Wednesday, September 28, 2011

How to jailbreak iphone

kat sini nak tunjukkan camane nak buat jailbreak iphone 4 ipad dan ipad2.

first surf internet dgn menggunakan ipad,iphone dan ipad2 dan bukak website ni

klik butang install dan secara automatik jailbreak dah install kat phone anda.untuk tahu lebih lanjut tgk sama ada software "cydia" ada ke tak..hehhe

bersambung pada part 2 hehehe

Thursday, September 22, 2011

DroidSheep: one click session hijacking using android.

biase kita biaso dongar org buek sniff guno pc jo guno macam-macam tools.sekarang pakar develop android yang goma buekj program dapat buat satu tools untuk sniff iaitu Droidsheep.konsep dio lobih kurang macam fireship dan faceniff p dio lagi nampak senang digunakan

DroidSheep is a one-click session hijacking using your android smartphone or tablet computer.

It is very simple to use DroidSheep, Just start click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click.

There are similar tools we have talked about firesheep and facesniff

When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
What do you need to run DroidSheep?

* You need an android-powered device, running at least version 2.1 of Android
* You need Root-Access on your phone (link)
* You need DroidSheep You can get it in the “GET IT” section

DroidSheep now supports nearly all Websites using Cookies!

* With Version 5, DroidSheep got the new “generic”-Mode! Simply enable it, and DroidSheep will capture all Accounts in the network!!
* Successfully tested with ALL already supported Accounts and a lot of other ones even all WordPress and Joomla-Pages should work.

There are some limitations

DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data

It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.

Tuesday, September 20, 2011

Autopwn Metasploit Backtrack 5- Postgresql Solved

Metasploit is one of the best database and a software that has a list of exploits for different softwares, nmap is the great network scanner tool and when we integrate Metasploit and nmap each other than we can create a wonderful combination that will really helpful in the process of penetration testing and ethical hacking.

Beside nmap we can also integrate nessus result into metasploit and this tutorial has discussed before but we got many comments and messages that postgresq is not working on Metasploit in Backtrack 5, so here is another video tutorial that will show you how to use postgresql server on Metasploit in backtrack 5.

The tutorial will also teach you about Metasploit autopwn by using nmap results. After this tutorial you can say that the problem of postgresql on Metasploit has solved.

For more about meterpreter you can see social engineering toolkit tutorial on backtrack 5.

OpenSSH Tutorial for Linux-Windows

kat sini nak share berkenaan tentang openSSH totu ni dalam bahasa english

SSH or secure shell is one of the best way to secure your communication on the Internet, if you want to connect remote computer from public places like coffee shop, work place and even from your home. It is recommended to use a secure channel (encrypted) to establish the connection and for transferring the files (Data). The theory behind SSH has been discussed before and as we have shared the best SSH clients for windows operating system.

This article is a tutorial based article.

What Is OpenSSH

OpenSSH is a SSH client that provide end point security by using encryption techniques for the applications like Telnet,FTP and rLogin.

OpenSSH Tutorial

Normally OpenSSH used in Linux operating system however windows version of OpenSSH is also available and for this tutorial I will use Backtrack 5, you can use some other Linux distribution as well because we discuss each and everything from basic.
Backtrack 5 has OpenSSH client so for me there is no need to download OpenSSH and most of the Linux distribution has SSH client so for vary first step open the terminal and check that your SSH.

rootbt# ssh

If you will find the response like this, means you have SSH client on your OS.

Follow the tutorial from this point because you have SSH client, if you don't have OpenSSH client than leave this section and move to the installing section below.
Below is the simple command to connect a remote computer:

ssh user@remotemachine

The good practice is to use specific ports for this connection like:

ssh -p remoteport -D localport -f -C -q -N user@remotebo

Remoteport = Port for the remote SSH server , remember default port for SSH is 22 but you can use some other ports as well.
Localport = Port for the local SSH client (your computer).
Remotebox= IP address of the remote device
user= user is the username for the remote computer
-C = Enable encyrption

Install OpenSSH

There are many ways to install OpenSSH like you can get source file from the official website but for this tutorial on the terminal type:

pacman -S openssh

If you dont have a pacman in your box than you need to install it by using

apt-get install pacman

The SSH daemon can be find here /etc/ssh/sshd_config
Now for connection tutorial see above.