Search the Community

Hello, I am new to this hacking stuff. I'm curious so I'm trying out new things. One thing I came across is SSLstrip...I read about it and its use so I wanted to try it on a system. But after doing the steps as given in the video How To: Use SSLstrip On Kali Linux by Chris Haralson on YouTube, the victim system is still opening HTTPS. I tried using SSLstrip from BackTrack 5 r3 also...but I wasn't successful. I know I'm missing something..Please help me.

Hi guys ! I wanted to share my current module project for the pineapple: a "man-in-the-middle" module :) Features: - based on mitmdump and extendable through python scripts - log history - helpers to install javascript - editor to edit scripts Scripts Sample: - Simple_Alert.py -> Will trigger an alert to the user. - BeEF.py -> This would actually replace the BeEF Helper module ^_^ - Upsidedown.py -> Will reverse all web page, nice for April fool day - Snow_storm.py -> Will insert snow on all web page.

Tplink wn422g v2 usb is not working in my backtrack. I have a Toshiba satellite c50 series laptop. I tried "lsusb" command, it perfectly show in the list. After that i tried "tail -f /var/log/messages" command Help me

Hey everyone I need serious help with that What I'm looking for : i want to all advance hidden anonymity options in backtrack ("hide my privacy 99%") So What are their? I have some options about that. > spoof mac > spoof ip > spoof ttl values > spoof http header > spoof dhcp > use live cd > use rdp > use proxy exactly I want to more hidden method to hide my id. (out of my list) anyone help me? I always searching about that. now i am really tired. I'm not a very good English writer : help me...

Hey guys, Sorry if i put this in the wrong category. I'm trying to use ssl strip + arp spoofing. I do exact the same like on every tutorial. But once everything is done, my victim has no internet. He can't load the page! If i just arp spoof my target, use something like urlsnarf. Everything works fine... Can someone please help me, i'm searching a while for a solution. By the way, sorry for my bad english. :(

Hey guys! Ok so here's the lateset: I'm building a PXE server with int0x80! I've been following his video note for note, word for word. But when I try to boot from my laptop, I get a nice error: " No DHCP or proxy DHCP offers were found or received" Am I forgetting or missing a step in a file configuration? or is it as simple as port forwarding?

Yo Hak5 Comm! Hope everyone is well. So I have a confession to make: I forgot my router login credentials. That having been said , I have a plan of attack: Backtrack 5r3 in VM ware on my iMac (that is hardlined ) to my Century Link all in one (I know I know ) Is there any reason Hydra can't bruit force a Century Link router? I think it's still an https protocol so I personally don't see why not. BUT I wanna make sure from those who have more experience than I. Also Hydra can accept .txt lists right? Or does it really need something like a .lst format? Thanks as always!! B)

So I received a message from one of our fellow members on the forums. Maybe this should be stickied, maybe just moved to another thread, but the answer I gave applies to pretty much everyones questions in how to get started in hacking. DigiNinja did a whole questionnaire as well as a few talks on the same subject answering much of the same things, so I would suggest anyone having similar questions, go seek out his talk on YouTUBE. I'd post the links but I don't have them handy. They may even be on his site. Below was the question posted to me though, and my answer, and I hope it helps anyone looking for help in the same areas. ----------------------------------------------------------- Backtrack and Kali have much of the same tools installed. Kali is just 1, more stable, 2, more linux file system compliant, and 3, long term support with many new additions. As for books, I'm self taught up till now and am taking the OSCP class. If you want to learn it without taking a course, best place to start is 1, download either distro, 2, setup some virtual machines on your home network and 3, dive right in. Use places like YouTUBE and SecurityTube. Especially SecurityTube, for demos of tools found in both distros, but also the kali.org and backtrack-linux site's and their forums, as well as wiki's and documentation. Hacking is not exactly something one can learn by reading alone. It will get you started on terms and familiar with concepts but in reality hacking only happens by trial and error. No amount of books will change this other than one that took every question you had, and was written specifically to hold your hand and walk you through each hack, and there are no such books. People and Conference talks I would look to for videos, Derbycon conference videos, Defcon archives, Georgia Weidman and Raphael Mudge(for metasploit and armitage demos, classes). Georgia even gives online classes reguarly and has lots of talks online for free, hence check out SecurityTube. For reading, IronGeek's site has a shit ton of documentation, videos, links and more, and should also be on your list of things to dive into. There is no quick answer. It takes time, patience, dedication, lots of self searching, trial and error, and perseverance to get anything out of hacking, and its not the distro you use. Its not the tool someone else wrote. Its curiosity, not being afraid to try something new, and spending hours upon hours of trying one simple thing, that might take someone else 3 lines of code to do, but so long as you do it, you learn as you go, just like the rest of us. I'm also going to post this in a thread, since this is more or less helpful to everyone, and hopefully can answer peoples questions. ------------------------------------------- Anyone who has other suggestions, answers to give for the above question and topic in general, please feel free to add, such as books to help point in the right direction, classes to look into, sites, etc. There are more I could of listed, but for me, hacking is not something one simply sits down to do and "poof" magic happens because you booted Linux and suddenly your mr leet haxor(and no, that is not directed at the person asking the question, its a general comment for anyone thinking it makes a hill of beans difference what you use). Hacking starts with yourself, desire to learn, curiosity to tinker, self discovery and hard fucking work to research anything you want to learn. Most of us are self taught. I am, and would have loved to have been able to go to school for computers, find local 2600 meetings in my area or have a mentor, but the truth is, I had none. I learned what I know on my own, as I think most people have. Sure, some of you have taken a class on programming, so you may have a one up on others when it comes to understanding the fundamentals, but don't be deterred. Johnny Long, infamous creator of the GHDB, was self taught, and spawned a whole industry of OSINT hacking by simply trying things on his own, and networking with like minded people. This I would say, is your best bet as well. You can read all the books you want, and try all the tools in the world, but if you don't get your hands dirty actually trying things, learning how and why thing do what they do, or how a tool works in the first place and what its actually doing to make that happen, you won't be learning. You will be regurgitating and repeating nothing more than documentation on how to carry out a process, and that isn't hacking. For me, hacking is the desire to tinker, play, invent, and use your curiosity to learn as much as you can about something, and that takes time, and dedication. You can't get that from a book, or a tool. You can only get that from doing it yourself, and if you are not much of a self starter, well, there is no time like the present to start! I don't consider myself leet, or even a tenth knowledgeable about things regarding high end hacking techniques. That doesn't stop me from learning every day, and poking away at something for hours, that might take someone 5 minutes to do. You want to learn, you have to put in the time and effort to do so. There is a famous quote, one Mati uses in the OSCP course, taken from Abraham Lincoln. If I had 8 hours to chop down a tree, I'd spend 6 hours sharpening my ax. The same goes for anything you do in life, not just hacking. If you don't have the time to dedicate to researching and trying, even if you don't understand or know where to start, you won't ever get anywhere. Not to be cliché, but if you want to learn to swim, jump in the water and get started! (Just make sure you have a life vest on first. Some of you aren't very good swimmers, myself included...) - DigiP

Dear friends, How to spoof the TTL(Time to Live) value in backtrack. I have no idea about that. I search this topic with Google. But i have not a good result. So please tell me how to do this ? if you think TTL value is most important to hide my ID?

A tee shirt for the lovers of Kali (formerly BackTrack) linux. Check it out at: **Link Removed**

Can I use USB as memory for USB Live BackTrack 5 R3 Machine with W7? Make USB Live with BackTrack, restart, boot from usb, install and use usb memory for OS Linux BackTrack - is this possible?

Hello all, I am having an issue with DNS spoofing in backtrack 5 r3 ove rmy wireless interface. My attacking computer is a hp pavilion laptop with 2 gigs of ram, x64 processor, backtrack 5 r3, and my wireless card is a Atheros AR2425 with driver ath5k. My victim computer is a windows 7 serv pack 1 box with kasperski antivirus (turned off) and firewall down. I first modified my set_config file to set ETTERCAP=ON and the ETTERCAP_INTERFACE=wlan0. I then ran SET and chose >Social-Engineering Attacks>Website Attack Vectors>Java Applet Attack Method>Site Cloner>Nat/protforwarding NO>Ip addy for reverse connection"192.168.0.8">url to clone: http://www.google.com>Windows'>http://www.google.com>Windows Reverse_TCP Meterpreter>Backdoored Executable>Port 443>It tells me Arp Cache Poisoning is ON>Site to redirect: http://www.google.com>Says'>http://www.google.com>Says its launching attack,loads up metasploit and starts two listners. At this point when I browse to http://www.google.com on my victim computer using ie it simply loads the real google website. Now if I type my subnet ip for the attackign computer SET is hosting the server on it will take me to the fake page and the java applet will appear and work when clicked. My problem is it does not seem to be redirectiong traffic on my wifi network to the fake site when i try to go to the real one. I have tried doing this the old way as well and turning off ETTERCAP inside the SET_config file. I then would launch my fake site in SET and then edit the ETTER.dns file wif the website connect info and my attacker ip. This did not work either. I have also apt-get updated and upgraded backtrack, as well as msfupdate for metasploit and svn updates for set and ettercap. What could I be missing about getting Ettercap to redirect my network traffic? Thank you for your help and let me know if there is any more information you need to help you trouble shoot this issue!

I failed to install USB adapter to Backtrack, so I need professional help. I have BackTrack 5 R3 with VMware. I somehow installed driver for Atheros AE9271 but still when I type "iwconfig" I see only "eth0" and "lo". I'm using Alfa AWUS036NHA with Realtek AR9271 chipset.

Hey! Im new here! i was searching for a website where i can ask questions about backtrack , i found this !!!! Im also new to backtrack .. I saw some tutorials avout HOW TO HACK FB WITH BACKTRACK! i done the same as shown but when i tested the ip generated on other pc , i get to know that WEBPAGE IS NOT AVAILABLE!!! Please Help!! & im getting 127.0.0.1 as inet-ip When I open this in same pc it works! but not in other !!! !!!!!!!

Hello h5 comnity, I have several things in this situation and is a bit extensive and take serveral topics, I have a machine with this specs: Micro: Intel Core i7 930 OC 3.5gz MB: MSI X58pro E RAM: 24gb DDR3 1600mhz Drives: OCZ SSD 128gb for Main OS and adicional 3TB So here is the thing, I saw in a resent video to Mr.D auditing a wifi with cowpatty running 20k+ keys per seccond in a eee pc... well I runing a BT5r3 x64 as a guest in VB installed in Win8 x64 with all cores and 3d activated in the box but cowpatty is running only 1k of keys/secs.... And I wondering why is this? .... Other thing that I noticed is when the BT boot up my ALFA ans set [ifconfig wlan0 up] the card start to flicker like it has a lot of activity but does not... And the final issue I thinking in combine this items: ALFA AWUSO36H with Amped WA12, what do you think about this... Thanks any help with this

Dear friends, I write some program with Microsoft Visual C# and .NET. i want to encode this program...so i use the more crypts tools....but i have not a good result. the Antivirus are all times catch it.so finally i use the shikata_ga_nai tool. yes it is working well. The all antivirus are bypassing well.that's my command....... sudo cat /root/Desktop/test1.exe | msfencode -c 1 -e x86/shikata_ga_nai > /test2.exe but problem is : The program is not working........ I try is windows XP 32 bit and 64 bit OS.....but same problem...... The error massage is: " Program too big to fit into memory " how to fix this problems? that problem only with shikata_ga_nai tool......plz help me.....

I have tried few times to make shared folder in VMware/BackTrack but cannot make - mnt/hgfs folder in empty (in VMware shared folder in enabled and I have file inside it). VMware tools is installed. In Terminal: lsmod | grep vm -> vmw_balloon 12593 0 Is there foolproof tutorial to make shared folder in BackTrack? I use VMware 7 and BackTrack 5 R3.

The future of BackTrack http://www.backtrack-linux.org/backtrack/kali-a-teaser-into-the-future/

Just written up a quick tutorial on how to compile hostapd-1.0-karma on backtrack 5 r3 I'm by no means a expert, just been messing around with it. comments welcome! http://www.jhaos-theory.co.uk/?p=46

When I turned on a BT5r3 Gnome laptop today I couldn't login. I always login as root (b/c I like it, conventional wisdom be damned). After my pw failed about 10 times I was able to login as a non-root then su to root, which I had to do anyway to startx. That was weird. I've never had to do that before. Additionally, I now notice a NOTICE TO USERS that says something like "blah, blah, blah, the government and your employers are going to monitor you and your use means you agree to being spied on and if they catch you actually using the tools in here they are going to take you to the rape rooms". So my questions are: 1. Why do I have to login as non-root all the sudden? 2. Do you all see this NOTICE TO USERS (or whatever it says) message when logging in too? 3. How can I edit/delete that message because I don't like seeing it?

Last night I started putting together a module that allows you control virtual machines from the pineapple control center. Let me know if this is something that interests anyone. http://youtu.be/7QQEI1Univ0?hd=1

Hello fellas, Im trying to get Karma running on BT5R3. I download the binaries, but I'm getting this error after compiling and executing Karma: init_pcap: no suitable datalink decoder found. I'm using the Alfa AWUS036h adapter. Any idea?? Thanks p.s.: Ive found a tool called Katalina (http://code.google.com/p/katalina/), it claims to use/implement Karma, but Im not really sure about it,

In a nutshell - I start MDK and everything appears to be working as I expect to it. After a minute or two the client devices stop seeing the broadcasting device Its almost like the wifi adapter has been put in power saving mode but is not when I look. I can repeat this issue 100% of the time. Tried on various hosts with various wifi adapters. Same results each time. Thoughts?

Hello folks, Can;t seem to find an answer to this. I'm looking to to spend $250 max on a new netbook. I would like it to work with BT5 right out of the box, this includes packet injection, I would not like to buy a seperate card. Any suggestions? Experience? Can anyone recommened a decent one? Thanks in advance.

When I try to connect to my router wirelessly via wicd I get unable to get ip. I have an atheros ar980 wireless internal card. I've tried setting a static ip and had no luck. I've also tried connecting via the command prompt and still hasn't worked. I've tried a few other things from other forums ive checked out too but still couldn't connect. My password is correct I've tried the different wep options and it makes no difference still the same result. I'm guessing it's some sort of driver issue however im far from an expert when it comes to these things so if there is some sort of commands I need to type to get it to work or install a specific package. And if there is a package or driver needed is there a place I can download it now from my other os being windows and then retrieve it on backtrack somehow. Any help would be greatly appreciated. My wifi works fine when testing penetration on my own system in bt but it just won't connect via the manager. Cheers