Articles

The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client. We can say that Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking.



The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client. We can say that Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking. So, gathering valid login names and emails are one of the most important parts for penetration testing.

Hello every readers, Matriux is been successfully running and getting a big support over the past 2 years and we have been working hard to provide the best security solutions and quality tools for all the penetration testing and forensic needs. On occasion this issue is to be released at c0c0n 2012, we are also proud to announce our upcoming release Matriux version 2.0 K0d3 name “Ec-Centric”. We have been working hard over the release of the new version, so this month Matriux Vibhag will feature the Matriux Ec-Centric edition.



Hello every readers,

Matriux is been successfully running and getting a big support over the past 2 years and we have been working hard to provide the best security solutions and quality tools for all the penetration testing and forensic needs. On occasion this issue is to be released at c0c0n 2012, we are also proud to announce our upcoming release Matriux version 2.0 K0d3 name “Ec-Centric”. We have been working hard over the release of the new version, so this month Matriux Vibhag will feature the Matriux Ec-Centric edition.

Features

Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique.



Hello readers, we are back with our tutorials on Matriux, due to some unwanted circumstances we weren’t able to be a part of last month’s issue. However we promise to provide our continued support and help to the users. This month we are going to cover a basic tutorial of Man-In-The-Middle (MITM) attack using Ettercap by ARP spoofing technique.

Ettercap

One of the most commonly asked question on Matriux forums and IRC is how to enable and work with WiFi on a Matriux instance running inside VMWare or any other virtualization software. This tutorial will take you step by step on how to do that. For this tutorial, I am running VMware® Workstation on a Windows 7 Enterprise N Edition which is my Host machine.  The Matriux is (obviously) my guest operating system running "Krypton" v1.2. I am using a D-Link DWA-125 Wireless N 150 USB Adapter for this tutorial.



Hello readers, we are back again with a new release, Matriux Krypton v1.2 at nullcontritiya,Goa 2012. Thank you for your support throughout these years that we are able to bring in the bigger and better security solutions. This version includes some great features with 300 powerful penetration testing and forensic tools. The UI is made more elegant and faster. Based on Debian Squeeze with a custom compiled kernel 2.3.39-krypton Matriux is the fastest distribution of its kind and runs easily on a p-IV with as low as 256MB RAM and just 6GB HDD. Included new tools like reaver-wps, androguard, apkinspector, ssh server and many more.



Skipfish is an active web application security reconnaissance tool written and maintained by Michal Zalewski (@lcamtuf). Skipfish is one of the fastest webscanners available which spiders using the wordlists, a very powerful web scanning tool with a simple implementation. In Matriux Skipfish can be found in the arsenal under Arsenal ->Framework -> Skipfish



Wish you a very happy and prosperous new year from team Matriux. 2011 has been a great year for us where we along with CHmag have made it possible to reach you better. A special thanks to CHmag team for making it with us. It has been noticed that due to a custom and special installer MID used in Matriux Krypton, many users are confused on how to get Matriux setup on their Hard disk or VirtualBox, so this month we bring you with how to setup and get started with Matriux Krypton, a better way to start 2012.



In the previous forensics issues we have seen how to use Vinetto to analyse thumbs.db files from a machine or from an image. As a continuation to the early analysis tools, we have another in this issue.



Hope all of you enjoyed Diwali. This time we will be discussing about MoC Chrome Crawler, a crawler extension written in HaXe for Google Chrome platform. Like any other crawler program it can be used to crawl web pages to find interesting resources and links including,



Website security is a major concern of developers and businesses today, because of growing attack vectors and easiness of exploitation, businesses spend thousands of dollars to find and patch vulnerabilities in their website. Websecurify can help you find OWASP top 10 vulnerabilities before hackers (read as crackers) do. Websecurify is a free and open source web application scanner from the good folks of GNUcitizen.org. Its very easy to use and its simple interface makes it stand out of the crowd.



It's been a great time for Matriux in the last month - Matriux Krypton is released on August 15th 2011 and available for public download. And we had an overwhelming downloads and feedback on the project. We thank all the users out there for downloading and testing Matriux.



Hi readers, we have yet another interesting toolkit this month – The Social Engineering Toolkit. Specifically designed to perform advanced attacks against the human element, SET leverages the concepts of exploiting using the social engineering and human influential ideas. SET also combines the attacks of Metasploit Framework to enhance the success of attacks augmenting the social engineering attacks.



After a series of Forensic articles we would like to go with the theme of this month which is Metasploit Framework.



In the Part I of the article on Forensics with Matriux, we had highlighted the forensic acquisitiontechniques using Matriux distribution. In this second part, we will cover the tools that focus on analysis techniques. Forensic Analysis techniques can be used to discover Deleted Files, Cloaked files, Encrypted files, Fragmented files,PDF,Browser,Virtualisation,Memory and etc.



Forensics is the best part of digital devices which even a basic user does in his day to day life but doing it in some technical way and including some cyber laws makes it more powerful. While forensic examination of electronic data storage devices has been in use for quite some time now, digital forensics gained greater significance with the arrival and wide-spread use of mobile electronic devices capable of storing and manipulating digital data. Apart from analysing data to arrive at conclusion that support an investigation, digital forensics also gives guidelines for data collection, preservation and imaging. One of the uses of the Matriux distribution is that it is extremely useful for a digital forensic examiner.



This edition let’s talk about the one in action, The Matriux Distribution. Matriux though to come as the Asia’s first Security Distribution now being used worldwide with many government organizations in India and other countries using it as their “tool”.



Everybody wants to do something innovative and unique in life. This was the zeal behind Matriux. Matriux is a phenomenon that was waiting to happen. Team Matriux is extremely honoured to be associated with CHMag for starting an exclusive section for Project Matriux. Various articles and tutorials will be published through...