Website Copier

HTTrack can be used to download any paid Website Templates, How to use HTTrack with an example is explained below, so enjoy your favorite template without paying any penny.

Installing HTTrack

Below is an Example, How to use HTTrack

Hack Web Applications by Intercepting HTTP request/response using WebScarab

Hello Friends,

Today we will understand how we can intercept the HTTP request we send to a website and how we can analyse the response header.For this purpose we will use WebScarab which you can download by searching it on google.

After you have installed the setup you will first have to set your browser so that WebScarab can intercept the request and response.
I am taking the example of Firefox here. Go to options > Advanced > Network > Settings > Then select the Manual Proxy configuration and enter the following values.
HTTP proxy – 127.0.0.1 and port – 8008
This sets the webscarab to intercept the request by acting as a localhost proxy .

Now you start your webScarab by clicking on the icon.
The screen will appear wired and somthing like as shown in the figure. Click on the figure to enlarge it .
In the intercept tab , select “Intercept request” and in the left hand side menu select “Get” and “Post” options .
This makes your webScarab completely ready to intercept the HTTP Get and post requests .Now in your browser type any url , for e.g , google.com and you will get a window that will show the intercepted HTTP Get request. Now if you click on the “Intercept Response” button then it will also intercept the response that is coming back to the browser from the google server.

You can use this technique to analyse the the various request and response headers and let me tell you this can be very very deadly . If you are able to make the right moves and changes in the Headers then you can easily modify the headers to send invalid valuse to the servers .
In the main window of the webScarab , the “Summary” tab shows you the details of all the intercepted requests and response.This is a short tutorial on webScarab that will give you a basic understanding of how to use webscarab to intercept the HTTP values and analyse them > Rest is upto you how far you can take it .

Top 15 Security/Hacking Tools & Utilities

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here

2. Nessus Remote (Security Scanner)

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here

3. John the Ripper

Yes, JTR 1.7 was recently released!

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

4. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

5. SuperScan

Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.

If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.

Get SuperScan Here

6. p0f

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:

– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.

Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

7. Wireshark (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here.

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4x0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here.

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.

Get LCP Here

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

  • Verify that your network is set up the way you intended.
  • Find locations with poor coverage in your WLAN.
  • Detect other networks that may be causing interference on your network.
  • Detect unauthorized “rogue” access points in your workplace.
  • Help aim directional antennas for long-haul WLAN links.
  • Use it recreationally for WarDriving.

Get NetStumbler Here

15. hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Get hping Here

SHODAN Search Engine for Hackers

A new search engine has been introduced named ‘SHODAN’ that help u search various information using filters.Many people describe it as a public port scanner.Following things could be searched for:
• country: 2-letter country code
• hostname: full or partial host name
• net: IP range using CIDR notation (ex: 18.7.7.0/24 )
• port: 21, 22, 23 or 80
This is a great search engine that provides very useful information about a target.
To visit shodan click the below link:
http://www.shodanhq.com/

The ZIP of Death

This is a exploit of the compression algorithms to make a small zip that will extract into extream amounts their are more ways and better ones than this one but i will only show how to make a simple 1k = 1m ratio.

1) Make a.txt file

2) Open and type the null character (alt + 255)

3) Press ctrl + a then ctrl + v a couple times to make some null bytes

4) If u have a hexeditor make the hex 00 for about 50 kilobytes.

5) Now make several copies of a.txt and name accordinly

6) Open cmd.exe

7) Type copy /b *.txt b.txt

8 ) Now every copy is made into a super copy and repeat

9) Once you have a nice empty big text file like 1gb. Put it in a zip archive.
Because of the simple construction of the file, 1gb of null bytes…..!

The zip is only 1 mb in size and can really annoy freinds.
For added fun hex edit the zip and you will see a bunch of hex 5555

Just add some more and the file will expand amazingly

Make sure to not open this after

You can always create your zip of death from the command line in linux
dd if=/dev/zero bs=1000 count=1000000 | gzip > test.gz

Hacking Network Password

Read Legal Disclaimer Before Continue This Post

I am going to tell you how password is being sniffed in a windows network. When you are in a wifi connection or in a LAN network. If you login to a website which does not support ssl then your username and password can be sniffed.

As when you enter username and password on your login page. It being send to router in clear text as no SSL( Secure Socket Layer) Secure Socket Layer is being used.  So it can be sniffed by software like Cain & Abel.

First turn OFF your window firewall -> Control Panel –> Security Center –> Manage Settings for —> Windows Firewall (Turn It Off)

1. Download, install and run Cain & Abel at http://www.oxid.it/cain.html

2. Click “Configure” in the top bar.

3. In the “Sniffer” tab, click the adapter which is connected to the network to be sniffed, then Click “Apply”, then “OK”.

4. Click the “Sniffer” tab in the main window.

5. Click the network card in the top bar (2nd icon from the left).

6. Click the “+” button in the top bar.

Select “All hosts in my subnet”, click “OK”. Entries should appear in the main window under the “IP address”, “MAC address” and “OUI fingerprint” headings.

7. From the “Sniffer” tab, click “APR” in the bottom tab.

8. Click the top right pane in the main window. Click the “+” button in the top bar.

9. Click on the router in the left pane. The router is generally the entry which has the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right pane. Click “OK”.

10. Click the ARP icon in the top bar (3rd icon from the left). Wait until other users have logged into websites on other computers. Depending on the size of the network and the traffic which this network receives, this can range from minutes to hours.

After some time has passed, click “Passwords” in the bottom tab.

11. In the left pane, select the bolded entries. The right pane should show the time, server, username, password (in plaintext) and site accessed.

Close All Programs With One Click

Close All Open Programs With One Click : Close All

You are in front of your office PC having 20-30 windows open and everything messed up… You are called for an emergency… Urghh…What to do now?? Use Close All.

This tiny tool helps you to close all running applications with one click. It does not use system resources because it only flashes a “close” signal to all open windows on the desktop and then ceases. Just place a shortcut to the tool in the Start Menu, Quick Launch or elsewhere.

You can always add a hotkey to this shortcut. It is really very handy if you are running ~20 applications and want them all to quit instantly. It works just as if you were pressing the close button for each application.

Click to download this tool :-

http://www.ntwind.com/download/CloseAll.zip