HackPack ("sbrpwn")


HackPack is a toolkit that was created in February of 2012, by Bl4ckS4b3r. The "HackPack" is a toolkit that allows for easier, and often automated hacking, or pentesting. HackPack support and documentation is avaliable at S4b3rstealth.forumotion.pro as well as this wiki page. Within the first three months the Toolkit has managed over two thousand downloads. It was designed to be used specifically for Backtrack 5, a pentesting Linux distro with 2 flavors: GNOME and KDE. HackPack is compatible with both (tested and approved).


Contents of HackPack(v1.5)

0.) Airpwn
1.) Run updates
2.) Hide
3.) Run NMAP
4.) SSLstrip
5.) DNS Spoof
6.) Exploits
7.) DOS attacks
8.) Install VMWare Tools
9.) Other
h.) Help & Support
x.) Exit



=== Airpwn ===

This is an option that allows for the testing of WEP and WPA/WPA-PSK2. The Airpwn option uses Aircrack-ng, Airmon-ng, Airodump-ng, and Aireplay-ng. It does require that there is activity for WEP IV-Packet gathering, and currently does not support pentesting on routers, or modems, via chop-chop methods (without any activity/clients). Airpwn will automatically crack WEP, and has an option to use the Backtrack default wordlists, or you can enter the path to your own wordlist. Airpwn automatically sets your card into monitor mode, after changing your mac address. Any handshakes gathered (WPA), or IV-Packet clusters (WEP) are saved to file so that you can reference them, or crack them, at a later time.

There are two wordlist suites withing Airpwn:

1.) The Wordlist Centre - A suite that combines a number of wordlist formation options; including but not limited to: Phone Number generators, Social Security Number generators, Date and Time generators, wordlist combination tools, wordlist manipulation tools, analyzation tools, and many others.

2.) SbrGen - A suite that creates all possibilities of combinations for the number of characters desired (up to 22 characters). The generator can include upper and lowercase letters and number, or the previously stated, as well as special characters.



==== Run Updates ====

This option supports the updates for Backtrack (apt-get update, upgrade, and distro-upgrade). It also updates the svn for Metasploit, SET, SQLMap, Ettercap, and HackPack itself.



==== Hide ====

This option will help the pentester remain hidden, or appear as someone else, apart from their actual host machine. It includes a Mac address changer, which will shut down your wireless card, or LAN device and change its Mac. It allows for you to change your hostname, so when security systems fingerprint, and make logs, it can show that the host machine has a different name that the testers actual machine (if the host changes it). It includes has a proxy hosting site, provided by the creator--Bl4ckS4b3r.



==== Run NMAP ====

This option allows for two types of scans: an intense scan and a simple scan--also called quick scan. The intense scan will try to determine all the information it can from the target range; this includes OS, ip, open ports, port type, computer name, browsers, service packs, and even time up or down. The simple scan will give the ip, and open ports, sometimes with the host/computer name, depending on the targets security settings. Please note that this will give a written report, and not a topographical report like the GUI will provide.



==== SSL Strip ====

This option will grant you passwords. It uses Moxie's SSL strip, and ettercap, to arp poision and sniff for passwords. Under SSL strip you can choose to gather HTTP or HTTPS, but depending on your, or the targets router settings (with arp/poisioning detection/firewall) you may only be able to use the HTTP option, in which case if the target(s) have a strong or secure browser they might redirect the target away from HTTP. Either way this is a very useful tool that will display and log real time login information and passwords.



==== DNS Spoof ====

This is a very useful option for a variety of DNS spoofing needs. DNS spoofing is a way to redirect a target from a desired page to a fake page that you (pentester) has setup, and can be used for exploitation, or social engineering. Under DNS Spoof you can find an option to only spoof, useful for if you are using SET, a toolkit setup by David Kennedy. There is an option for a custom spoof, by using your self created HTML page in the var/www/ directory, along with storing information into your DB. The last option is for preset social engineering pages which Bl4ckS4b3r has created, including MFOD (middle finger of doom), and Shiro. The other options include facebook, twitter, paypal, yahoo, ebay, and GMail. It is required for the presets that you setup your databases according to the DB setup file which can be found under help>scripts>help setup DB's.



==== Exploits ====

This option is setup for using exploits to enter a target machine, or to manipulate a target machine once the exploit is ran. This option includes the newest undetectable backdooring and payload generating software. It also includes SET, Armitage, and Metasploit.



==== DOS Attacks ====

This option allows for Denial Of Service. Under this option you can find Sbrkill, a systematic set of DOS modules put together by Bl4ckS4b3r, in order to complete a local DOS on a network within the range of your wireless card. Running Sbrkill will automatically change your mac address to help hide your machines identity. The second option allows for the use of LOIC, which stands for Low Orbit Ion Cannon, and is an application, that can potentially bring down single servers, small/non balanced, or larger servers with multiple attacks at a same moment in time.



==== Install VMWare Tools ====

This option was created for those who have issues installing VMWare tools, this simply requires that you mount the install package and then run the option which will successfully install the VMWare tools. This option does require the user to interact to confirm file paths, or to change them, ect.



==== Other ====

This option includes helpful, but yet fun features. These options arent always going to be necessary to pentesting, but are fun and optional. They include options such as Enter The Matrix, which displays the matrix like animations in a fullscreen terminal (cmatrix). Another option is Sbrhit, a module designed by Bl4ckS4b3r to consistently hit (go to) a certain webpage multiple times (200x to be exact) changing the mac address of the machine after every 10 visits, to allow for results to count on most website counters; however, this does mean that you will be required to have "auto-connection" enabled. Another option is to fix the adobe flash player--this option will allow you to play most youtube and flash required video's but some may still be denied. Another option is Bump of the Week, which will feature an interesting program, movie, game, ect, picked by Bl4ckS4b3r. There is also an option for a reliable and private (no logs) chat client called SbrChat, which requires no account, just a name, without registration. There is an option for Testing you BT system under "check my system!" which will run a scan, and a vulnerability assessment against your machine. The last option on the list is to run fuzzers, which throws off load balancers on servers if run correctly.



Help and Support

This last option is for help and support (obviously). This will give you the option to visit the official HackPack forum (s4b3rstealth.forumotion.pro), visit Bl4ckS4b3r's youtube page for tutorials, view the Wiki (this page), or "view commands".



Options for "view commands":

1.) Running Apache with SET.
2.) Using Driftnet.
3.) Full PWN with metasploit.
4.) Hydra script attack.
5.) Meterpreter basic.
6.) Mysql setup .php example.
7.) How to DNS spoof.
8.) Pulsating text (neon).
9.) How to test SQL.
a.) Using SSLstrip.
b.) Making video on backtrack.
c.) VMWare tools install script.
d.) Using wpscan.
e.) Using XXS (cross site scripting).
f.) Using WEP cracking.
g.) Using WPA cracking.
h.) Help me make my databases!
z.) Back to Menu.

Downloading

HackPack is FREE, and may eventually be included in Backtrack by default, but for now must be downloaded from S4b3rstealth.forumotion.pro, and can be installed by using these commands (for first time download):


For GNOME:

save to desktop (on backtrack)
(open with archive mounter, try to double click first, or depending on if you have an automount package it might just open)
if it does not open:
cd /root/Desktop
gzip -dc bl4cks4b3r.tar.gz | tar -xf bl4cks4b3r.tar.gz
Then:
copy all files in bl4cks4b3r to Desktop (drag and drop)
cd /root/Desktop
chmod +x install
then: double click install


For KDE:

gunzip bl4cks4b3r.tar.gz
tar -xvf bl4cks4b3r.tar to your Desktop
Then:
copy all files in bl4cks4b3r to Desktop (drag and drop)
cd /root/Desktop
chmod +x install
double click install file

**If you have downloaded HackPack 1.4 or higher you may just use option 1 (update) and update HackPack via an automated update install.

This version will automatically update for you.
RUN OPTION 1 FOR UPDATES (NOW HACKPACK CAN AUTO UPDATE)
just save the tar to the Desktop and close out of firefox.

[Enlace externo eliminado para invitados]

Enjoy
************************************************


FOR GNOME:

save to desktop (on backtrack)

(open with archive mounter, try to double click first, or depending on if you have an automount package it might just open)
if it does not open:

cd /root/Desktop
gzip -dc bl4cks4b3r.tar.gz | tar -xf bl4cks4b3r.tar.gz

Then:
copy all files in bl4cks4b3r to Desktop (drag and drop)
cd /root/Desktop
chmod +x install

then: double click install

-------------------------------------------------------------------------------------------------------

FOR KDE:

gunzip bl4cks4b3r.tar.gz
tar -xvf bl4cks4b3r.tar to your Desktop

Then:
copy all files in bl4cks4b3r to Desktop (drag and drop)
cd /root/Desktop
chmod +x install

then: double click install

Fuente: s4b3rstealth.forumotion.pro/
"Te voy a banear como sigas abriendo temas de mierda, leete las reglas y busca antes de abrir un tema.
¿Te parece buena respuesta?. me debes un dolar"
. Admin dixit.
Responder

Volver a “Seguridad Wireless”