Dalam tiga bulan pertama Toolkit telah berhasil lebih dari dua ribu download. Hal ini dirancang untuk digunakan khusus untuk Backtrack 5, Linux distro pentesting dengan 2 rasa: GNOME dan KDE.
HackPack kompatibel dengan baik (telah teruji)
Contents of HackPack (v1.5)
0.) Airpwn
1.) Run updates
2.) Hide
3.) Run NMAP
4.) SSLstrip
5.) DNS Spoof
6.) Exploits
7.) DOS attacks
8.) Install VMWare Tools
9.) Other
h.) Help & Support
x.) Exit
![[Image: 1476456_184769385061688_520638055_n.jpg]](https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-prn2/q71/s720x720/1476456_184769385061688_520638055_n.jpg)
Penjelasan secara detailnya :
=== Airpwn ===
This is an option that allows for the testing of WEP and WPA/WPA-PSK2.
The Airpwn option uses Aircrack-ng, Airmon-ng, Airodump-ng, and
Aireplay-ng. It does require that there is activity for WEP IV-Packet
gathering, and currently does not support pentesting on routers, or
modems, via chop-chop methods (without any activity/clients). Airpwn
will automatically crack WEP, and has an option to use the Backtrack
default wordlists, or you can enter the path to your own wordlist.
Airpwn automatically sets your card into monitor mode, after changing
your mac address. Any
handshakes gathered (WPA), or IV-Packet clusters (WEP) are saved to file
so that you can reference them, or crack them, at a later time.
There are two wordlist suites withing Airpwn:
1.) The Wordlist Centre - A suite that combines a number of wordlist
formation options; including but not limited to: Phone Number
generators, Social Security Number
generators, Date and Time generators, wordlist combination tools,
wordlist manipulation tools, analyzation tools, and many others.
2.) SbrGen - A suite that creates all possibilities of combinations for
the number of characters desired (up to 22 characters). The generator
can include upper and lowercase letters and number, or the previously
stated, as well as special characters.
==== Run Updates ====
This option supports the updates for Backtrack (apt-get update, upgrade,
and distro-upgrade). It also updates the svn for Metasploit, SET,
SQLMap, Ettercap, and HackPack itself.
==== Hide ====
This option will help the pentester remain hidden, or appear as someone else, apart from their actual host machine. It includes a Mac address changer, which will shut down your wireless card, or LAN device and change its Mac. It allows for you to change your hostname, so when security systems
fingerprint, and make logs, it can show that the host machine has a
different name that the testers actual machine (if the host changes it).
It includes has a proxy hosting site, provided by the
creator--Bl4ckS4b3r.
==== Run NMAP ====
This option allows for two types of scans: an intense scan and a simple
scan--also called quick scan. The intense scan will try to determine all
the information it can from the target range; this includes OS, ip,
open ports, port type, computer name, browsers, service packs, and even
time up or down. The simple scan will give the ip, and open ports,
sometimes with the host/computer name, depending on the targets security
settings. Please note that this will give a written report, and not a
topographical report like the GUI will provide.
==== SSL Strip ====
This option will grant you passwords. It uses Moxie's SSL strip, and
ettercap, to arp poision and sniff for passwords. Under SSL strip you
can choose to gather HTTP or HTTPS, but depending on your, or the
targets router settings (with arp/poisioning detection/firewall) you may
only be able to use the HTTP option, in which case if the target(s)
have a strong or secure browser they might redirect the target away from
HTTP. Either way this is a very useful tool that will display and log
real time login information and passwords.
==== DNS Spoof ====
This is a very useful option for a variety of DNS spoofing needs. DNS
spoofing is a way to redirect a target from a desired page to a fake
page that you (pentester) has setup, and can be used for exploitation,
or social engineering. Under DNS Spoof you can find an option to only
spoof, useful for if you are using SET, a toolkit setup by David
Kennedy. There is an option for a custom spoof, by using your self
created HTML page in the var/www/ directory, along with storing
information into your DB. The last option is for preset social
engineering pages which Bl4ckS4b3r has created, including MFOD (middle
finger of doom), and Shiro. The other options include facebook, twitter,
paypal, yahoo, ebay, and GMail. It is required for the presets that you
setup your databases according to the DB setup file which can be found
under help>scripts>help setup DB's.
==== Exploits ====
This option is setup for using exploits to enter a target machine, or to
manipulate a target machine once the exploit is ran. This option
includes the newest undetectable backdooring and payload generating
software. It also includes SET, Armitage, and Metasploit.
==== DOS Attacks ====
This option allows for Denial Of Service. Under this option you can find
Sbrkill, a systematic set of DOS modules put together by Bl4ckS4b3r, in
order to complete a local DOS on a network within the range of your
wireless card. Running Sbrkill will automatically change your mac
address to help hide your machines identity. The second option allows
for the use of LOIC, which stands for Low Orbit Ion Cannon, and is an
application, that can potentially bring down single servers, small/non
balanced, or larger servers with multiple attacks at a same moment in
time.
==== Install VMWare Tools ====
This option was created for those who have issues installing VMWare
tools, this simply requires that you mount the install package and then
run the option which will successfully install the VMWare tools. This
option does require the user to interact to confirm file paths, or to
change them, ect.
==== Other ====
This option includes helpful, but yet fun features. These options arent
always going to be necessary to pentesting, but are fun and optional.
They include options such as Enter The Matrix, which displays the matrix
like animations in a fullscreen terminal (cmatrix). Another option is
Sbrhit, a module designed by Bl4ckS4b3r to consistently hit (go to) a
certain webpage multiple times (200x to be exact) changing the mac
address of the machine after every 10 visits, to allow for results to
count on most website counters; however, this does mean that you will be
required to have "auto-connection" enabled. Another option is to fix
the adobe flash player--this option will allow you to play most youtube
and flash required video's but some may still be denied. Another option
is Bump of the Week, which will feature an interesting program, movie,
game, ect, picked by Bl4ckS4b3r. There is also an option for a reliable
and private (no logs) chat client called SbrChat, which requires no
account, just a name, without registration. There is an option for
Testing you BT system under "check my system!" which will run a scan,
and a vulnerability assessment against your machine. The last option on
the list is to run fuzzers, which throws off load balancers on servers
if run correctly.
Options for "view commands":
1.) Running Apache with SET.
2.) Using Driftnet.
3.) Full PWN with metasploit.
4.) Hydra script attack.
5.) Meterpreter basic.
6.) Mysql setup .php example.
7.) How to DNS spoof.
8.) Pulsating text (neon).
9.) How to test SQL.
a.) Using SSLstrip.
b.) Making video on backtrack.
c.) VMWare tools install script.
d.) Using wpscan.
e.) Using XXS (cross site scripting).
f.) Using WEP cracking.
g.) Using WPA cracking.
h.) Help me make my databases!
z.) Back to Menu. Download here : http://www.fileswap.com/dl/zxTN8YTY77/bl...ar.gz.html
How to :
Setelah download file tar.gz nya, extrack : tar -xf bl4cks4b3r.tar.gz
lalu pindahkan semua isi dari folder bl4cks4b3r ke Desktop.
cd /root/Desktop
chmod +x install
Lalu double click Install
https://www.facebook.com/photo.php?fbid=...280&type=1
https://www.facebook.com/photo.php?fbid=...906&type=1
https://www.facebook.com/photo.php?fbid=...234&type=1
https://www.facebook.com/photo.php?fbid=...885&type=1
Enjoyy...
Sumber : SBH :D