A Penetration Attack Reconstructed
A Quick and Dirty Intro to Nessus using the Auditor Boot CD!
Adding Modules to a Slax or Backtrack Live CD from Windows
Airplay replay attack – no wireless client required
Anonym.OS LiveCD with build in Tor Onion routing and Privoxy
BackTrack LiveCD to HD Installation Instruction Video
Basic Nmap Usage!
Basic Tools for Wardriving!
Bluesnarfer attack tool demonstration
Bluesnarfing a Nokia 6310i hand set
Breaking WEP in 10 minutes
Cain to ARP poison and sniff passwords!
Complete Hacking Video using Metasploit – Meterpreter
Cracking a 128 bit WEP key (Auditor)
Cracking a 128 Bit Wep key entering the cridentials
Cracking Syskey and the SAM on Windows Using Samdump2 and John!
Cracking Windows Passwords with BackTrack and the Online Rainbow Tables at Plain-Text!
Cracking WPA Networks (Auditor)
DoS attack against Windows FTP Server – DoS
Droop s Box Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup and Other Tools!
Exploiting some bugs of tools used in Windows
Exploiting weaknesses of PPTP VPN (Auditor)
Finding Rogue SMB File Shares On Your Network!
Fun with Ettercap Filters!
How to crack the local windows passwords in the SAM database
How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor)
How to sniff around switches using Arpspoof and Ngrep!
Install VNC Remotely!
Internet Explorer Remote Command Execution Exploit (CMDExe) Client Side Attack (Hi-Res)
Internet Explorer Remote Command Execution Exploit (CMDExe) Client Side Attack (Lo-Res)
John The Ripper 1.7 password cracker Installation Instruction Video
Local Password Cracking Presentation for the Indiana Higher Education Cybersecurity Summit 2005!
MAC Bridging with Windows XP and Sniffing!
Mass De-Authentication using void11 (Auditor)
Metasploit Flash Tutorial!
MITM Hijacking
Nmap Video Tutorial 2 Port Scan Boogaloo!
Sniffing logins and passwords
Sniffing Remote Router Traffic via GRE Tunnels (Hi-Res)
Sniffing Remote Router Traffic via GRE Tunnels (Lo-Res)
Sniffing VoIP Using Cain!
Snort Instruction video – howto install into backtrack
SSH Dynamic Port Forwarding!
Start a session and get interactive commandline access to a remote Windows box!
Telnet Bruteforce
Tunneling Exploits through SSH
Use Brutus to crack a box running telnet!
Using NetworkActiv to sniff webpages on a Wi-Fi network!
WEP Cracking using Aireplay v2.2 Beta 7 (Whax 3.0)
WMF File Code Execution Vulnerability With Metasploit!
WPA Cracking using Aireplay v2.2 Beta 7 (Whax 3.0)


Hotfile
http://hotfile.com/dl/76309040/b6f221d/52.Hacking.Videos.part1.rar.html
http://hotfile.com/dl/76317574/3f8083a/52.Hacking.Videos.part2.rar.html
http://hotfile.com/dl/76321202/35839cc/52.Hacking.Videos.part3.rar.html
http://hotfile.com/dl/76336369/2421a23/52.Hacking.Videos.part4.rar.html
http://hotfile.com/dl/76337428/ce1be69/52.Hacking.Videos.part5.rar.html
http://hotfile.com/dl/76307349/e038283/52.Hacking.Videos.part6.rar.html

Fast-forward to last summer, when the first of the latest generation of WEP cracking tools appeared. This current generation uses a combination of statistical techniques focused on unique IVs captured and brute-force dictionary attacks to break 128 bit WEP keys in minutes instead of hours. As Special Agent Bickers noted, “It doesn’t matter if you use 128 bit WEP keys, you are vulnerable!”


WEP Hacking – The Next Generation
WEP is an encryption scheme, based on the RC-4 cipher, that is available on all 802.11a, b and g wireless products. WEP uses a set of bits called a key to scramble information in the data frames as it leaves the access point or client adapter and the scrambled message is then decrypted by the receiver.
Both sides must have the same WEP key, which is usually a total of 64 or 128 bits long. A semi-random 24 bit number called an Initialization Vector (IV), is part of the key, so a 64 bit WEP key actually contains only 40 bits of “strong”encryption while a 128 bit key has 104. The IV is placed in encrypted frame’s header, and is transmitted in plain text.

Traditionally, crac*ing WEP keys has been a slow and boring process. An attacker would have to capture hundreds of thousands or millions of packets?a process that could take hours or even days, depending on the volume of traffic passing over the wireless network. After enough packets were captured, a WEP crac*ing program such as Aircrac* would be used to find the WEP key.

Fast-forward to last summer, when the first of the latest generation of WEP cracking tools appeared. This current generation uses a combination of statistical techniques focused on unique IVs captured and brute-force dictionary attacks to break 128 bit WEP keys in minutes instead of hours. As Special Agent Bickers noted, “It doesn’t matter if you use 128 bit WEP keys, you are vulnerable!”

Basic Directions:
1)Boot from cd
2)get the wep key
3)write it down
4)reboot into windows
5)connect using wep key.


Hotfile
http://hotfile.com/dl/23372418/ead51d0/Live_CD_-_Wireless_hacking.part1.rar.html
http://hotfile.com/dl/23372920/a56a314/Live_CD_-_Wireless_hacking.part2.rar.html
http://hotfile.com/dl/23373371/7ccea03/Live_CD_-_Wireless_hacking.part3.rar.html
http://hotfile.com/dl/23373941/633285a/Live_CD_-_Wireless_hacking.part4.rar.html
http://hotfile.com/dl/23374483/8a83a18/Live_CD_-_Wireless_hacking.part5.rar.html
http://hotfile.com/dl/23374845/7c0a5ae/Live_CD_-_Wireless_hacking.part6.rar.html

Organizations with computer networks, Web sites, and employees carrying laptops and Blackberries face an array of security challenges. Among other things, they need to keep unauthorized people out of the network, thwart Web site hackers, and keep data safe from prying eyes or criminal hands.

This book provides a high-level overview of these challenges and more. But it is not for the hard-core IT security engineer who works full time on networks. Instead, it is aimed at the nontechnical executive with responsibility for ensuring that information and assets stay safe and private. Written by a practicing information security officer, Philip Alexander, the book contains the latest information and arms readers with the knowledge they need to make better business decisions.

http://hotfile.com/dl/92273677/8a5cec3/Information.Security.rar_tutotraining.com.html

Ethical Hacking and Penetration Testing
Security 101
Hacking Hall of Fame
What are Today’s hackers Like?
Today’s Hackers
Risk Management
Evolution of Threats
Typical Vulnerability Life Cycle
What is Ethical Hacking?
Rise of the Ethical Hacker
Types of Security Test
Penetration Test (Pen-test)
Red Teams
Testing Methodology
VMWare Workstation
Windows and Linux Running VMWare
Linux Is a Must
Linux Survival Skills
Useful vi Editor Commands
Module 1 Review

Footprinting and Reconnaissance
Desired Information
Find Information by the Target (Edgar)
terraserver.microsoft.com
Network Reconnaissance & DNS Search
Query Whois Databases
Command-Line Whois Searches
ARIN whois: Search IP Address Blocks
SamSpade Tool and Website
Internet Presence
Look Through Source Code
Mirror Website
Find Specific Types of Systems
Big Brother
AltaVista
Specific Data Being Available?
Anonymizers
Countermeasures to Information Leakage
Social Engineering
DNS Zone Transfer
Nslookup command-line utility
Zone Transfer from Linux
Automated Zone Transfers
Zone Transfer Countermeasures
CheckDNS.net
Tracing Out a Network Path
tracert Output
Free Tools
Paratrace
War Dialing for Hanging Modems
Manual and Automated War Dialing
Case Study
guidedogs.com
Footprinting Countermeasures
Demo – Footprinting & Info Gathering


Download-Hotfile

http://hotfile.com/dl/92740859/738b0b2/07-041-12-2k10.part1.rar.html
http://hotfile.com/dl/92741044/fe11bbd/07-041-12-2k10.part2.rar.html
http://hotfile.com/dl/92741247/5a709e8/07-041-12-2k10.part3.rar.html
http://hotfile.com/dl/92741258/b127a95/07-041-12-2k10.part4.rar.html

Download-Uploading

http://uploading.com/files/332899d2/07-041-12-2k10.part1.rar/
http://uploading.com/files/b91d6333/07-041-12-2k10.part2.rar/
http://uploading.com/files/f4c7b26d/07-041-12-2k10.part3.rar/
http://uploading.com/files/b6171414/07-041-12-2k10.part4.rar/

Download-Filesonic

http://www.filesonic.com/file/49124230/07-041-12-2k10.part1.rar
http://www.filesonic.com/file/49124238/07-041-12-2k10.part2.rar
http://www.filesonic.com/file/49124198/07-041-12-2k10.part3.rar
http://www.filesonic.com/file/49123852/07-041-12-2k10.part4.rar

Download-Fileserve

http://www.fileserve.com/file/VzqbejS
http://www.fileserve.com/file/ygah38u
http://www.fileserve.com/file/QAHSKNs
http://www.fileserve.com/file/h9aWn3t

                           Scanning and enumeration are the first phases of hacking and involve the hacker locating target systems or networks. Enumeration is the follow-on step once scanning is complete and is used to identify computer names, usernames, and shares.

During scanning, the hacker continues to gather information regarding the network and its
individual host systems. Data such as IP addresses, operating system, services, and installed
applications can help the hacker decide which type of exploit to use in hacking a system.
Scanning is the process of locating systems that are alive and responding on the network. Ethical
hackers use it to identify target systems’ IP addresses.

Scanning Type                                     Purpose


Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. For example, a port-scanning tool that identifies port 80 as open indicates a web server is running on that system.

Network scanning is a procedure for identifying active hosts on a network, either to attack them or as a network security assessment. Hosts are identified by their individual IP addresses. Network-scanning tools attempt to identify all the live or responding hosts on the network and their corresponding IP addresses.

Vulnerability scanning is the process of proactively identifying the vulnerabilities of computer systems on a network. Generally, a vulnerability scanner first identifies the operating system and version number, including service packs that may be installed. Then, the vulnerability scanner identifies weaknesses or vulnerabilities in the operating system.

Port-Scan Countermeasures
Countermeasures are processes or tool sets used by security administrators to detect and possibly
thwart port scanning of hosts on their network. The following list of countermeasures
should be implemented to prevent a hacker from acquiring information during a port scan:
Proper security architecture, such as implementation of IDS and firewalls, should be
followed.
Ethical hackers use their tool set to test the scanning countermeasures that have been
implemented. Once a firewall is in place, a port-scanning tool should be run against hosts
on the network to determine whether the firewall correctly detects and stops the portscanning
activity.
The firewall should be able to detect the probes sent by port-scanning tools. The firewall
should carry out stateful inspections, which means it examines the data of the packet
and not just the TCP header to determine whether the traffic is allowed to pass through
the firewall.
Network IDS should be used to identify the OS-detection method used by some common
hackers tools, such as Nmap.
Only needed ports should be kept open. The rest should be filtered or blocked.
The staff of the organization using the systems should be given appropriate training on
security awareness. They should also know the various security policies they’re required
to follow.

Nmap is a free open source tool that quickly and efficiently performs ping sweeps, port scanning,
service identification, IP address detection, and operating system detection. Nmap has
the benefit of scanning of large number of machines in a single session. It’s supported by many
operating systems, including Unix, Windows, and Linux.

The state of the port as determined by an Nmap scan can be open, filtered, or unfiltered.
Open
means that the target machine accepts incoming request on that port.
Filtered
means a firewall or network filter is screening the port and preventing Nmap from discovering whether
it’s open.
Unfiltered
mean the port is determined to be closed, and no firewall or filter is interfering with the Nmap requests.

A proxy server is a computer that acts as an intermediary between the hacker and the target computer.
Using a proxy server can allow a hacker to become anonymous on the network. The hacker
first makes a connection to the proxy server and then requests a connection to the target computer
via the existing connection to the proxy. Essentially, the proxy requests access to the target
computer not the hacker’s computer. This lets a hacker surf the web anonymously or
otherwise hide their attack.

HTTP Tunneling Techniques
A popular method of bypassing a firewall or IDS is to tunnel a blocked protocol (such
as SMTP) through an allowed protocol (such as HTTP). Almost all IDS and firewalls
act as a proxy between a client’s PC and the Internet and pass only the traffic defined as
being allowed.
Most companies allow HTTP traffic because it’s usually benign web access. However, a
hacker using a HTTP tunneling tool can subvert the proxy by hiding potentially destructive
protocols, such as IM or chat, within an innocent-looking protocol packet.

HTTPort, Tunneld, and BackStealth are all tools to tunnel traffic though HTTP. They allow the
bypassing of an HTTP proxy, which blocks certain protocols access to the Internet. These
tools allow the following potentially dangerous software protocols to be used from behind an
HTTP proxy:

• E-mail

• IRC

• ICQ

• News

• AIM

• FTP

               A hacker can spoof an IP address when scanning target systems to minimize the chance of detection.
One drawback of spoofing an IP address is that a TCP session can’t be successfully completed.
Source routing lets an attacker specify the route that a packet takes through the Internet.
This can also minimize the chance of detection by bypassing IDS and firewalls that may block
or detect the attack. Source routing uses a reply address in the IP header to return the packet
to a spoofed address instead of the attacker’s real address.
To detect IP address spoofing, you can compare the time to live (TTL) values: The
attacker’s TTL will be different from the spoofed address’s real TTL.

A threat is an environment or situation that could lead to a potential breach of security.

Ethical hackers look for and prioritize threats when performing a security analysis.
In computer security, an exploit is a piece of software that takes advantage of a bug, glitch,
or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a
computer system.

There are two methods of classifying exploits:
A remote exploit works over a network and exploits security vulnerabilities without any
prior access to the vulnerable system.
A local exploit requires prior access to the vulnerable system to increase privileges.

An exploit is a defined way to breach the security of an IT system through a vulnerability.

A vulnerability is an existence of a software flaw, logic design, or implementation error that can
lead to an unexpected and undesirable event executing bad or damaging instructions to the system.

A target of evaluation is a system, program, or network that is the subject of a security
analysis or attack.

An attack occurs when a system is compromised based on a vulnerability. Many attacks are
perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to
an exploit because of the operating system, network configuration, or applications installed
on the systems, and prevent an attack.

Types of Hacking Technologies

Most hacking tools exploit weaknesses in one of the following four areas:
Operating systems
Many systems administrators install operating systems with the default
settings, resulting in potential vulnerabilities that remain unpatched.
Applications
Applications usually aren’t tested for vulnerabilities when developers are writing
the code, which can leave many programming flaws that a hacker can exploit.
Shrink-wrap code
Many off-the-shelf programs come with extra features the common user
isn’t aware of, which can be used to exploit the system. One example is macros in Microsoft
Word, which can allow a hacker to execute programs from within the application.
Misconfigurations
Systems can also be misconfigured or left at the lowest common security
settings to increase ease of use for the user, which may result in vulnerability and an attack.

Attacks can be categorized as either
passive
or
active
Passive and active attacks are used on both network security infrastructures and on hosts. Active attacks actually alter the system or network they’re attacking, whereas passive attacks attempt to gain information
from the system.
Active attacks affect the availability, integrity, and authenticity of data; passive attacks are breaches of confidentiality.

In addition to the active and passive categories, attacks are categorized as either
inside
or
outside attacks. 

An attack originating from within the security perimeter of an organization is
an inside attack and usually is caused by an “insider” who gains access to more resources than
expected.
An outside attack originates from a source outside the security perimeter, such as the
Internet or a remote access connection.

Types of Hacker Classes

Hackers can be divided into three groups: white hats, black hats, and grey hats. Ethical hackers
usually fall into the white-hat category, but sometimes they’re former grey hats who have become
security professionals and who use their skills in an ethical manner.

White hats
White Hats are the good guys, the ethical hackers who use their hacking skills for
defensive purposes. White-hat hackers are usually security professionals with knowledge of
hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement
countermeasures.

Black hats
Black hats are the bad guys: the malicious hackers or crackers who use their skills
for illegal or malicious purposes. They break into or otherwise violate the system integrity of
remote machines, with malicious intent. Having gained unauthorized access, black-hat hackers
destroy vital data, deny legitimate users service, and basically cause problems for their targets.
Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their
actions are malicious.

Grey hats
Grey hats are hackers who may work offensively or defensively, depending on the situation.
This is the dividing line between hacker and cracker. Both are powerful forces on the Internet,
and both will remain permanently. And some individuals qualify for both categories. The
existence of such individuals further clouds the division between these two groups of people.

Let's say in the regular search command line you"ll write "Index of /mp3" and
press search. and guess what you"ll get? bunch of places to download mpz.

Lot's of sites indexed by google (or any other search engine. use your local search
engine to get sites with local music) Of cause there are many others usefull
search phrases. think about them, and if u have something original, share with
us back. basically u've got the idea

some other keywords examples:
Index of ftp/ +.mp3
Index of music/
Index of films/
Index of "Your favorite artist/album/movie etc"

/exchange/login.asp this one is really good. (btw, google seems to be filtering
this exact search, but if u"ll try altavista for example you"ll got plenty of results).
You"ll have lots of links pointing to public accesable IIS servers Outlook Web
Axx (you don't have to scan to find them ;P
just run you favorite hole looking tools on them to see if any usefull IIS was there.

You can name here other usefull web servers searches anything
that u know run on IIS rather that on apache .

Google have also socalled operators that should help you to narrow the search
and get more specific results. USE THEM

Google supports several advanced operators, which are query words that have
special meaning to Google. Typically these operators modify the search in some
way, or even tell Google to do a totally different type of search. For instance,
"link:" is a special operator, and the query [link:www.google.com] doesn't do a
normal search but instead finds all web pages that have links to
www.google.com.

Several of the more common operators use punctuation instead of words, or do
not require a colon. Among these operators are OR, "" (the quote operator), (
the minus operator), and + (the plus operator)
Many of these special operators are accessible from the Advanced Search page,
but some are not.

Advanced operator list :
• cache:
• link:
• related:
• info:
• stocks:
• site:
• allintitle:
• intitle:
• allinurl:
• inurl:

If you start a query with [allintitle:], Google will restrict the results to those with
all of the query words in the title. For instance, [allintitle: google search] will
return only documents that have both "google" and "search" in the title.

Ex. allintitle: Microsoft Outlook web access Logon
This will bring you again lot's of IIS servers that you could test.

Some other examples


inurl:"auth_user_file.txt"
inurl:"wwwroot/*.*"
allinurl:/cgibin/ +mailto
inurlasswd filetype:txt

inurl/file type.. search for .htm OR .html OR .txt OR .php "passwd" porn -xxx
quotes = required
minus = not wanted
.htm .html etc are your keywords..
 
inurl:robots filetype:txt
the robots file is useful for finding directories on the server such as php login pages
 
allintitle: "index of/admin"
allintitle: "index of/root"

and for fun
try access http://www.google.com/intl/xxhacker/
Elite search engine again. Love it
Fun with Google Searches

METHOD 1
put this string in google search:


parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to
what you want and you will get a lot of stuff.

METHOD 2
put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson
               ?intitle:index.of? mpg name
 
METHOD 3
put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to
zip etc