metasploit Version: 3.8.0-dev r13091
Sucrack Version: 1.2.3
IP Address:

[First Victim]
OS: Ubuntu 10.10
IP Address:
Internal IP Address:

[Second Victim(Internal Network)]
OS: Windows XP SP2
Internal IP Address:

                We don’t have any information about the network and deeply information of the first and second victim. We have only IP Address of first and second victims. But our goal’s to get the shell in second victim.
                My target is the second victim that it was in internal network. So the first thing we must do is own the first victim and change it’s to my gateway for connecting to internal network. And finally, own the second victim.

Download Link: http://www.wupload.com/file/43221143/penetration_testing_linux_with_brute_forcing_tool.pdf

The two faces of hacking

This picture will show you the level of incident and hacker. If you want detail of this picture, please go to the Source.

Source: http://spectrum.ieee.org/static/hacker-matrix

Jul 3, 2011

Howto: Compile program for 32bit On Ubuntu 64Bit

Sometimes I want to compile package or program for 32bit in my Backtrack 5 GNOME 64bit. And this post will tell you how to do like that.

1. Install required package.
    - apt-get install g++-multilib

2. Set option of configure with CFLAGS=-m32 for 32bit compiling.
    - ./configure CFLAGS=-m32

3. Now compile it.
    - make

If you want to compile c language with gcc, please try like this.gcc -m32 -o outputfor32bit helloworld.c

Apple database was release by Anonymous

Anonymous continue his jobs. Now Anonymous hacked Apple database via "http://abs.apple.com:8080/ssurvey/survey?id=".
If you want detail of this incident, please go to the Source or this pastebin.

pastebin: http://pastebin.com/tkmZDG9m
Download Link: http://www.wupload.com/file/42053966/Apple_Database.txt

Update: You can view another incident of Apple.com in comment. 

Source: http://www.thehackernews.com/2011/07/apple-database-hacked-with-sql.html

Stuxnet Source Code was release now.

Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems,and the first to include a programmable logic controller (PLC) rootkit

Download Link: http://www.multiupload.com/BDNYSCY5PC
Mirror Link: http://www.wupload.com/file/42052150/Stuxnet-Sourcecode.rar 

Source: http://www.thehackernews.com/2011/07/stuxnet-source-code-released-online.html