Re: Honorable Chief Judge Beth Ann Gibson #anonymous #own #judge #support
IrcChatStopActa From GopherX
8. SSL: irc.anonops.pro:6697
10. SSL: irc.anonops.bz:6697
13. Welcome anons to #Defacement
17. Here we will cover the basics to get you started.
19. Please do NOT ask us how to hack, how to take down a web site, how to get revenge on someone you know online,
20. this is _NOT_ what we are about and you will not get support. Stay on topic and follow the channel rules.
22. Read this thoroughly before asking questions in the channel, chances are your answer will be either listed or linked to in here.
25. NOTE: VISIT #SETUP AND GET A GOOD VPN BEFORE YOU DO ANYTHING.
28. BackTrack 5 - http://www.backtrack-linux.org/
29. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments
30. in a purely native environment dedicated to hacking. Install BackTrack, and boot it from a Live DVD or thumbdrive.
31. Alternatively you can download the VMWare distribution and run it in VMWare player, inside your current OS.
32. The penetration distribution has been customized down to every package, kernel configuration, script and patch solely for the
33. purpose of the penetration tester.
35. Most commonly used tools in BT5:
41. PDF FILE ON HACKING VIA BACK TRACK http://bit.ly/xmbgxv
43. NOTE ON BACKTRACK: Upon loading, enter username: root password: toor
45. BackTrack 5 is not necessary, just recommended. While defacing can be performed via any Linux system.
46. BT5 provides a full toolset and will save you downloading ountless programs and compiling them yourself.
47. If you do not use BackTrack either Fedora or Ubuntu will fufil the purpose.
48. Ubuntu is better for beginners and is more user friendly, however Fedora is more stable and has less bugs.
51. If you are on Windows there is a free program called Net Tools ( http://mabsoft.com/nettools.htm ) it contains most of the Windows versions of the tools in BackTrack. It is a very powerful tool for defacing in windows.
53. Click DOWNLOAD
54. Select for ISO:
55. Back Track 5 R1
57. 64/32 - Your preference (64 recommended if your computer can run it)
59. Direct or Torrent. Your choice.
61. For VM:
62. Back Track 5 R1
68. Tools if you do not want or use BackTrack5. These are mostly for Linux, as Linux is the primary OS for hacking.
69. Some can be downloaded in Windows. If it can be downloaded via yum or apt-get I have listed so.
70.If I list the website it is most likely not available via these methods, but might be in the Linux software centre.
71. All tools are free to download and use.
73. Nmap ("Network Mapper") - http://nmap.org/
74. Free Security Scanner For Network Exploration & Hacking.
75. Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles.
76. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more.
77. There is a GUI front end to Nmap if you do not wish to work from the terminal called 'Zenmap'
79. sudo apt-get install Nmap
80. sudo apt-get install Zenmap
81. sudo yum install Nmap
82. In Fedora Zenmap can only be downloaded via the software centre.
83. A full tutorial on Nmap will not be provided, but you need to know your way around the terminal.
84. Zenmap is GUI based, and fairly straightforward to use.
86. Metasploit - http://www.metasploit.com/download/
87. Download metasploit community. Windows/Linux.
88. Metasploit is a program that targets vulnerabilities (that you have previously discovered) and does the exploit.
89. It can plant various programs and provide remote access.
91. HTTrack - http://www.httrack.com/
92. Website copier. Downloads and makes a page by page copy of a website.
94. yum install httrack
95. apt-get httrack
97. TheHarvester - http://www.edge-security.com/
98. A program so scour a website for all email addresses on a given site. Can return admin addresses, which can also be logins etc.
99. Feel free to download any other tools from this site, they are all tools for penetration testers.
101. MetaGooFil - http://code.google.com/p/metagoofil/
102. Extracts metadata from sites, hidden data that can provide intel, eg admin logins.
104. yum install metagoofil
105. apt-get install metagoofil
107. Nessus - http://www.nessus.org/products/nessus
108. Nessus is a vulnerablity sanner available on the Linux software centre.
110. Medusa - http://www.foofus.net/~jmk/medusa/medusa.html
111. Online password brute forcer. Requires you to provide login(s) and a list of passwords to try, or a password dictionary.
113. yum install medusa
114. apt-get medusa
116. Hydra - http://www.thc.org/thc-hydra/
117. Hydra is another brute forcer, that is much more versatile and faster than Medusa, but has a steeper learning curve.
118. However it is worth learning it's functionalities in the long run.
120. FastTrack - http://www.darknet.org.uk/2009/02/fast-track-40-automated-penetration-testing-suite/
121. Fast exploiter. Does the vuln scanning exploiting and everything in one go. If you use this, you will be considered a script kiddie.
122. Permissible if you are pressed for time. Runs on the Metasploit framework. Use google to learn how to install and configure.
124. Nikto - http://cirt.net/nikto2
125. Scans web servers for vulns.
127. yum install nikto
128. apt-get nikto
130. Web Securify - http://www.websecurify.com/
131. Detects SQL, XSS, and more vulns. Very versatile tool.
133. Netcat - http://netcat.sourceforge.net/
134. Provides easy communication between two computers, so installing it on the target computer provides an easy backdoor.
135. It is available on the Linux software centre.
137. OpenVas - http://www.openvas.org/
138. A framework of tools for vulnerability asessment.
140. Xsser - http://xsser.sourceforge.net/
141. A program to detect and exploit XSS vulnerabilities.
143. W3af - http://w3af.sourceforge.net/
144. A program to find and exploit web vulnerabilities.
146. Acunetix - http://www.acunetix.com/
147. Web vulneribility scanner
149. SQLi helper - http://www.4shared.com/zip/i7MRNXyy/SQLi_Helper_30.html
151. In some websites you can directly see the password but most of the websites encrypt them using MD5.
152. So you have to crack the hash to get the password.
153. To crack the password there are three ways
154. 1) Check the net whether this hash is cracked before:
157. 2) Crack the password with the help of a site:
161. 3) Use a MD5 cracking software. Use google to find your preferred tool. Try Jack The Ripper (pre installed on BT5)
163. Assuming you have all the tools downloaded, or preferably BackTrack 5, a good resource to read is http://bit.ly/xmbgxv.
164. It is a book on Ethical Hacking, and includes every tool listed above, and teaches you how to use them via the terminal.
165. It also teaches you all the steps of defacing, and is a great point to start before asking unneccesary questions.
167. SQL INJECTION
168. SQL injection involves interacting with improperly made forms on websites to get them to return informationg of value back to you.
169. It involves injecting code into their servers that usually ends the input code of their site, and then executes the code you injected on their server.
170. This can slowly be used to return information about logins and passwords.
171. Very good tutorial on SQL injection: http://pastebin.com/AmFpqTjj
174. XSS involves adding code to the URL of websites to exploit vulnerabilities in the script of the site. XSS makes up roughly 80 percent of all online security breaches. It involves gaining elevated user privileges onto the site to access items such as username and password databases, cookies and more. It can be crafted to add pictures and links that were not originally on the target site. These can then be used to send information to you from the target site resulting in the site being compromised and you gaining access.
175. XSS scripts to run, this is a very extensive list. Includes specific scripts to attack various web elements, and to bypass various filters. Use Ctrl + F to find what you're looking for. http://pastebin.com/GjJFzVy4
178. I am not responsible for any of the actions committed by anyone who reads this, nor do I condone using these tools to intentionally cause harm or damage any websites or servers.
179. I have made this paste to make people aware of the tools out there for testing their own sites and servers, not anything else.
182. For more information and tutorials visit: http://www.anonops.com/tutorials/
183. Quick channel access if you do not have your own IRC client installed.
184. Webchat: http://webchat.anonops.pro/
Sent to: ******