₦airaland Forum

Slyr0x: Great idea bro. .I actually worked on some hacking challenges some years back (links below)

1st Pre-Lab here : https://www.nairaland.com/nigeria/topic-686713.0.html
2nd Pre-Lab here: https://www.nairaland.com/nigeria/topic-686904.0.html
3rd Pre-Lab here: https://www.nairaland.com/nigeria/topic-687033.0.html
4th Pre-Lab here: https://www.nairaland.com/nigeria/topic-689322.0.html
5th Pre-Lab here: https://www.nairaland.com/745579/hacking-challenge-cross-site-scripting

. .and another thread "Web Security Tutorials" that served as a discussion room for solving Enigma Group's hacking challenges. .

I discontinued the threads though as Seun was not too keen on having hacking threads on Nairaland 'cos of Google Ads. .Now that Google ads have been scrapped, we can push forward this great idea. .

There are 2 ways to which we could go about this :

1. Use an already built hacking challenge site like hackthissite, enigma group while Nairaland will serve as the discussion room
2. We can contribute and buy a dedicated server. .this way, we can have full control over the server as well as developing/uploading "vulnerable by design" OS. .i.e. rooting a linux box through some web application vulns etc

Great idea. .count me in. .

that is cool. am also in.

Slyr0x: Great idea bro. .I actually worked on some hacking challenges some years back (links below)

1st Pre-Lab here : https://www.nairaland.com/nigeria/topic-686713.0.html
2nd Pre-Lab here: https://www.nairaland.com/nigeria/topic-686904.0.html
3rd Pre-Lab here: https://www.nairaland.com/nigeria/topic-687033.0.html
4th Pre-Lab here: https://www.nairaland.com/nigeria/topic-689322.0.html
5th Pre-Lab here: https://www.nairaland.com/745579/hacking-challenge-cross-site-scripting

. .and another thread "Web Security Tutorials" that served as a discussion room for solving Enigma Group's hacking challenges. .

I discontinued the threads though as Seun was not too keen on having hacking threads on Nairaland 'cos of Google Ads. .Now that Google ads have been scrapped, we can push forward this great idea. .

There are 2 ways to which we could go about this :

1. Use an already built hacking challenge site like hackthissite, enigma group while Nairaland will serve as the discussion room
2. We can contribute and buy a dedicated server. .this way, we can have full control over the server as well as developing/uploading "vulnerable by design" OS. .i.e. rooting a linux box through some web application vulns etc

Great idea. .count me in. .

that is cool. am also in.

Slyr0x: Great idea bro. .I actually worked on some hacking challenges some years back (links below)

1st Pre-Lab here : https://www.nairaland.com/nigeria/topic-686713.0.html
2nd Pre-Lab here: https://www.nairaland.com/nigeria/topic-686904.0.html
3rd Pre-Lab here: https://www.nairaland.com/nigeria/topic-687033.0.html
4th Pre-Lab here: https://www.nairaland.com/nigeria/topic-689322.0.html
5th Pre-Lab here: https://www.nairaland.com/745579/hacking-challenge-cross-site-scripting

. .and another thread "Web Security Tutorials" that served as a discussion room for solving Enigma Group's hacking challenges. .

I discontinued the threads though as Seun was not too keen on having hacking threads on Nairaland 'cos of Google Ads. .Now that Google ads have been scrapped, we can push forward this great idea. .

There are 2 ways to which we could go about this :

1. Use an already built hacking challenge site like hackthissite, enigma group while Nairaland will serve as the discussion room
2. We can contribute and buy a dedicated server. .this way, we can have full control over the server as well as developing/uploading "vulnerable by design" OS. .i.e. rooting a linux box through some web application vulns etc

Great idea. .count me in. .

that is cool. am also in.

BackTrack6: @Doncrust, scroll up and find out. Anybody cracked Windows SAM file?

you can also use cain

kiddie: just thinking i don't know much about metasploit just and wanna develop myself wld love if you could teach me

i bliev this packet storm book on metasploit will help you. u can get it from http://packetstormsecurity.com/files/download/119280/MetasploitGuide.pdf

kiddie: waoh u know much about crypting really working on 1 bt dos free crypters arent good y? cos some d.ummies sends their crypted files 2 online scanners which makes them not fud (fully undetectable) recommend using paid crypters

yea. you right but i hardly use it. i prefer using metasploit msfencode.]

Slyr0x: ^^^Well said. .

But how is talking about "reliable web hosting site that can host botnets" like the post below Whitehat?

.

Inasmuch as we all want to disseminate information, like you rightly mentioned, we should be very careful as there is a very thin line between both. For malware researchers/analysts, learning how to write bots just like the russians, could be an added advantage. .but the moment the reason for your knowledge acquisition is so you can infect people with malwares and recruit victims into your botnet(s), then I must say, there is nothing ethical about your deeds!

noted boss.

Slyr0x: I always thought this thread was meant for "Ethical Hackers". .Am afraid some posts up here speaks nothing of such. .

yes boss it is. any menber here av been warned using there knowledge for evil act. you might say that some post might look like black hat but what i want you to know is that there is a thin line between black hat and white hat and the difference is not in what you knw but in what is in your heart. a white hat and black hat hacker av the same knowlegde base but what differentiate them is what they want to do with what they knw. truly dare are some ppl here that will eventually use what they learn here to do evil but this will give other good ppl the capability to protect themself. remenber both the police and thief are train to use gun, but the way the gun is been use is what make them different. u can try and read any white hat book and then read book on black hat and i can tell you that the only difference you will see is in the white hat u will be warned to check your country cyber law before engaging in any hacking practise while the black hat book might not encourage you to do so. and apart from that u might no see any significant difference. that is what i think but i stand to be corrected. and am happy there are ppl like backtrack6, doncrust and some other great guru who av the ability to read ppl more than i do.

centrex: hey guys we did some video on window xp / window 7 vulnerabilities owning the windows box... check it out

http://www.youtube.com/edit?ns=1&video_id=AeR4A6nQn90

There is no video.

this is a link to a crypter http://aegiscrypter.googlecode.com/files/AegisCrypter3.3.zip

curiouslad: Is it invisible to antivirus scanners?

I know a host of them, I use KGB but most of them get picked up by Antiviruses

not really but if u want to make it invisible u need to do either use a crypter or do a ghost writing but u need to know tht there are two main type of anti-virus. signature and heuristic mode anti-virus. most ghost writing work best with signature base anti-virus. so what am saying different antivirus require evasion method. i might be posting evation technique tutorial soon.

xup guys. i would like you guys to check this software out. the name is "reflective keylogger" it is a keylogger and it has the ability to send you keystrokes to your email address at a particular time interval".

just completed my exam. praying begins.

am having my exam today 1:30 to 3:30 computer science. just want to ask the type of question to expect for the exam. great job guys thumb up.

shollynoob: please i just installed Ubuntu on my system. How can i get the Ubuntu version of my modem driver, and someone please suggest or a link to the Best IP hiding software.

it depend on how you want your privacy. if you will be using browser only u can try download tor browser. u can also use it for some software but u will need some xtra configuration. this is a link to the official tor documentation https://www.torproject.org/docs/tor-doc-unix.html.en

pls am shedule for day one i.e thursday. pls i want to knw if am required to bring any other document except from my cbt for and my online registration form.

BackTrack6: Ethical hackers don't brag, they do their stuff. Nice one @doncrust. So many times I wonder if our people in government think we are fools. U can imagine the NCDSC paraded a boy saying he hacked in sss, jamb, neco and their own site. The story is that the boy claims to be an expert in web designing. When did a web designer become synonymous with a hacker or has site cloning become hackinng? Moreover, when did the sss begin to have a website? Rite from time the sss dosnt hv a site so I wonder who they are trying to cajole. Hmmmmm.

lol. am not even sure any of our security agency have an IT department with qualify individual. and the most anoying part is dat am not sure they knw the different between a internet scammer and an hacker, to them they are both the same "yahoo yahoo" guys. and it is an insult comparing a "yahoo yahoo guys"(most who am not really sure can list the seven layers of an OSI internetworking model) to an hacker whether good hat or black hat. i once have an encounter with an sss agent. i was with my friends teaching the guy programming. so there came a guy who was asking us that "are you guys doing yahoo yahoo?"(imagine this kind question). i got angry with the question but not knowing who the person was so i said back to the person "yea. in fact am the one teaching them". then suddenly i saw my friend running away(seems like they know the guy as an sss agent). so i thought that where the hell is my friends running to. but the guy finally told me he is sss agent that i should give him my system. i said ok and gave it to him. then i notice the guy is searching for any .txt file. since i knw some ppl who are yahoo yahoo guys i knw the guy is looking for .txt file that contain "format" the way the yahoo yahoo guys calls it. after searching for about 30min and he cant find anything he return my system. then i thought to myself that if am truly into yahoo yahoo and i av one million format i av more that hundred ways to mke the file invisible to someone who search for .txt file the way the sss agent just did. i just said to my friend "see an illiterate computer literate"

BackTrack6: Ethical hackers don't brag, they do their stuff. Nice one @doncrust. So many times I wonder if our people in government think we are fools. U can imagine the NCDSC paraded a boy saying he hacked in sss, jamb, neco and their own site. The story is that the boy claims to be an expert in web designing. When did a web designer become synonymous with a hacker or has site cloning become hackinng? Moreover, when did the sss begin to have a website? Rite from time the sss dosnt hv a site so I wonder who they are trying to cajole. Hmmmmm.

lol. am not even sure any of our security agency have an IT department with qualify individual. and the most anoying part is dat am not sure they knw the different between a internet scammer and an hacker, to them they are both the same "yahoo yahoo" guys. and it is an insult comparing a "yahoo yahoo guys"(most who am not really sure can list the seven layers of an OSI internetworking model) to an hacker whether good hat or black hat. i once have an encounter with an sss agent. i was with my friends teaching the guy programming. so there come a guy who was asking us that "are you guys doing yahoo yahoo?"(imagine a this question). i got angry with the question but not knowing who the person is so i said back to the person "yea. in fact am the one teaching them". then suddenly i saw my friend running away(seems like they know the guy as an sss agent). so i thought that where the hell is my friends running to. but they guy finally told me he is sss agent that i should give him my system. i said ok and gave it to him. then i notice the guy is searching for any .txt file. since i knw some ppl who are yahoo yahoo guys i knw the guy is looking for .txt file that contain "format" the way the yahoo yahoo guys call it. after searching for about 30min and he cant find anything he return my system. then i thought to myself that if am truly into yahoo yahoo and i av one million format i av more that hundred way to mke the file invisible to someone who search for .txt file the way the sss agent did. i just said to my friend "see an illiterate computer literate"

BackTrack6: Ethical hackers don't brag, they do their stuff. Nice one @doncrust. So many times I wonder if our people in government think we are fools. U can imagine the NCDSC paraded a boy saying he hacked in sss, jamb, neco and their own site. The story is that the boy claims to be an expert in web designing. When did a web designer become synonymous with a hacker or has site cloning become hackinng? Moreover, when did the sss begin to have a website? Rite from time the sss dosnt hv a site so I wonder who they are trying to cajole. Hmmmmm.

lol. am not even sure any of our security agency have an IT department with qualify individual. and the most anoying part is dat am not sure they knw the different between a internet scammer and an hacker, to them they are both the same "yahoo yahoo" guys. and it is an insult comparing a "yahoo yahoo guys"(most who am not really sure can list the seven layers of an OSI internetworking model) to an hacker whether good hat or black hat. i once have an encounter with an sss agent. i was with my friends teaching the guy programming. so there come a guy who was asking us that "are you guys doing yahoo yahoo?"(imagine a this question). i got angry with the question but not knowing who the person is so i said back to the person "yea. in fact am the one teaching them". then suddenly i saw my friend running away(seems like they know the guy as an sss agent). so i thought that where the hell is my friends running to. but they guy finally told me he is sss agent that i should give him my system. i said ok and gave it to him. then i notice the guy is searching for any .txt file. since i knw some ppl who are yahoo yahoo guys i knw the guy is looking for .txt file that contain "format" the way the yahoo yahoo guys call it. after searching for about 30min and he cant find anything he return my system. then i thought to myself that if am truly into yahoo yahoo and i av one million format i av more that hundred way to mke the file invisible to someone who search for .txt file the way the sss agent did. i just said to my friend "see an illiterate computer literate"

wisemania: ^^xame here bro, its like d bosses @d 709 dnt wan2 11573n to 0ur 9134, pl3453 "honourable ehical hackers" c0m3 70 our rescue..i realy want to be an Ethical hacker,am currently on webdesign coz i read that all hackers know html,css,js,php/perl/c/cpp/ruby so am curently on jscript for now,...can you bosses just give us some links on where to learn advaaaaaaaaaance js,jQ,ajax,php. etc,coz ive completed w3schools and quackit.com tutorial yet i couldnt exibit it greatly in real life situations,bt am currently using mozilla online tutorial for now....i crave your indulgence once more to drop some useful links as regards the subject above....thanks in anticipation...proudly N41J4!...

@doncrust do well to drop the mtn bis cheats,i realy need to get on line ...thanks

i will recommed this book for you "the underground hacker handboo". it is a very comprehensive beginner textbook. it contain different type of hacking (beginners level). it is the first textbook about hacking i read nd i still believe that it really helps me cover the basic wen reading advanve book. you can download it from http://www.epubbud.com/book.php?g=PS8Z6WRS. what i will advice you is that always practise each example in the book and dont move to the next page unless you understand the previous. once you are thru with the book hola tip and i will send you another textbook. about the programming issue. it is good to understand programming becos it can help you wen u start ur hacking training even i can say that is hacking that push me to programming and today am working as a software engineer for a company. also try to learn networking a little, you might be face with a situation ware ur networking ability comes handy. wen u start reading the book u will understand me better. post any problem u face along the way and am sure the gurus in the house will help you out.

BackTrack6: How many of u guys are attending CENTREX's Cyber Security Training program?

i dont attend it. i thought they are station in abuja?

and one things i forget to add is that this attack cannot really be prevented. the only way that u can notice is that the favicon of the website change to padlock. so guys watch out

BackTrack6: @just_thinking u are d man. Wow a MITM program. Dat I know how to use some h4ck1n9 t00!5 doesn't make me a don oo. Well, I am still a learner. I am downloading it already to try out on my BT5. I can use Cain and Abel for MITM but I will sure try this out. Ooops...I crashed my system (incessant power outages was making my system not shut down properly and when I eventually put it on nothing was responding. I simply had to format my system with all my better better programs *sobbing*)
Thank God for back up sha. My lappy's back, my virtual machine's is running again and my BT5 is asking for me to issue it some commands. I am really here.

Ehn ehn before I comot, there are some of us here who are newbies to this EH club. U need to be very careful on some videos out there. So many videos tell u to just download some programs and with it u can begin to hack and get usernames and passwords of yahoo, facebooks, gmail etc. with just some clicks.
My people all of those are big lies. What they succeed in doing is that once you download to programs u will now be asked to activate the program. In activating it, they redirect u to some stupid pages to fill in some stupid surveys, which you'll never end filling. With this they succeed in hacking the hacker instead and your system will become a zombie. Let's keep sharing ideas here. God bless us.

lol. we are all still a learner oo and am happy that you finally get ur system up and running boss.

pics

picture

since am having problem sleeping, I would like to talk about one of my fovorite tools which name is the almighty "subtefuge". am not sure if any of you have heared about it but the tool is really a real badass. it make you do little work and achieve very high success. this tool is use to hack all website that uses https (which include facebook, gmail, banks e.t.c on the network without you doing some extra work. this tool uses ssltrip(i av posted the tutorial before) but it makes it very simple to use i.e it help to do the dirty and stressful job. so let started.

Tools Needed
---------------------
Subterfuge. you can download it from http://subterfuge.googlecode.com/files/SubterfugePublicBeta5.0.tar.gz because it doesnt come preinstall on BT or kali

Bactrack( you can also also kali or any linux version but since am using Bt i will be using my OS)

Thing to do
------------------------------

1 .After downloading, open your terminal and enter " tar fvxz SubterfugePublicBeta5.0.tar.gz ". it will create a directory for you called subtefuge.

2. Enter command "python subterfuge/install.py" then you will see a gui. just check full install with dependencies and click next.

3. Let it complete the installation. and enter the command "subterfuge", you will see a command saying developement server is running at http://127.0.0.1:80. just use any browser to point to that address

4. you will have a user interface. just click on setting. then at the interface choose the interface you are using to browse or access the network. if you are using cable it is mostly eth0 or wlan for wireless. just choose eth0 and save.

5. go back to the homepage and click on start. just leave it and it will automatically capture all password been use in the network. for example i try accessing my facebook, yahoo account. they booth uses ssl protocol (https) for data transfer.

6. go back to subterfuge and you will notice all the password have been captured

This tool contain other model wich i will be presenting it tutorial soon.

WARNING: I just want us all to know that great power comes great responsibility. I know we all understand what that means. Later boss

Slyr0x: Please let's drop this so we don't derail any further.

@centrex, do you have a lab in Lagos? Does it open on weekends? I'd like to visit

@just thinking, not anymore . .BTW you working on those vuln ISO images yet?

i av completed the vuln ISO v1. kloppix
ETA: 43MIN
Tools use: nessus, metasploit.
Vulnerabilty : samba 2.2.0 to 2.2.8
Payload: linux revers shell
action: i was given a root shell. so i access the password file. to download the cypher text(encrypted password). but i dont want to waste too much time on cracking the password so i use " passwd root" to change the root password. i just use my new password to login.
(it is fun )
but the iso is damm vulnerable. i will try hacking it using another method.

megatran: lest i forget, i have plans on setting up my lab to look something like the pic below..altho the cash aint here now but i have aspirations. Am actually working on setting up my sattelite server at my place bt the installation guy dey yan 50k and thats without workmanship. i have other plans sha. i hope by the end of this independence month i will see my own independent sattelite server and use it to celebrate my own independence from Gsm network providers..wish me luck as i do u

dat g8t. but heared dare subscription is a killer. wich isp u plan using.

DonCrust: i'll try to re-download it.
I make use of tweakware and pd-proxy. For now tweakware has stopped but pd-proxy is still working. The free account has a daily limit of 100mb/day but you can beat that if you have many accounts and switch before each gets to 90mb. The premium is unlimited and its the best option. I use it with daily bis cos of the data cap

wow. dat great i wuld love it if you can write a tutorial on it. am sure alot of ppl here are also interested.

DonCrust: BT.
That means i'll have to download it all over again... No be small thing o!

yea i think so. it once hapen to me. actually my first time downloading bt. and also can u tell me how u do ur vpn internet am interested.

DonCrust: Thanks for the well articulated tutorial. I've actually installed the vm since last night and tried all i could to make it work but got an error message at step 13.
Under the attributes, IDE secondary master is active and from its side, i clicked on host drive after which i clicked the "choose a virtual cd/dvd disk file" to select d .iso file.
When i clicked on start, i got this error message...
FATAL: Could not read from the boot medium! System halted.

What do you think the problem is and how can i fix it? Thanks so much!

the iso is not gud. probably get corrupted during download. wich OS is that?

Am sorry for making for not posting this tutorial earlier. Now let get things rolling

Requirement
----------------------------------------
( I will be using bactrack 5r1 for this tutorial. You can also use this steps for other OS installation)

1. Bactrack 5R1 gnome version
2. Sun VirtualBOx
3. Operating system image (.iso) file
4. You (lol....)

Steps
--------------------------------------------
Step 1. Install virtualbox (i guess you can do that).

step 2. After installation open virtual box. you will have a view like this <img> step1 </img>

step 3. Click on next "NEW" on the upper part.

step 4. A wizard show "Create New Virtual Machine". Click on next

step 5. The wizard ask you to enter a name you want to identify the operating system. you can use any name

you want but it is you might want to use the real name of the operating system you are trying to install.

e.g "Bactrack 5R1". Under the textfield you will see "OS Type". since bactrack 5 lies under linux just

choose "linux" and version "Ubuntu". if you are trying to install windows you need to choose "Microsoft

windwos" on the operating system. Click Next <img>step 2</img>

step 6. The next window ask you to select the memory (RAM) you want to dedicate for your new OS. You can

just drag to scroll bar till you get to the memory size you want (it is advisable not to dedicate more

than half of your total memory to the virtual machine because it can make your host system (the system you

are running virtual box on) slow, which in turn make your virtual OS slow. but since am using 3gb RAM i

will be giving this new system 1Gb. dont forget you can change this later. <img> step <img>

step 7. The next window ask you about your virtual harddisk. there are two options one is "create new hard

disk" you use this if this is the first time you are creating this operating system. The second option is

"use existing hard disk". you use this options if you want to use harddisk you hav\e created before.

virtual box harddisk have (.vdi) format. Since we are just creating a new operating system for the first

time then the first option is our pick. Click Next <img> step 7 <img>

step 8. The Next page welcome you to new virtual disk wizard (you are seeing this page because you want to

create a new hard disk. if you have choose the second option at step 7, you will not be seeing this page.

Click on Next.

step 9. The next page ask you if you want you want to create either a dynamic expanding storage or a fixed

size storage. dynamic storage have advantage over fixed size storage because if for example you have 200GB

hard disk size and you want to give your virtual OS 20gb. if you choose fixed size storage, the virtual

box will automatically remove the 20gb from you hard disk i.e you harddisk size will become 180gb without

you even installing the your Virtual OS but if you choose dynamically expanding storage, your harddisk

size will still be 200GB, the more you use it the more it reduce. if for example you copy 10GB file tp ur

virtual OS your system hard disk will be 190Gb but it will not allow the virtual OS to use more than 20Gb

from your system hard disk. so choose dynamically expanding storage and click on NExt <img> </img>

step 10. Enter the the size of your hard disk and click on Next

step 11. Click on finish.

step 12. Click on Setting on the upper part of the virtual box

step 13. Click on storage. under the storage drive click on "host drive" (with the disk logo). on the

right side under the "attributes" click on the folder with green up. after clicking on the folder a window

will show. click on add and search for your iso file. after that close the window and go back to the

virtual home page. and click on start

step 14. install the OS. (let me know if you av any difficulty with that)

step 15. Install other OS like that. all you just have to change is the .iso image

step 16. After you have install all your virtual OS it is time to network them. to network them. click on

the Virtual Os and click on setting (you can get that at the upper lavel of the virtual box homepage.

click on the network. at "Adapter 1" check "Enable network adapter" on attached to click on "Host-only

Adapter" and on name choose "Virtual host-only ethernet adapter" then click on Ok. Configure your other

virtual OS like that. all your OS are network succesfully

step 17(optional). but in case you want to access the internet from your virtual os on the network

settings choose "Bridged Adapter" under attached to. once you choose that your adapter will be listed in

the name, it wwill include your wireless or Lan adapter. just click one which you are using to access the

internet and you will be able able to access the internet from your virtual OS.

if you have any other question hola tip.