hackerbrother

Learn Penetration Testing And Ethical Hacking Online.

facebook

  • Facebook
  • Popular Posts

    top 4 operating systems to turn your computer into a NAS server

    There are currently a large number of NAS server manufacturers, such as ASUSTOR, QNAP, Synology or Thecus among others, however, you may have a computer that you want to convert into a NAS server, with the aim of reusing it to give you a second life and act like a true NAS server. Do you want to know what operating systems exist to turn your computer into a complete and advanced NAS server?

    4 operating systems to turn your computer into a NAS server

    FreeNAS: one of the most advanced operating systems for NAS based on FreeBSD

    FreeNAS is an operating system based on FreeBSD, it is one of the most advanced, although it is not difficult to install and manage. FreeNAS is compatible with the ZFS file system, one of the most advanced currently, and that is that ZFS incorporates native features such as Snapshots to protect all information from possible ransomwares, allows great file integrity, and we will not need any type of driver RAID, since it incorporates the possibility of configuring RAID-Z of different levels. Once you test how ZFS works, you are unlikely to use a different file system to store all your information.










    Other features of FreeNAS are that it incorporates a large number of services installed by default, such as SMB / CIFS, FTP, AFP, iSCSI and many more, since it will allow us to install additional software as a plugin, so that we can easily install a BitTorrent client such as Transmission, Plex Media Server, and many more. It will also allow us to perform advanced backups, replication of data in another FreeNAS, and even encrypt the entire contents of hard drives with AES-XTS, which can be accelerated if your CPU is compatible with AES-NI.

    Finally, the graphical user interface of the latest versions of FreeNAS is really well maintained, with very well designed graphics, a very intuitive interface, and really fast, ideal for managing the FreeNAS efficiently.

    We recommend you visit the official FreeNAS website where you will find all the information about this operating system.

    XigmaNAS (formerly known as NAS4Free): based on FreeBSD

    XigmaNAS was formerly known as NAS4Free, but the developers changed the name of the project. XigmaNAS is also based on the FreeBSD operating system, just as FreeNAS does. This operating system can be installed on any platform that supports x64 architecture, and that has at least 2GB of RAM.


    This operating system supports most file sharing protocols such as CIFS / SMB, FTP, FTPES, NFS, AFP, and many others such as Rsync, iSCSI and more. The operating system allows you to use the ZFS file system, although it also supports software RAID, in addition, it has the ability to encrypt entire disks to protect private information. XigmaNAS can be installed on a micro SD card, flash drive or on an SSD / HDD without problems.

    XigmaNAS also allows us to install additional software, specifically all the software from the FreeBSD repositories, and we can even virtualize operating systems inside, since it has an integrated Virtual Box, that is, if you want or need to use Windows or Linux to perform some task, you will be able to install it virtualize it without problems.

    Finally, as for the graphical user interface, in our opinion it is quite simple, much simpler than that of FreeNAS. However, this graphic interface is functional and is really fast, although its design is quite old since it has been years without having a full face wash.

    We recommend you visit the official website of XigmaNAS where you will find all the information about this operating system.
    OpenMediaVault (OMV): based on Debian

    OpenMediaVault is the favorite NAS server-oriented operating system for Debian lovers, as this OMV is based on the popular Debian distribution, so you will feel at home if you have used it before.

    OpenMediaVault incorporates a graphical user interface via the web that will allow us to configure in an advanced way the main network services, such as Samba, FTP, FTPES, SSH, SFTP, Rsync and much more, and we will also have a BitTorrent client and we will even have the possibility of installing additional software, of course, software downloaded directly from Debian repositories, so the possibilities are almost unlimited.


    OpenMediaVault does not have ZFS, but it does incorporate the possibility of configuring a RAID via software. If you think you don't need all the benefits of ZFS, this operating system is a very good option to reuse your computer and turn it into a NAS server. In addition, it is compatible with Raspberry Pi and other boards, since it supports ARM architecture.

    We recommend you visit the official OpenMediaVault website where you will find all the information about this operating system.
    XPEnology: Synology's operating system on any computer

    XPEnology is a bootloader that will allow us to boot the Synology operating system (DiskStation Manager or also known as DSM), in such a way that we will have the Synology NAS operating system, in a normal and current computer, without using your hardware

    The features of DSM using XPEnology are exactly the same as on a NAS server, we recommend you access the official XPEnology website where you will find all the information on how to download this bootloader, how to install it, how to run DSM and much more.
    Continue Reading
    Kali Linux 2020: news and download of this distribution of ethical hacking


    When we talk about Kali Linux, we mean one of the most important and best known ethical hacking suits worldwide. It offers a wide range of possibilities to users and that makes each new version make many are attentive to their news. In this article we echo thenews of Kali Linux 2020, as well as explain how we can download this Linux distribution.










    As often happens with each new update, whatever the type of program or system, they bring improvements. These improvements translate into new functions or tools that make the day-to-day life of users benefit. But you also have to keep in mind that with each new version, present problems are corrected.

    Kali Linux allows users to perform different ethical hacking tests. Now they have a series of novelties that make this Linux distribution even more attractive. We are facing the third update of this current version. We will comment on the most important changes.

    What's new in Kali Linux 2020

    One of the novelties of Kali Linux 2020 that we can mention is that they have started usingCloudflare CDN to host the repository and distribute content to users. This they do to improve the quality and speed of downloads.

    There are also changes regardingmetapackages. Now there is an additional and unique image called kali-linux-large-2020-amd64.iso.

    Kali Linux 2020 is not a great update that brings very significant changes, however ithas improved certain applications. For example we talk about tools like Burp Suite, HostAPd-WPE, Hyperion, Kismet andNmap. All of them have been updated to a new version and have included improvements.

    One of the significant changes in relation to applications is that it now includesAmass. It is a tool that security professionals can use to map the network and discover possible external threats. Now this tool comes standard with Kali Linux.

    For the rest, it should also be mentioned that improvements have been made in terms of failures and security errors. Corrections that, in short, make this new version safer.





    How to get Kali Linux 2020

    It should be mentioned that for those users who already have this distribution installed and have it updated they will not have much to do. They would simply have to run the root @ kali command: ~ # apt update && apt-and full-upgrade to make sure they have the most current version.
    For those users who do not have it installed or want to obtain the ISO for some reason, it is best to go to the official website . There you just have to go to the download section and download the version you want (64 bits, 32 bits ...).

    As we always say, it is important to download software from official and reliable sites. We must avoid doing it from third-party links that we don't really know who it belongs to and what could be behind it.

    In addition, having updated systems can bring important benefits. On the one hand we will have the most updated tools and thus obtain improvements in performance. However, security is also very important. Security vulnerabilities are corrected with each new update . Faults that can be exploited by cyber criminals and that have been patched.
    Continue Reading
    What is a CTF?













    Capture The Flag (CTF in English) is a computer security competition that allows learning issues related to computer security in a fun way. These types of skills are usually of two types. The CTF of the jeopardy type have challenges that, when resolved, give us a secret text called a flag or flag . This flag is nothing more than a text under a specific format (in this case FLAG = { characters-that-are-changing } ), and once found it will let us know that we solved the challenge. The junior CTF corresponds to this category.

    A second type of CTF is called attack-defense. In it, each team must defend a server or a network with vulnerable services from the rest of the teams.

    What is the junior CTF?

    It is an annual computer security competition in the form of a CTF aimed at people who want to take their first steps in the area of ​​computer security in a playful way.

    General CTF issues

    Categories & Challenges

    There are 6 possible categories: reverse engineering, forensics, web, SQL injection, cryptography and networks. The challenges are of increasing difficulty and the greater the difficulty of the exercise, the higher the score.

    Teams

    The challenges can be solved individually or by teams of up to 3 people.

    Platform

    Once a challenge has been resolved and the flag identified, this text should be entered on the platform where the challenges are downloaded and, if correct, the points will be automatically added to the team.

    Flag format
    The format of the flag of all challenges is FLAG = { characters-that-are-changing }

    they are 32 hexadecimal characters.

    The text-changing- always has 32 hexadecimal characters regardless of upper or lower case. An example FLAG would be: FLAG = {0123456789abcdef0123456789abcdef}
    Awards
    1st prize tickets to the Ekoparty and Kit Raspberry Pi.
    2nd prize tickets to the Ekoparty and Arduino Kit.
    3rd prize tickets to the Ekoparty.
    If a winning team has 3 members, each of them will take the indicated prize.

    Requirements

    • Bring computer.
    • We recommend that you have Virtualbox installed or the possibility of booting from a USB the image of Kali Linux .
    • Be physically present at OLX Argentina to participate (Miñones 2177, CABA, Argentina).
    • No previous knowledge in computer security is necessary. It will be useful to have general computer knowledge such as Linux environment management and basic programming.
    • Not work or have worked in the area of ​​computer security or have previously participated in a CTF, given the introductory nature of the event (except for the previous editions of the CTF Junior).
    Continue Reading
    top 10 Android Apps for Penetration Testing

    Android Apps for Penetration Testing




    Androwarn tool scans and detects harmful files in Android applications.

    Androl4b doing reverse engineering applications through the Default device is installed on the device to analyze applications.

    Mobile-Security-Framework MobSF This tool is used in the API analysis of open source applications and detect security vulnerabilities by.

    Vezir Project is an imaginary system penetration test and analysis software and malicious applications that are hacked phones.

    MARA Tool If you are interested in the field of reverse engineering this tool will do the job through your tasks.

    FSquaDRA this tool scans Android applications and detect malicious packets to the phone by reading the application algorithm.

    CFGScanDroid role of this tool is to examine (CFG) signatures for open source applications and are also detects malicious applications within devices.

    RiskInDroid Tool The role of this tool is to examine the powers of applications within the device and also to detect applications with sensitive powers that threaten the safety of devices.

    AndroTickler A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during their pentesters.

    Android_Penetration_Testing_script This is a shell script for automating the android Penetration testing Process
    Continue Reading
    xss sheet

    XSS attacks are talked about beyond the reflected and persistent types. It is intended to provide a broader vision of the possibilities within these types of attacks as well as the conditions for them to occur. It also explores and the operation of the XSSertool for launching attacks of this type.













    Introduction

    Cross Site Scripting (XSS)

    • XSS vulnerabilities encompassed any attack that allows executing scripting code in the context of another website. 
    • They can be found in any application whose final objective is to present the information in a web browser.
    • Usually, the input data that is used in some applications is not correctly validated, allowing a malicious script to be sent to the application.
    • To function they need an entry point, which is usually the forms. 
    • Through an XSS attack, you can hijack accounts, change user settings, access restricted parts of the site, modify site content, etc.

    Types of XSS attacks

    Direct Attacks
    • The direct attack of XSS (also called persistent XSS ), occurs when the attacker manages to embed malicious HTML code, directly on the websites that allow it.
    • It works by locating weaknesses in the programming of HTML filters, if they exist, to publish content.
    • This type of attack is usually the most common, and the code of the attacker is based on HTML tags (of the type or
    • The result shows a window with the text "hello-world".
    • This vulnerability is usually used to steal sessions and phishing.


    XSSer DESCRIPTION

    It is a framework that allows:
    • Detect vulnerabilities of type XSS
    • Explore these vulnerabilities locally or remotely.
    • Report in real time the vulnerabilities found.
    Among its main features include:
    • Graphic interface
    • Dorking
    • Support for GET and POST (this is important since in tools treated in previous articles only injections with GET could be performed).
    • Crawling
    • Proxy
    • Heuristic analysis
    • Preconfigured Exploits
    • Export options
    • Different bypassers to evade filters
    Types of injections allowed:
    • Classic XSS (code execution in an embedded script)
    • Cookie Injection
    • Cross Site “Agent” Scripting
    • Cross Site “Refer” Scripting
    • Injections in “Data Control Protocol” and “Document Objetct Model”
    • HTTP Response Splitting Induced


    EXAMPLES OF USE

    • Basic injection
    xsser -u “victima.com”
    • Automatic injection (test all vectors)
    xsser -u “victima.com” --auto
    • Injection with custom payload
    xsser -u “victima.com” --payload = ”> 
    • Local Exploitation
    xsser -u “victima.com” --Fp = “ 
    • Remote operation
    xsser -u “victima.com” --Fr = ” 
    • Dorking use
    xsser -d “inurl: admin / echo” --De “google” --Fp = ” 
    • Use of HTTP Refer proxy and header spoofin
    xsser -u “victima.com” --proxy http: // localhost: 8118 --refer “666.666.666.666”
    • Use of hexadecimal encoding

    xsser -u “victima.com” --Hex

    • Multiple injection with 5 wires and coding with mutation
    xsser -u “victima.com” --Cem --threads “5”
    • Use of crawler with depth 3 and 4 pages
    xsser -u “victima.com” -c3 --Cw = 4
    • Exploitation through POST
    xsser -u "victima.com" -p "target_host = name & dns-lookup-php-submit-button = Lookup + DNS"

    XSSER GTK

     It is a somewhat more intuitive option to use XSSer.



    The tool starts with:

    xsser --gtk
     
    Thanks to the use of the “Wizard Helper”, guided operation can be carried out much more easily than by command line

    TYPES OF XSS ATTACKS

    When talking about XSS, the two most basic types are usually in mind: reflected or persistent; 

    DOM XSS

    Take advantage of a modified active content to take control of a DOM, which allows you to control the flow of that object, but always through its API. 

    XSF

    It uses the Actionscript language used to program flash applications with the intention of loading unwanted elements on the page. 

    CSRF

    It is an exploitation option that uses a second web to launch the attack on the vulnerable web. 

    XFS

    Malicious code is injected into an iframe that will be injected hiddenly in the vulnerable web.

    XZS

    Achieve an escalation of zone privileges in IE due to a vulnerability. 

    XAS

    It allows to carry out the attack thanks to the modification of the value of “User-Agent” in the header of a web application. 

    XSSDoS

    Use a for-type instruction within a script embedded in the page to prevent users from accessing the content. 

    Flash! Attack

    Another Flash-based attack that uses Macromedia Flash Plugin and Active X Control to inject malicious codes. 

    Induced XSS

    Unlike the other XSS attacks, this attack is carried out on the server side. 

    Image Scripting

    It exploits the reading of the binary parameters of an image by a server that has not been adequately protected. 

    PostHeaderIcon XSSF - Cross Site Scripting Framework




    Continue Reading
    GitHackTools - The best Hacking and PenTesting tools installer on the world


    About GitHackTools: GitHackTools is a the best Hacking and PenTesting tools installer on the world. BruteDum can work with any Linux distros or Windows version if they support Python 3.



    Features of GitHackTools

    • Friend-ly Command Line Interface
    • A huge number os hacking tools
    • Support Windows and Linux, or orther OS. Better support on Debian or Arch Linux
    • Move to orther category with 1 command
    • ...

    GitHackTools installation on Linux
       You must install Python 3 and make first:

    • For Arch Linux and its distros: sudo pacman -S python3 make 
    • For Debian and its distros: sudo apt install python3 make 
         And then, open Terminal and enter this command:


    GitHackTools installation on Windows


    Download and runPython 3.7.x setup file from Python.org. On Install Python 3.7, enableAdd Python 3.7 to PATH 


    Download and runGit setup file  from Git-scm.com and chooseUse Git from Windows Command Propmt. 

       After that, openPowerShellorCommand Propmt and enter these commands:


     If you don't want to install Git, you can download githacktools-master.zip, extract and use it.

    GitHackTools screenshots
    GitHackTools
    GitHackTools Home page on Parrot Security OS
    GitHackTools Home page on Manjaro KDE
    GitHackTools Home page on Windows 10
    GitHackTools
    A2SV Installer on GitHackTools
    GitHackTools
    Metasploit Installer on GitHackTools


    Note: This tool may not install well with some tools on some Linux distros. Please tell me about your problems on Issues. Thanks!
    • Add more tools.
    • Add more features and commands.
    • More friend-ly.
    • Fix bugs if they are exist.
    • (Help me please)



    To-do list:
    Continue Reading