background preloader

BackTrack Wiki

BackTrack Wiki

Project Frenzy - FreeBSD-based LiveCD Nmap Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. A typical Nmap scan is shown in Example 15.1. Example 15.1. The newest version of Nmap can be obtained from

SecurityTube Tools Wireshark We're having a conference! You're invited! Wireshark Training Wireshark University Co-founded by Laura Chappell, inspirational instructor, consultant, and Wireshark expert, provides training, Network Analyst Certification, and resources for all levels of Wireshark users. Visit Wireshark Network Analysis The Official Wireshark Certified Network Analyst Study Guide is now available. Wireshark Certified Network Analyst: Official Exam Prep Guide Want to become a Wireshark Certified Network Analyst? User Documentation User's Guide The Wireshark User's Guide is available in several formats: Web pages (browseable): One huge page or multiple pages Web pages (ZIP file): One huge page or multiple pages PDF: US or A4 Windows help: CHM file Command-line Manual Pages UNIX-style man pages for Wireshark, TShark, dumpcap, and other utilities Display Filter Reference All of Wireshark's display filters, from version 1.0.0 to present. Release Notes Version 0.99.2 to present. Security Advisories

GnackTrack - Gnome Based Penetration Distro GnackTrackR6!!! GnackTrackR6 is now officially released. R6 has recieved support from some new DEVs so we now have more fingers working on GnackTrack. We have added patches to the compat-wireless modules so R6 has better support for injection and monitor mode. Click here to download the live CD GnackTrackR6.iso Click here to download the live CD GnackTrackR6.iso.torrent 3bc79e7bc733fd6d4a15b0fb075c3c64 GnackTrackR6.iso Click here to download the VMWare image GnackTrackR6.7z f70241fb268f11f061e6fa0361a746ea GnackTrackR6.7z GnackTrack WiFi Fix We have had recent issues with wireless within GnackTrack and have had to release a fix for better (and faster) packet injection. Ethan Dotson has been hard at work testing and creating this script in order to fix the wireless injection support within GnackTrack version R4 and R5. Click here to download the script. Or if you're feeling lazy simply copy and paste the following code into a terminal. GnackTrackR5!!! GnackTrackR4!!! GnackTrackR3!!!

Netragard’s Hacker Interface Device (HID). | Netragard's SNOsoft Research Team We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas. With all of these limitations in place, we were tasked with penetrating into the network from the perspective of a remote threat, and succeeded. The first method of attack that people might think of when faced with a challenge like this is the use of the traditional autorun malware on a USB stick. Just mail a bunch of sticks to different people within the target company and wait for someone to plug it in; when they do its game over, they’re infected. Enter PRION, the evil HID. A prion is an infectious agent composed of a protein in a misfolded form. With the mouse and the USB board prepared we began the process of soldering.

daily grml snapshots / builds About This page provides automatically generated snapshots of the Grml Linux Live system which were built using grml-live. If you don't know what Grml is, please see the Grml FAQ. WARNING: Feel free to use the ISOs but please note that they are not official stable releases. They contain the latest code, but bugs are also likely. In fact, these snapshots may not work at all. Please report any bugs you notice. Download Note: the first link on each line points to the most recent available snapshot of the corresponding Grml flavour. Debian testing based Grml images grml-full grml64-full_testing (64bit): latest ISO sha1 -- Older Versions grml32-full_testing (32bit): latest ISO sha1 -- Older Versions grml-small grml64-small_testing (64bit): latest ISO sha1 -- Older Versions grml32-small_testing (32bit): latest ISO sha1 -- Older Versions Debian unstable based Grml images grml64-full_sid (64bit): latest ISO sha1 -- Older Versions grml32-full_sid (32bit): latest ISO sha1 -- Older Versions base files

DEFT Linux - Computer Forensics live cd Justin Ribeiro / How to use Perl, Tor, and cURL to game an IP check voting engine 10 Jul 2009 Every once in a while I like to spend some time looking at a problem that isn't even a problem. Maybe it's a proof of concept, maybe it's something that just vastly has the potential to be something more. Other times, maybe I just want to game the system just because I can. I can have fun too. Gaming online voting has been around since the invention of online voting. The site in question (which shall remain nameless) had some 50 candidates (ideas one might call them) that could receive votes. Time to load up Tor. To test my IP address restriction theory, I ran Tor, submitted vote again, and it worked. I set this up on Linux. . Since we can now change our identity at will, lets work on the POST. curl -s --socks4a localhost:9050 -e {YOUR_REFERER} -d '{POST_VARS}' -A '{USER_AGENT}' {TARGET_SCRIPT} What exactly is that piece of command line gold doing? This simple command will submit a single vote to a target and return what ever the target script has to offer. I like Perl a lot.

Hacking Illustrated: Computer security videos Phreaknic 12 (2008) Hacker Con This is a quick and dirty video documentary of the things that when on around the talks and event at Phreaknic 12 (2008). Don't watch if you get sick at shaky cam movies like Blair Witch or Cloverfield. Intro and leaving Louisville with Brian. HackQuest :: Learn about Hacking, Cracking, JavaScript, PHP, Cryptology and Password security AntiSec and Anonymous: Is Law Enforcement Barking up the Wrong Tree? Image Credit: AnonOps Following a series of high end hacks against US authorities, analysts have come to question whether law enforcement can ever really deal with the Anonymous collective. The debate re-emerged on 3 January after Anonymous posted a link to an MP3 recording of a conference call between the FBI and Scotland Yard. The call chronicled a conversation between the FBI and British authorities discussing the two's ongoing LulzSec and Anonymous investigations. The fact that the majority of the call was spent with each agency sharing the information it had - not all of which was uniform in what it was saying - demonstrated the problem facing law enforcement agencies hunting for Anonymous members. How Deep Does the Rabbit Warren Run? Operating off an open IRC channel, the collective allows any user to join and become a member, or "Anon" as they tend to refer to themselves. Chasing the Wrong Bunny Specifically, Sullivan cited an exchange between Sabu and Weev as proof of his theory.