Introduction about MBR (Master Boot Record)

MBR is a small program which runs whenever a computer boots up. MBR is stored in the first sector of the boot disk. This very important sector contains a number of things that the Operating System and the computer BIOS need to start the system. If the contents of this sector are lost or damaged you can not access the data on the hard disk. Please note that each hard disk has a MBR, so if you have 2 or more hard disks in your computer, each has its own MBR. If multiple disks are configured as an array there is usually 1 MBR that services the entire array, placed on the 1st disk in the array . It should be clear that the MBR is one of the most important  sectors on your hard disk. The following explanation is mainly about using the MBR with Windows or DOS based operating systems. The MBR is somewhat different when used with Unix based systems.

The smallest addressable space on a hard disk is 512 bytes at a time. A hard disk sector is 512 bytes long, so 1 sector is the smallest addressable space on a hard disk. The MBR is 1 sector, so the MBR is 512 bytes long. These 512 bytes are divided into several parts that each have their own function in getting the computer to start. The 4 main parts of the MBR are (in the order as they appear in the MBR):

          1. the bootcode

          2. the volume byte

          3. the partition table 

          4. the signature bytes

The bootcode: this part of the MBR gets read by the computer BIOS when the computer is started. When the computer finishes its own startup procedures (getting the disks spinning, doing some checks) and gets ready to start the operating system, the bootcode in the MBR is read first. This allows the computer to interpret the rest of the MBR.

The volume bytes: these are 4 bytes that are located after the bootcode and just before the partition table. Windows 2000 and Windows XP use these 4 bytes to identify the mountable volumes on the hard disk. If these bytes are changed or erased from the MBR, Windows 2000/XP will go through a simple hardware detection round that will re-identify all the volumes on the disk. This is done during the next Windows startup after changing the volume bytes. Drive letters assigned to volumes might change after this. This goes for simple volumes, I have at this point no information on the effect of removing the volume bytes when using dynamic volumes.

The partition table: this is a sequence of 64 bytes (4 x 16) that identify the first 4 (or less) primary partitions on a hard disk. There is space for identifying 4 partitions. Each partition-identification is made up of 16 bytes that describe a number of things about the partition, such as: where it starts, what type it is, how big it is, is it an active partition or not, etc. One of these 4 partition descriptions can be used to describe an extended partition, which itself can then contain logical drives. The logical drives are not described in the MBR.
An active partition is the partition from which the Operating System is started. This must be a primary partition, and there can only be 1 primary partition active at any time.
If there are for instance only 2 partitions on a hard disk, the first 32 bytes of the partition table (2 x 16) would contain the descriptions of those partitions. The other 32 bytes would contain all zeros. So deleting a partition consists of putting zeros in the chosen partition description.

The signature bytes: these are 2 bytes that are used to signify an important sector. They can be found trailing the MBR, but there are other sectors that contain these bytes as well. If they are not trailing the MBR the computer will not be able to read the MBR (because it will not be recognized as an important sector).

Advance Web Hacking

this article is about web hacking, to practice i use DVWA (Damn Vulnerable Web Application) as victim, DVWA provide any web vulnerabilities. in this article i try to exploits command execution Vulnerability in DVWA.
firts open DVWA from your browser

Work With BeEF and Metasploits

this article is about exploits using BeEF( browser exploit framework)  and metasploits, in here i use xp sp3 (virtual box) as victim,first i make payload using metasploits

then  try send link to victim, thats link is go to webpage that contains beef inside of that pages. then run beef

work with metasploits and beef

this article is about exploitation using metasploits and beef, first exploits victim (xp-sp3) using metasploits

that i use payload vncinject/reverse_tcp,,, that is bad and risk,, so yo must wait the people have victim sleep,,,,

then i explore this system, i run  mozzila firefox then i set a homepage this browser

i set this home page with address where i put file with beef inside that,, because i not have may time because my vbox is error  i use file example from beef,,,
than run beef,,, and wait victim open mozilla firefox

then check on beef panel

  

timeout,,

i'll continued next time,,

Metasploits Auxiliary Modules

metasploits have any auxiliary modules, which one of them is ftp_versions, that is use to show the version of ftp  that running on target,, for use it like below :

first, run msfconcole
then run commands show auxiliary, it use to show all auxiliary modules

then run modules ftp_versions using command use scanner/ftp/ftp_versions,

 then run command show options, is show any option on module ftp_versions

that showing if ftp version required target address to identifier, and port of ftp on target, and thread, that have default setting port on 21 and threads 1
then set ip host of target, in here i use 192.168.56.101, that is ip host of xp in vbox in my computer.

then run

that result show version of ftp that run on target (192.168.56.101).