Tor allows you to anonymity online. It protects your privacy and defend yourself against network surveillance and traffic analysis.
The setup of Tor is very complicated and sometimes you will fail to make it to work. The most easy way is to download Tor Browser. However, it has some limitations and the main problem is that it is for web browsing only.
The drawback of using Tor is the speed. It is quite slow as the traffic passes a lot of nodes in order to hide your IP address and traffic. Your IP will be changed every 10 minutes. The IP is not belonged to your home country.
Learn more about Tor.
I created a Torified Ubuntu VPN Server in order to overcome some limitations of Tor but except the speed. It is still under heavy development. The final product will be released soon.
Update
NightHawk - Torified Ubuntu VPN Server is released on August 3, 2012. You can download it at official site.
NightHawk in Action
Installation and Configuration
That's all! See you.
Tuesday, July 31, 2012
Sunday, July 29, 2012
The Corrs - Full acoustic concert
00:23 Only When I sleep
04:55 What Can I do?
09:48 -Radio
14:25 Toss The Feathers
17:56 Everybody Hurts
23:50 Dreams
27:48 Runaway
32:40 Forgiven, Not Forgotten
38:00 At Your Side
43:00 Little Wing
48:00 No Frontiers
52:48 Queen of Hollywood
57:40 Old Town
1:01:00 Lough Erin Shore
1:05:38 So Young
The Corrs - What Can I Do
Lyrics
I haven't slept at all in days
It's been so long since we've talked
And I have been here many times
I just don't know what I'm doing wrong
What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there
There's only so much I can take
And I just got to let it go
And who knows I might feel better
If I don't try and I don't hope
What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there
No more waiting, no more aching
No more fighting, no more trying
Maybe there's nothing more to say
And in a funny way I'm calm
Because the power is not mine
I'm just gonna let it fly
What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there
Love me
Saturday, July 28, 2012
VEGA - Web application vulnerabilites scanner
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
That's all! See you.
That's all! See you.
Get Windows systems password without hash decyption
Almost all the Windows system versions are affected. The following video is not made by me and it shows you how.
That's all! See you.
That's all! See you.
Friday, July 27, 2012
Why you need to learn hacking skills?
System Administrator and Programmer can be an Ethical Hacker too, not just only Penetration Tester.
Ethical Hackers and Hackers are speaking the same language, using the same tools and playing the same game.
Learn to hire a thief to try to steal something but don't hire a cop.
That's all! See you.
Ethical Hackers and Hackers are speaking the same language, using the same tools and playing the same game.
Learn to hire a thief to try to steal something but don't hire a cop.
That's all! See you.
Wednesday, July 25, 2012
Enterprise WiFi Worms, Backdoors and Botnets for fun & profit
Windows 7 has a feature to create a Wifi access point on your laptop. Hackers will take advantage this feature to leverage to compromise your networks by mean of worms and/or backdoors with social engineering technique to build a botnet.
Vivek Ramachandran is going to show you the concept and how it works.
That's all! See you.
Vivek Ramachandran is going to show you the concept and how it works.
That's all! See you.
Saturday, July 21, 2012
Revolution OS
What is GNU? What is Open Source? What is Linux and how it grows?
Want to know? Just watch this video.
That's all! See you.
Want to know? Just watch this video.
That's all! See you.
Web Warriors
This is another a little bit out-dated video (around the year of 2003) that worth to watch.
This video is talking about virus and the damage. The victims are almost Windows systems. The video also talking about botnets and DDoS. They also think that some powerful virus are created by China.
By the way, this video also introduces what is Black Hat, Grey Hat and White Hat.
That's all! See you.
This video is talking about virus and the damage. The victims are almost Windows systems. The video also talking about botnets and DDoS. They also think that some powerful virus are created by China.
By the way, this video also introduces what is Black Hat, Grey Hat and White Hat.
That's all! See you.
Hackers : Outlaws and Angels
This an inside story about hackers on the both sides - outlaws and angels which is talking about hackers (White Hat and Black Hat). It is a bit out-dated (around the year of 2002) but it is still worth to watch, in my opinion.
Hacking means finding out weaknesses in a computer or computer network, though the term can also refer to someone with an advanced understanding of computers and computer networks. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community. While other uses of the word hacker exist that are not related to computer security, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker, not making a difference between computer criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.
"Learn to hire a thief to try to steal something, don't hire a cop." (at 16:50)
"The battle between the angels and outlaws seem sat to continue. But hackers on the both sides know that like many conflicts, they between both of the people speak the same language, use the same tools and play the same game." (at 47:58)
That's all! See you.
Hacking means finding out weaknesses in a computer or computer network, though the term can also refer to someone with an advanced understanding of computers and computer networks. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. The subculture that has evolved around hackers is often referred to as the computer underground but it is now an open community. While other uses of the word hacker exist that are not related to computer security, they are rarely used in mainstream context. They are subject to the long standing hacker definition controversy about the true meaning of the term hacker. In this controversy, the term hacker is reclaimed by computer programmers who argue that someone breaking into computers is better called a cracker, not making a difference between computer criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that they also deserve the title hacker, and that only black hats should be called crackers.
"Learn to hire a thief to try to steal something, don't hire a cop." (at 16:50)
"The battle between the angels and outlaws seem sat to continue. But hackers on the both sides know that like many conflicts, they between both of the people speak the same language, use the same tools and play the same game." (at 47:58)
That's all! See you.
Friday, July 06, 2012
NEWS : Latest message from LulzSec
I think someone out there should heard about LulzSec.
The below statement is copied from Wikipedia :
"Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline."
The following is believed to be the latest message from LulzSec :
LulzSec: All your base are belong to us
Just for information. Nothing else.
That's all! See you.
The below statement is copied from Wikipedia :
"Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claimed responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline."
The following is believed to be the latest message from LulzSec :
LulzSec: All your base are belong to us
Just for information. Nothing else.
That's all! See you.
Saturday, June 30, 2012
HOWTO : Protect you from being ARP spoofing
Updated on Dec 4, 2014.
ARP spoofing is a kind of Man-in-the-Middle (MiTM) attack and it affects the machines in the subnet.
Who will affected? Almost all. Free wifi connection even it is encrypted by WPA/WPA2. Your local network. The machines inside a subnet.
How about using SSL and SSH as well as VPNs? No, those cannot protect you from being attacked by ARP spoofing. Even a switch cannot protect you from being attacked. Please refer to this presentation.
ARP security often ignored and nobody cares about lower layer security nowadays. ARP attacks are real threat with high impact.
How can I protect myself from being attacked? Yes, you can. The following tools will alert you when the attack is taking place.
If you are Linux users, you can use ArpON. If you are Windows users, you can use XARP - Advanced ARP Spoofing Detection.
For Ubuntu or Debian users, you can install it by the instruction at ArpON on Kali Linux 1.0.9a.
If you are Mac OS X users, you can useARP Guard. ArpON on Mac OS X Yosemite 10.10.1
If you are Android users, you can use WiFi ARP Guard.
ArpON for Linux can protect you from the attacks and the others are just alert you for the attacks only.In addition, ARP Guard costs money while the others are free of charge.
Or, if you do not want to install the captioned software and your router can set static ARP, do it and your subnet is protected upon set.
Please note that ARP Guard for Mac OS does not do the job well. It cannot detect any ARP spoofing when I test it on Mac OS X 10.10.1.
There is another way to protect your from ARP spoofing attack if you are a Linux user and do not want to install the captioned software. You can follow the instructions in the following video which was created by xiedi01 :
Want to see a demo how ARP spoofing works? Yes, the demo is by Hak5 and it starts at 07:24 for the first demo.
The following demo is conducted under Back|Track 5 R2 by MasterButcher68.
There are some tools that make this attack automatically and the attackers requires no skill to do so. Even a script kiddies can handle it. The following is one of the tools, namely YAMAS - Yet Another Man in The Middle Automation Script.
That's all! See you.
ARP spoofing is a kind of Man-in-the-Middle (MiTM) attack and it affects the machines in the subnet.
Who will affected? Almost all. Free wifi connection even it is encrypted by WPA/WPA2. Your local network. The machines inside a subnet.
How about using SSL and SSH as well as VPNs? No, those cannot protect you from being attacked by ARP spoofing. Even a switch cannot protect you from being attacked. Please refer to this presentation.
ARP security often ignored and nobody cares about lower layer security nowadays. ARP attacks are real threat with high impact.
How can I protect myself from being attacked? Yes, you can. The following tools will alert you when the attack is taking place.
If you are Linux users, you can use ArpON. If you are Windows users, you can use XARP - Advanced ARP Spoofing Detection.
For Ubuntu or Debian users, you can install it by the instruction at ArpON on Kali Linux 1.0.9a.
If you are Mac OS X users, you can use
If you are Android users, you can use WiFi ARP Guard.
ArpON for Linux can protect you from the attacks and the others are just alert you for the attacks only.
Or, if you do not want to install the captioned software and your router can set static ARP, do it and your subnet is protected upon set.
Please note that ARP Guard for Mac OS does not do the job well. It cannot detect any ARP spoofing when I test it on Mac OS X 10.10.1.
There is another way to protect your from ARP spoofing attack if you are a Linux user and do not want to install the captioned software. You can follow the instructions in the following video which was created by xiedi01 :
Want to see a demo how ARP spoofing works? Yes, the demo is by Hak5 and it starts at 07:24 for the first demo.
The following demo is conducted under Back|Track 5 R2 by MasterButcher68.
There are some tools that make this attack automatically and the attackers requires no skill to do so. Even a script kiddies can handle it. The following is one of the tools, namely YAMAS - Yet Another Man in The Middle Automation Script.
That's all! See you.
Tuesday, June 19, 2012
HOWTO : BackTrack 5 R2 on Intel X79 Express and nVidia display cards (The better way)
Uninstall the manual installed driver
Previous HOWTO is here.
If you followed the previous HOWTO to install the nVidia driver, you can uninstall it by the following command :
The better way to install nVidia driver
Step 1 :
Step 2 :
Reboot your system.
After reboot, you issue the following command :
Then, reboot your system again.
If you install the nVidia driver this way, you are not required to reinstall the driver after the kernel is updated.
You can follow the other parts of tutorial in the previous HOWTO for sample code of CUDA and Pyrit.
That's all! See you.
Previous HOWTO is here.
If you followed the previous HOWTO to install the nVidia driver, you can uninstall it by the following command :
./NVIDIA-Linux-x86-295.20.run --uninstallThe better way to install nVidia driver
Step 1 :
add-apt-repository ppa:ubuntu-x-swat/x-updatesapt-get updateapt-get install nvidia-current nvidia-current-modaliases nvidia-settingsStep 2 :
Reboot your system.
After reboot, you issue the following command :
nvidia-xconfigsplash-fixThen, reboot your system again.
If you install the nVidia driver this way, you are not required to reinstall the driver after the kernel is updated.
You can follow the other parts of tutorial in the previous HOWTO for sample code of CUDA and Pyrit.
That's all! See you.
Wednesday, June 06, 2012
HOWTO : VPN (PPTP) on BackTrack 5 R2
Step 1 :
Step 2 :
Delete all entries but left the first two lines behind.
Step 3 :
Step 4 :
Append "
apt-get update
apt-get dist-upgradeapt-get install network-manager-gnome network-manager-pptpStep 2 :
cp /etc/network/interfaces /etc/network/interfaces.baknano /etc/network/interfacesDelete all entries but left the first two lines behind.
auto lo
iface lo inet loopbackStep 3 :
service network-manager startStep 4 :
System >> Startup Applications >> Network ManagerAppend "
&" on the end of the Command. It will be looked like this :nm-applet --sm-disable &
Make sure Start dhclient is enabled in the menu of Startup Applications.
Reboot the system and then configure your VPN (PPTP) as usual.
Make sure Advanced >> Use Point-to-Point encryption (MPPE) is enabled in the Configuration of PPTP.
That's all! See you.
Tuesday, May 22, 2012
HOWTO : Flash-Aid 2.2.3 for Ubuntu
Do you encounter blue faces or wrong colour displayed on the YouTube videos on your Ubuntu 12.04 box? If yes, I recommend you to install Flash-Aid which can solve the problem.
Open your Firefox and go to here to install the plugin. Once the plugin is installed, you can click on the icon on the right top hand corner to install the correct Flash.
The official wording of Flash-Aid :
Remove conflicting flash plugins from Ubuntu/Debian Linux systems, install the appropriate version according to system architecture and apply some tweaks to improve performance and fix common issues.
That's all! See you.
UPDATED on May 23, 2012 :
Open your Firefox and go to here to install the plugin. Once the plugin is installed, you can click on the icon on the right top hand corner to install the correct Flash.
The official wording of Flash-Aid :
Remove conflicting flash plugins from Ubuntu/Debian Linux systems, install the appropriate version according to system architecture and apply some tweaks to improve performance and fix common issues.
That's all! See you.
UPDATED on May 23, 2012 :
If your problem is still there and you have nVidia display card with "libvdpau1" installed, you should follow the steps below to solve the problem.
sudo add-apt-repository ppa:tikhonov/misc
sudo apt-get update
sudo apt-get install libvdpau1This solution is workable on Ubuntu 12.04 LTS with flashplugin-installer 11.2.202.235ubuntu0.12.04.1 but not with Flash-Aid 2.2.3.
HOWTO : Cracking WPA/WPA2 without dictionary
This video is not created by me. It is created by Kardipapa. The original video is here.
I upload here for my reference only.
I upload here for my reference only.
That's all! See you.
UPDATED on May 22, 2012 :The following links are my Proof of Concept (PoC) that written on April 16, 2010 and May 22, 2011 respectively. Kardipapa confirmed my Proof of Concept is workable.
Using John the Ripper (which is written by me on April 16, 2010 for my Proof of Concept) :
HOWTO : Crack WPA/WPA2-PSK with John the RipperUsing Crunch and Pyrit (which is written by me on May 22, 2011 for my Proof of Concept) :
HOWTO : WPA/WPA2 cracking with Back|Track 5
HOWTO : Scapy 2.2.0 on Ubuntu 12.04 LTS
To install Scapy
To run Scapy interactively
The scapy shell will be displayed :
To quit Scapy
That's all! See you.
sudo apt-get update
sudo apt-get install python-scapy python-pyx python-gnuplotTo run Scapy interactively
sudo scapyThe scapy shell will be displayed :
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>>To quit Scapy
>>>quit()
That's all! See you.
Tuesday, May 01, 2012
HOWTO : VulnImage (Manual & Automated)
These videos are not created by me, they are created by g0tmi1k. Please credit to him.
The amazing method is Manual and you can find the original post at here. It is talking about exploit development on the fly.
The automated method is here.
You can download the VulnImage at here.
Manual Method
Automated Method
That's all! See you.
HOWTO : Kioptrix 4 (Level 1.3)
The following videos are not created by me. They are created by one of my mentors, g0tmi1k. I re-post here for reference. Please credit to g0tmi1k.
To get Kioptrix 4 (Level 1.3) at here.
To find some hints and solutions, please refer to g0tmi1k's blog at here
g0tmi1k find three different ways to compromise the Kioptrix, here you are (Enjoy!!!) :
SQL Injection
Local File Inclusion
Limited Shell
That's all! See you.
Wednesday, April 11, 2012
Undetectable Trojan on Windows 7 SP1 and AVG Anti-Virus Free Edition 2012
Maybe someone out there think that their systems are safe when anti-virus programs are installed and the firewall is enabled. However, it is not true.
This video is to proof that anti-virus program and firewall can be bypassed. This video is going to WARN you all NOT to download any pirate software and cracked software as well as NOT to download any software from any untrusted source.
The technique used in the video can be used in any file format, such as video, pdf, photo/picture, audio and executable file.
About the video
The demo Windows 7 SP1 in the video is in default settings upon installed.
- Windows 7 SP1 is fully updated as on April 11, 2012.
- AVG Anti-Virus Free Edition 2012 is installed and fully updated as on April 11, 2012.
- UAC is set to default on Windows 7 SP1.
- Firewall is enabled and no extra program is allowed (default settings).
- AVG Anti-Virus Free Edition 2012 has no whitelist set
As a result, the Trojan Injected PuTTY program is undetected by AVG Anti-Virus program and UAC/Defender on Windows 7 SP1 as well as firewall.
That's all! See you.
This video is to proof that anti-virus program and firewall can be bypassed. This video is going to WARN you all NOT to download any pirate software and cracked software as well as NOT to download any software from any untrusted source.
The technique used in the video can be used in any file format, such as video, pdf, photo/picture, audio and executable file.
About the video
The demo Windows 7 SP1 in the video is in default settings upon installed.
- Windows 7 SP1 is fully updated as on April 11, 2012.
- AVG Anti-Virus Free Edition 2012 is installed and fully updated as on April 11, 2012.
- UAC is set to default on Windows 7 SP1.
- Firewall is enabled and no extra program is allowed (default settings).
- AVG Anti-Virus Free Edition 2012 has no whitelist set
As a result, the Trojan Injected PuTTY program is undetected by AVG Anti-Virus program and UAC/Defender on Windows 7 SP1 as well as firewall.
That's all! See you.
Subscribe to:
Posts (Atom)