Thursday 11 January 2018

HACKING: HOW TO HACK COMPUTERS, BASIC SECURITY AND PENETRATION TESTING EBOOK

How to Hack Computers, Basic Security and Penetration Testing
How to Hack Computers, Basic Security and Penetration Testing
Table of Contents
Introduction
Chapter 1 Introduction to Hacking
Chapter 2 The Rules of Ethical Hacking
Chapter 3 What Hackers See During a Sweep
Chapter 4 Understanding Basic Security Systems
Chapter 5 Where Hackers Attack
Chapter 6 Understanding Social Engineering
Chapter 7 Protecting your Passwords
Chapter 8 Hacking Skills: Learn Programming
Chapter 9 Hacking Skills: Open-sources
Chapter 10 Hacking Skills: Proper Writing
Chapter 11 Creating A Status in the Hacker Culture
Chapter 12 Hacker and Nerd
Chapter 13 Concept of Free Access in Hacking
Chapter 14 Culture of Sharing
Chapter 15 Hacking as a Community and Collaborative Effort
Chapter 16 Ethical Hacking
Chapter 17 Hacking for Free Internet
Chapter 18 Securing Your Network
Chapter 19 Dealing with Fake Wi-Fis
Chapter 20 Hacking Facebook
Chapter 21 Understanding a Denial of Service Attack
Chapter 22 Introduction to Digital Forensics
Chapter 23 Windows Registry and Forensics
Chapter 24 Going Undercover in Your Own Network
Posted by at No comments:

HOW TO ACCESS DARKNET WEBSITES THROUGH ANY WEB BROWSER

Generally, normal browsers cannot open the Darknet websites whose top level domains are .onion because they are not normal domain names, but a string of random characters followed with .onion. These domain names are created by Onion when you host your anonymous websites using the Onion or Tor network. Thus, the DNS servers do not have a clue of what they are and you will get a site not found error if you try to access one of the websites in the Darknet. Only the Onion servers know how to resolve these domain names.
The best and recommended way to access darknet is by Tor Bundle.
But there is an another way to access darknet by diverting your traffic through Tor anonymity network. We will use a tool named Tallow .
Download Tallow , Hit the Tor Onion and you’re good to go.  Open any web brower and enter any .onion URL and you will be redirected to the website
You can see a .onion website accessed through Internet Explorer.

But beware! Unlike the TorBrowserBundle, Tallow does not make any attempt to anonymize content sent though the Tor network. This may include cookies or other information that can identify you.
Posted by at No comments:

HOW TO SETUP/RUN A DARKNET (.ONION) WEBSITE

Things You Will Need

Download
  1. XAMPP Server 
  2. Tor Bundle

Getting Things Ready.

Install Xampp and fire up Apache, My SQL & FileZilla
Note down the Port of ApacheServer (in most cases it’s 80)

Extract Tor Bundle , and browse inside Tor Browser Folder 
Path – Tor Browser\Browser\TorBrowser\Data\Tor\torrc
Open this file in Notepad or any other text editor, and paste in this code underneath, without editing any pre-written paths
#Hidden Services

HiddenServiceDir C:\darknet

HiddenServicePort 80 127.0.0.1:80
Save the document and go to C drive and make a folder named darknet. 
Obviously you can change the path of HiddenServiceDir as you like , and also check for hidden service port, in this case the port is 80, and 127.0.0.1 is the address of localhost (xampp server landing page)

Connecting to .onion

Start Tor Browser and let it connect to tor circuit, once done go back to C:\darknet  (the folder you’ve just made)- in the folder you’ll find 2 files “Hostname” & “Private_Key”
Open up “Hostname” in Notepad, you’ll find a .onion domain.
Open Up Tor Browser and paste in the .onion domain and you’ll be redirected to your localhost page.
If You want to use any other of your static website page..
You will have to replace the index file of xammp server with the index.html your website
Path – C:\xampp\htdocs  
Paste the index.html webpage of ur website in the mentioned folder.

Have You Ever run a .onion website ? Do you know any other ways to do it ? Let us know your thoughts in the comments section down below. 

Posted by at No comments:

4 MASSIVE HACKS OF ALL TIME (OUR PICK)

4. The First Cyber War

Yes, yes, we said we were clearing out the DDoS dross in the introduction, but what happened to Estonia in 2007 was no ordinary DDoS attack. Kicking off at 10pm on 26 April, the Baltic state suffered three weeks of DDoS attacks, which completely crippled its IT infrastructure.
During first week, went on to take down the sites of most other political parties, the official site of the Estonian Parliament and other government entities. In the second week, the attack spread to the websites of Estonian news outlets, universities, schools and businesses. But it was in the third week that the real hammer blow fell. At the stroke of midnight, a huge torrent of traffic – peaking at over 4 million data packets per second – slammed into Estonia’s banking infrastructure.
It’s suspected that all the perpetrators were either Russians or ethnic Russian Estonians. The attack followed two days of rioting in the Estonian capital Tallinn over the relocation of a bronze war memorial dating from the Soviet era. Perhaps even more damningly, the third wave of the attack commenced on the  Russian Victory Day of 2nd world war.

3. The Bedroom Hacker who made US armory disappear.

At the turn of 200, NASA and the US Department of Defense (DoD) were successfully compromised by two hackers, 15-year-old Jonathan James and 35-year-old Gary McKinnon.
James was the first to have a crack at the American space agency in 1999, which he crawled into by compromising computers at the US Defense Threat Reduction Agency.
Among other things, he managed to make off with the source code for the life support systems on the International Space Station (ISS).
Gary McKinnon has the dubious honour of being accused by US prosecutors of perpetrating “the biggest military computer hack of all time”.

2. Bitcoin’s Black Day

How can millions of dollars disappear without trace? This is the question Mt. Gox, the largest Bitcoin exchange in the world, was faced with in early 2014. On 7 February, the exchange suddenly ceased trading, saying it had discovered a “transaction malleability” bug and locked customers out of their accounts. The organisation would later blame hackers for stealing $460 million-worth of Bitcoins over the course of three-to-four years, causing a crash in the value of the cryptocurrency.
On 13 June 2011, 478 Mt. Gox accounts were robbed of a total of 25,000 bitcoins (worth between $375,000 and $500,000 at the time), which were all transferred into a single account.
What made the attack possible and successful, though, wasn’t just the SQL injection vulnerability in the Mt. Gox code that gave hacker access to the user database, or the fact that usernames and email addresses were stored in plain text, or that it used the MD5 hashing algorithm rather than a more secure SHA-2 alternative, or even that about 1,600 of the passwords were hashed but unsalted. It was Karpeles’ own unique brand of hubris and naïveté. Failure to take seriously the complaints of the original 478 customers whose accounts were compromised – or even to consider it a bit weird that nearly 500 people were hacked on the same day – was a serious misstep; following it up by seemingly not caring that someone had stolen an entire user database is mind-blowing.

1. The Virus that destroyed nuclear equipment (Stuxnet)

Stuxnet is one of the best known names when it comes to cyber attacks, and for good reason. The worm (a self replicating, self propagating computer virus). This worm program that was less than a megabyte in size was released into Iran’s nuclear refinement plants. Once there, it secretly took over the Siemens SCADA control systems. This sneaky worm commanded over 5000 of the 8800 uranium centrifuges to spin out of control, then suddenly stop and then resume, while simultaneously reporting that all is well. This chaotic manipulating went on for 17 months, ruining thousands of uranium samples in secret, and causing the staff and scientists to doubt their own work. All the while, no one knew that they were being deceived and simultaneously vandalized.
But what makes Stuxnet really stand out among all the destructive malware out there was just how well crafted it was. The Stuxnet payload consisted of three parts: the worm itself (WORM_STUXNET), an execution .LNK file (LNK_STUXNET) that allowed the worm to auto-execute, and a rootkit (RTKT_STUXNET) that hid the worm’s existence.
This hack is memorable because of both optics and deceit: it attacked a nuclear program of a country that has been in conflict with the USA and other world powers; it also deceived the entire nuclear staff for a year and a half as it performed its nasty deeds in secret.
Posted by at No comments:

GET FREE UNLIMITED UBER RIDES – UBER HACKED

The Uber app, like most applications uses an IMEI(International Mobile Equipment Identity), a unique 15-digit number assigned to all cellular devices. Unfortunately for Uber, this number can be changed/spoofed programmatically.
Posted by at No comments:

Hacker Downloaded Vine's Entire Source Code. Here’s How...

download-twitter-vine-source-code
Guess What? Someone just downloaded Twitter’s Vine complete source code.

Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012.

Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle.

Launched in June 2014, Docker is a new open-source container technology that makes it possible to get more apps running on the same old servers and also very easy to package and ship programs. Nowadays, companies are adopting Docker at a remarkable rate.

However, the Docker images used by the Vine, which was supposed to be private, but actually was available publically online.

While searching for the vulnerabilities in Vine, Avinash used Censys.io – an all new Hacker’s Search Engine similar to Shodan – that daily scans the whole Internet for all the vulnerable devices.

Using Censys, Avinash found over 80 docker images, but he specifically downloaded 'vinewww', due to the fact that the naming convention of this image resembles www folder, which is generally used for the website on a web server.

After the download was complete, he ran the docker image vinewww, and Bingo!
Hacker Downloaded Vine's Entire Source Code. Here’s How...
The bug hunter was able to see the entire source code of Vine, its API keys as well as third-party keys and secrets. "Even running the image without any parameter, was letting me host a replica of VINE locally," He wrote.

The 23-year-old reported this blunder and demonstrated full exploitation to Twitter on 31 March and the company rewarded him with $10,080 Bounty award and fixed the issue within 5 minutes.

Avinash has been an active bug bounty hunter since 2015 and until now has reported 19 vulnerabilities to Twitter.
Posted by at No comments:

LEGENDS SHELL :: PORTABLE HACKING TOOLBOX [/.PHP]

[Image: KYM3txE.gif]
[Image: 90aVhZO.gif]
[Image: r39nvLV.png]Disclaimer:
Hacking is illegal. I take no responsibility what you do with this information. For educational purposes only.
LEGENDS SHELL:
A portable <.php> website hacking tool box packed with some useful tools and shells to help you hack more websites.
[Image: sCtYH34.jpg]
>Just upload it like you would any php shell.
>Login
>Import Tools
>Execute

►Featured Tools & Shells:

[Image: 9kq9HfM.jpg]

(¯`·._.·-☀TOOLS☀·._.·´¯)
    • • Login Page:
[Image: i6wcTUB.jpg]
Just in case someone comes across this through a public directory.

    • • Admin Page Finder:
[Image: eOS4FbF.jpg]
This tool is used to scan for administration panels.
    • • BING Dork Scanner:
[Image: uGMU1L2.jpg]
This tool is used to scan dorks on BING search engine for any SQLi vulnerabilities.

    • • CMS Sacnner:
[Image: kZ9XW27.jpg]
This tool scans a target for installed plugins and gives you a exploit-db link for that vulnerable plugin.

    • • LFI Scanner:
[Image: uGKBW4x.jpg]
This tool scans a target for any LFI vulnerabilities then let’s you inject different payloads.

    • • myBB Scanner:
[Image: l6tF87r.jpg]
This tool let’s you scan a mybb target for 21 known vulnerabilities.

    • • Prestashop Exploiter:

    • • Revslider Scanner:
[Image: rn5TObK.jpg]
This tool let’s you scan multiple WordPress sites at once for the vulnerable revslider plugin, then helps you exploit it.

    • • Vuln Scan:
[Image: Ob3z8eL.jpg]
This tool let’s you somewhat scan multiple websites/IP for vulnerabilities, then displays results to go through manually.

    • • Vuln Inject:
[Image: 7FKVj.jpg]
This tool has several features but the one that stands out the most is the Error based & Union SQLi injector.

    • • Host Scan:
[Image: aNtSvC3.jpg]
This tool let’s you scan any host, then displays the results.

    • • Reverse IP:
[Image: IvjUIFQ.jpg]
This tool let’s you scan a server/IP for any other websites that are being hosted on the same server.
    • • Ddoss3r:
[Image: LwvFAZE.jpg]
This tool uses multiple ddosing methods to kill target.

    • • Inbox Mailer -Gmail:
[Image: Lr1Yvnt.jpg]
This tool let’s you bomb/spam any Gmail ‘inbox’.

    • • Spoof Mailer:
[Image: uwK06pd.jpg]
This tool let’s you spoof your outging email address. ex:<support@facebook.com>

    • (¯`·._.·-☀SHELLS☀·._.·´¯)
    • • 404 Shell:
Spoiler (Click to Hide)
[Image: VWuSuYV.jpg]
This shell has a hidden login feature for better stealth.

    • • Mini Shell:
[Image: 0kiJNL2.jpg]
This shell is small in size making it easier to upload when other shells won’t load.

    • • Obfuscated Shell:
[Image: LtAPO8w.jpg]
Some servers will detect the malicious code within your shell preventing a successful upload. Sometimes you can bypass this by obfuscating the souce code.

    • • Symlink Shell:
[Image: kJGoGjN.jpg]
This shell will automatically symlink to any other websites being hosted on the server if /var/named or etc/named.conf is accessible.

    • • CGI Shell:
[Image: XoRE4IN.jpg]
If .php extensions are blocked/disabled, you can try to use a cgi shell.

    • • IndoXploit Shell:
This shell has many unique features, but the ones that stands out the most are…
• Configuration Grabber:
[Image: fwwxCe6.jpg]
[Image: BFbojaV.jpg]
Will check a compromised server for any other sites being hosted then exploit them if /var/named or etc/named.conf is accessible.
• cPanel Crack:
[Image: ZIQ2hGw.jpg]
Will attempt to crack any cPanels being hosted on a compromised server.
• SMTP Grabber:
[Image: gKCgJpw.jpg]
Will attempt to crack any smtp account hosted on a compromised server.• RDP Shell:
[Image: Q7rc1pq.jpg]
[Image: AduOMlb.jpg]
Will attempt to create an RPD account on a Windows server.

    • • Adminer -MySQL Manager:
[Image: gRwISvH.jpg]
Legends Shell:
https://ghostbin.com/paste/r8k3osuk
Ghostbin Password: legends4lyfe
Shell Passwords:
Legends Shell = opensaysme
404 shell = playtime2
IndoXploit Shell = IndoXploit
Posted by at 1 comment:

How to Hack a Website with Basic HTML Coding

If you have basic HTML and JavaScript knowledge, you may be able to access password protected websites. This article will give you an easy method to hack simple, less-secured websites of your choice simply through HTML. Use it responsibly.

Note: This basic method works only for websites with extremely low security barriers. Websites with robust security details will not be susceptible to this kind of simple attack.

Steps

  1. Image titled Hack a Website with Basic HTML Coding Step 1
    1
    Open the site you want to hack. Provide wrong username and wrong password combination in its log in form. (e.g. : Username : me and Password: ' or 1=1 --) An error will occur saying wrong username and wrong password. Now be prepared because your experiment starts from here.
  2. Image titled Hack a Website with Basic HTML Coding Step 2
    2
    Right click anywhere on that error page =>> go to view source.
  3. Image titled Hack a Website with Basic HTML Coding Step 3
    3
    View the source code. There you can see the HTML coding with JavaScript.
    • There you find something like this....<_form action="...Login....">
    • Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")
  4. Image titled Hack a Website with Basic HTML Coding Step 4
    4
    Delete the JavaScript from the above that validates your information in the server. Do this very carefully.—Your success in hacking the site depends upon how efficiently you delete the java script code that validates your account information.
  5. Image titled Hack a Website with Basic HTML Coding Step 5
    5
    Take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=password>" with "<_type=text>". See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write ).
  6. Image titled Hack a Website with Basic HTML Coding Step 6
    6
    Go to file => save as and save it anywhere in your hard disk with ext.html (e.g.: c:\chan.html).
  7. Image titled Hack a Website with Basic HTML Coding Step 7
    7
    Reopen your target web page by double clicking 'chan.html' file that you saved in your hard disk earlier.
    • You see that some changes in current page as compared to original One. Don't worry.
  8. Image titled Hack a Website with Basic HTML Coding Step 8
    8
    Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have successfully cracked the above website and entered into the account of List user saved in the server's database.
Posted by at No comments:
Subscribe to: Posts (Atom)