How to install Backtrack and Metasploitable on Vmware - Metasploit

Hello guys,
Today I will show you how to install Backtrack 5 and Metasploitable-Linux on Vmware,
This Tutorial is just to get you guys ready to my Metasploit videos that I will release very soon.

First of all, you should download both Metasploitable-Linux (Our Target) and Backtrack 5 (Our attacker)

Download Backtrack for HERE
Download Metasploitable from HERE
Download VMWARE Player from HERE
When you download Backtrack, make sure you downloaded for 32-BIT Architecture.
I prefer KDE, which I will be using, and it always works on vmware. (GNOME give some graphics errors sometimes)

Backtrack Installation

After you download backtrack, open vmware, and click on "Create A New Virtual Machine"

Then check "Installer disc image file (.iso), and browse for your backtrack image file, and open it.

Now click on Next, and choose "Linux" as the Guest operating system, and "Ubuntu" as the virsion

Click on "Next", Choose a name for your OS, any name is OK!

Now click on "Next" again, now it's your turn, you choose what disk size you want for it, and then click on Next again, then you're done! UNLESS, you want to edit some of the settings, and CPU & RAM for your OS, you can do by clicking on "Customize Hardware"

Now Play your virtual machine, wait for it until it shows a terminal saying "root@bt:~#"

type "startx" and click enter.

You're done!

Metasploitable-Linux Installation

Metasploitable is a vulnerable OS, it has many vulnerabilities.. We will use that OS as a target to pwn it..

When you download Metasploitable, it will be downloaded as a .zip file, extract it, and you will see a file with the extension .vmx

All you have to do to install this OS, is to double click on it.. vmware will ask you if you you copied the virtual machine, or moved it, click on I moved it!

And you're done!

Hope you liked it! =)

Read More

How To Install Backtrack In An Android Device - The Easiest Way

Hello guys, today I'm going to show you the easiest way to install backtrack on an android device.
For this tutorial you need:

• Rooted android device
• Linux installer (Can be found on Google play)
• Zarchiver (Can be found on Google play)
• Busybox (Can be found on Google play)
• Android-VNC (Can be found on Google play)
• Terminal  Emulator (Can be found on Google play)

All of the programs mentioned above are free.

Ok, now let's start,

The first thing you need to do is install Busybox from Google play:

Install it, then open it when it's done, it will install some more things.

When it's done, install Linux Installer from Google Play:

Open Linux installer, then click on Install Guides from the list on your right hand side:

When you click that, you'll see a list of Linux distros, click on Backtrack and you will see a screen with steps on how to install it. Now click on the second page of those steps, you will get a page that looks like this:

Just click on "Download Image", and let it finish downloading.

While it's downloading, open Google play and install Terminal Emulator, and Zarchiver.

Terminal Emulator:

Zarchiver:

When it finishes downloading, open Zarchiver, and look for the ZIP file that you downloaded, and extraxt the image into a root folder called "backtrack", extract the image into an external memory card not the internal one.

Once it's done, open Linux Installer again, and click on launch, you'll get a screen that looks like this:

If it didn't recognize any distro, click on Setting > Edit then change the file path there to your backtrack image, the .img file that you extracted.

When it finally say "backtrack" on the drop down list, click "Start Linux" 

Terminal Emulator will open, you just have to proceed with the installation steps, ask you for a new password, and some preferences. When it's done you will get a red "root@localhost~#" like the picture bellow:

You are now in backtrack!

Now if you want backtrack in GUI, open Google play, and install Android VNC:

Open It when it finishes installing, and it will look like this:

Set to the same settings in the picture, but not the IP address, you can get your IP by opening backtrack terminal, in terminal emulator, and running "ifconfig" command:

Settings for VNC are,

Username: backtrack

Password: backtrac

IP: from the "ifconfig" command or just put 127.0.0.1 

Color Format: 24-bit

Now click connect, and boom! You'r in backtrack Desktop! ;)

When you finis using it, remember to disconnect VNC  AND exit backtrack in Terminal Emulator, else it will be taking your battery in the background.

And note that Ubuntu can be installed in the same exact way, just the username and password for VNC will change.

That's it guys, enjoy! :)

Read More

How To Search For Exploits Using Exploit-DB search BackTrack - Terminal

Hello guys,
In hacking we usually look for exploits to own the target, and today I'm going to show you how to look for exploits in Backtrack Inside your terminal!
What Many of us don't know, there is more than 15,000 exploits inside your backtrack written perl, ruby, python and more. But, today we'll learn how to search in those exploits easily, and faster than Googling!
When I use linux, I like to use the terminal for almost everything, and now, we will use it for exploit searching ;)
Lets start,

First of all open your terminal and type this command:

cd /pentest/exploits/exploitdb

as you can see, we have two files and a directory in that directory we entered. For now let's just focus on "searchsploit" file.
We will use this file to find the exploits on our PC, here is how to use it:

./searchsploit term1 term2 term3

what I mean in "term" is something that describes the exploit you're looking for, something that narrows down the search results to only the things you want.

For example, if you want an exploit for java inside windows, and we want the exploit to be DoS. Our command should look like this:

./searchsploit windows java dos

That .csv file contains all the names and paths of the exploits, and searchsploit try to find the right exploit for you
Easy, right?
Now you can change the terms and find the exploit you want.
Ok, so we get the exploit description, and a path...
As I mentioned before, there are two files, and one directory.. now we know what those two files do, it's the directory's turn now :P
that directory contains all of the exploits you need, and their paths.. so just enter, and copy the path to get it..
Let me show you an example.

We used the command:

./searchsploit windows java dos

and got some paths, here is how to get the exploits,

add "platforms" to the beginning of the path, for example
we got:

/windows/dos/11670.py

to read it use

cat platforms/windows/dos/11760.py

That's it you guys =)
Have fun, and happy pentesting!

Read More

How To Use Fast-Track | Fast Track Tutorial

Hello guys, Today I will show you how to use Fast-Track on Backtrack / Linux. Fast-Track is a tool used for exploiting. It uses other tools, to make pentesting a lot easier for us.
Fast-Track is available in three different forms,

• CLI
• Web
• Interactive

My favorite is WEB, because it's much easier to use, and this tutorial will be based on it as well.

There are many things that Fast-Track can do, but in this tutorial, I will just generate a payload just to give you a general idea on how Fast-Track is used.

The first thing you need to do is, Open your 

menu > BackTrack > Exploitation Tools > Network Exploitation Tools > Fast-Track > fastrack-web

or if You want to use your terminal, Open your terminal and type the following commands:

cd /pentest/exploits/fasttrack

and then

./fast-track.py -g

you should get output like this:

now open your browser, and open this:

http://127.0.0.1:44444

you should get a Fast-Track page, it looks something like this:

That's basically 50% of our job! Now all we have to do is choose the option, and fill in the input that it needs, or choose the number of your option in the terminal!
Alright, Now lets see an example of using it, we will generate a metasploit payload using Fast-Track. Follow me!

First thing you need to do is click on Payload Generator from the list on the left:

Now Fast-Track will provide you with a little description about the option you chose, and some fields that you need to fill (no all the time).

Now click on launch, a terminal should pop-up and show you some options that you need to choose from, just enter the number of the option and click enter.

Look at the pictures:

I chose Windows Shell Reverse_TCP which is option number "1"

in this picture I also chose option number "1" which was "avoid_utf8_tolower"

In this step it is asking for the IP of the attacker, just enter your IP address. You can find your IP address using the command "ifconfig" and then enter the PORT

And the last step, it will ask you if you want to start a listener, I answered with "yes"

Thats it! Now look in the directory that contains fast-track.py, you will find your payload there! =)

See how easy it is? Now you just have to brows and check all the different options you have!

Thank you for reading! =)

Read More

ASCII Art Generators Linux | Backtrack

Hello again guys, today I'm going to show you how to generate ASCII Art in your Linux terminal. Things like this:                 

and even more!

Read More

How To Scan A Website For Vulnerabilities Using BackTrack - Uniscan

Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server.
In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning.
First of all, open your terminal and type this command:

cd /pentest/web/uniscan && ./uniscan.pl

Read More

How To Get All Subdomains Of A Website and Bypass Cloudflare Protection

Hello guys :)
Today I have a new video tutorial for you :)
I will show you how to get all the subdomains of a target, with their IP's which will allow us to bypass cloudflare protection sometimes :)
Hope you enjoy this video :)

Read More

Buffer Over Flow Exploition

Hello guys,
Today I have a video tutorial made by my friend SOG aka Soldier Of God which he explains how to exploit buffer over flow vulnerabilities. I've watched this video and it really useful for newbies :)
Enjoy the video!

Read More

Linux Fun Trick #1

Hello guys, Today I'm going to show you a trick made by me, just for fun :)
I will be posting some fun tricks on linux later on, this will be the first one :)
so what this trick do is when you type "whoami" in linux it will answer you with your user.
in this trick you will be able to ask "whothefuckami" and your PC will answer you "you are motherfucking USER" where USER = your user on that PC. here are two examples where user is root, and "retz" (Retz is RetnOHacK my friend)

On Backtrack:

Read More

How To Make Linux GNOME Look Like Windows XP

Hello guys, today I'm going to show you how to make your linux look like windows with just one click!
this trick first appeared in GnackTrack OS to make social engineering easier, because people will totally think that its just a normal windows XP working here.
Now the same guy who made GnackTrack released the script for all the Distros out there. It says it's for backtrack, but I've tried it on a simple Ubuntu and it worked. you just have to run it as root else you won't see your old linux look again! xD

Read More

Tips To Improve Backtrack

Hello everyone
as many people say "backtrack is hard to use" or "backtrack is not for daily use", but today I'm going to give you some tips to make backtrack perfect for your daily use, even KDE (which is harder to use than GNOME )

Read More