Hi All As you all know these days many organisation using VPN Quite Actively so we will take a quick look on penetration testing Virtual Pri...
Hi everyone it really Feel great that Vivek RamaChandran Sir has done an awesome video series of wifi security which makes you clear on most...
Hello here i come with a small trick but quite useful it can make your website safe from kiddie hackers :P. some time actually new born hack...
uhh...hi everyone after a long days i have started posting tut so lets get started today we will be installing nessus scanner on backtrack a...
hi everyone this is one more post on another web vulnerability scanner tool.so this time we will be discussing more about a tool known as Ve...
Hi everyone this is a one more post on web scanner that is actually best on its Business For LFI (Local File Inclusion) And Remote File Incl...
Hi everyone as we all know there are numbers of web application scanner present on backtrack os so i will be covering most of the scanner in...
hello every one this is a small post where i will discuss finding sub domain name of a target website. So what exactly subdomain name ..its...
Hi everyone after a long day here is one of my post on mobile security ...as the dayz progressing people are getting much friendly with doin...
HI every one today i am going to explain you ho you can hack remote pc using social engineering tool kit present in backtrack. so lets do i...
SoHi In my Previous i posted about COMMONLY FOUND ENCRYPTED PASSWORD HASH AND SALTS Now we Will discuss what tools are used for cracking th...
This post basically gives you a real life idea of few commonly found encrypted .so let me make you understand why this encryption is needed ...
Xenotix XSS Exploit Framework V4 A Perfect Tool For Xss Exploiting | Advance XSS Detecting Frame work
Hi everyone today i am going give you a brief explanation on Xenotix Tool It is a tool specially crafted for detecting XSS And Exploiting th...
Hello friends after a long day gap today i am going to post a small tutorial on how you can hack the modem devices. So Lets Begin This vuln...
This post is basically installing kali Os On Android Devices.Now Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, They've built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android. In fact, the developers of Linux Deploy have made it extremely easy to get any number of Linux distributions installed in a chroot environment using a simple GUI builder.
CONFIGURING LINUX DEPLOY FOR KALI
There’s actually very little to be done to get Kali installed. By choosing Kali Linux in the “Distribution” tab, you’ve pretty much covered the important stuff. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.
BUILDING THE KALI IMAGE
Once you are happy with all the settings, hitting the “install” button will start a Kali Linux bootstrap directly from our repositories. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.
STARTING UP YOUR CHROOTED KALI
Once the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automatically done by hitting the “start” button. You should see Linux Deploy setting up your image with output similar to the following:
At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case, 10.0.0.10).
LOGGING IN TO YOUR CHROOTED KALI
Now you can use either a SSH or VNC client to access your Kali instance. The VNC password is “changeme” and the SSH credentials are “android” for the username (configured via Linux Deploy) and “changeme” as the password.
muts@slim:~$ ssh email@example.com
Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l
Kali GNU/Linux 1.0 [running on Android via Linux Deploy]
android@localhost:~$ sudo su
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/loop3 4180944 667268 3304012 17% /
tmpfs 952708 80 952628 1% /dev
tmpfs 952708 0 952708 0% /dev/shm
root@localhost:/home/android# apt-get update
Hit http://http.kali.org kali Release.gpg
Hit http://http.kali.org kali Release
Hit http://http.kali.org kali/main Sources
Hit http://http.kali.org kali/contrib Sources
Hit http://http.kali.org kali/non-free Sources
Hit http://http.kali.org kali/main armel Packages
Hit http://http.kali.org kali/contrib armel Packages
Hit http://http.kali.org kali/non-free armel Packages
Ign http://http.kali.org kali/contrib Translation-en_US
Ign http://http.kali.org kali/contrib Translation-en
Ign http://http.kali.org kali/main Translation-en_US
Ign http://http.kali.org kali/main Translation-en
Ign http://http.kali.org kali/non-free Translation-en_US
Ign http://http.kali.org kali/non-free Translation-en
Reading package lists... Done
If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.
LOCAL VNC CONNECTIONS
this is just a try couple of VNC clients to get one to work properly. Although controlling Kali through a local VNC client isn’t the most convenient of tasks, it certainly is possible. However, we suspect that most people will be SSH’ing into this instance. The picture below was overlayed with a Kali Linux desktop screenshot taken from a Galaxy S4.
So Install it and Have fun :).
This post is basically installing kali Os On Android Devices.Now Getting Kali Linux to run on ARM hardware has been a major goal for us sin...
As you know these days many sites(like facebook,gmail...etc) use sms verification...so why is this sms verication?
So now we will be learning how can we bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, Google restricted and you can’t create more account. so we can create counter less gmail accounts using following steps.
This method is very useful to Bypass SMS verification and useful when you need to Sign up any account and do not feel comfortable to giving your real number or if you want to create multiple account.
So to bypass these verification follow these steps :
SO i believe this process is very easy to follow.
Hello everyone this is a small trick that has been used by many hackers to bypass phone / log in sms verification. As you know these days m...
file that we have created ,whether it is working or not ...not only this some time we do need to share file with our other windows machine.
At First Open the console and type these commands
Now the folder is created on path var->wwww->share what ever you need to share just put the content on that folder and simply type
Now to access any file that you have put-ed on share folder simply type your Ip/share that is
you will get the content simply download and have fun ...
So directly if you want your created exploit to upload you can type following command in backtrack.
cp /root/.msf4/data/exploits/* /var/www/share
It will be uploaded on server thank you for visiting do share,comment,likes :)
Hi every one this is a small article that helps a lot during any penetration testing ..some time we do need to share file with other to test...
So What is NMAP ?
Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap accounts for the network conditions during the run.
Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed
NMAP can determine the
Nmap runs on Linux,Microsoft Windows,Solaris,HP-UX and BSD Linux is the most popular Nmap platform with Windows following it closely
Top Features of NMAP
Nmap features include:
Hackers COMMANDS OF NMAP
Open ur Console in backtrack/kali and type all the commands and see their working and do connect to internet also :)
* typenmap and press enter :: to see all the commands of nmap
** Now how to scan ips in range and to see how many are alive :: command is
nmap -sP 192.168.254.0/24
*** Now how to scan ip in a specific range :: command is
nmap -sP 192.168.254.99-106
like we are scanning ip from 99 to 106
**** Now we will do stealth scan to see how many ports are open on the specific ip :: command is
nmap -sS 192.168.254.102 and press enter
***** Now to find what operating system running on the ip address :: command is
nmap -O 192.168.254.102
****** Now to scan for TCP connect :: command is
nmap -sT 192.168.254.102
******* Just a null scan to check whether ip is alive or not :: command is
nmap -sN 192.168.254.102
******** Now to scan for UDP connect :: command is
nmap -sU 192.168.254.102
********** To scan for IP Protocol :: command is
nmap -sO 192.168.254.102
*********** To check ACKNOWLEGMENT (ACK) :: command is
nmap -sA 192.168.254.102
************* To scan for which windows is running :: command is
nmap -sW 192.168.254.102
I believe that is what i know but still if i am miss some command do comment.Thank you
After along day gap lets start discussing some crispy tool yes it is hacker's love nmap that helps a lot in making things impossible pos...
on bypassing web application firewall.
WAF stands for Web Application Firewall. In order to prevent the attacks such as SQLi and XSS, administrators put Web Application Firewalls. These WAFs detect malicious attempts with the use of signature based filters and escapes defined within a list of rules. As a result of this design, they are vulnerable and can be easily bypassed.
How it works??
When the WAF detects malicious attempts, our input URL gives a forbidden error as shown in the following figure.
Our aim is to bypass this error and need to retrieve data from the database using some special techniques. There are many methods to bypass WAF.but right now we will discuss a small trick beginner friendly here .
Comments allow us to bypass a lot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query.
http://vulnerablesite.com/detail.php?id=44 union all select 1,2,3,4,5—
By passed Sqli
http://vulnerablesite.com/detailphp?id=44 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3,4,5—
Capitalization Of Functions:-
Some WAF’s will filter only lowercase alphabets, So we can easily evade this by case changing.
http://vulnerablesite.com/detail.php?id=44 UNION SELECT 1,2,3,4,5—
Query to bypass the WAF
http://vulnerablesite.com/detail.php?id=-1 uNiOn SeLeCt 1,2,3,4,5—
Some WAF's will escape certain keywords such as UNION, SELECT, ORDER BY, etc. This can be used to our advantage by duplicating the detected word within another.
http://vulnerablesite.com/detail.php?id=-1 UNION SELECT 1,2,3,4,5—
Query to bypass the WAF
http://vulnerablesite.com/detail.php?id=-1 UNIunionON SEselectLECT 1,2,3,4,5--
Hope You like this small tutorial.
Hello Friends as i previously spooked many times about sqli which is one of the common attack on website so today i am revealing one more tr...
So here is a series of video tutorial that will teach you how to hack as well as how to secure android application.
as well as building environment for security auditing.
Here are the tutorials.
About Android Hacking And Pentesting Video Series
Brief Introduction to Android and its Architecture
Chandrakant Nial:If You need the pdf file of (Brief Introduction to Android and its Architecture)i will send you, comment below your mail address.
comment below or drop email at firstname.lastname@example.org for any further query and doubt.
Hi everyone as the days progresses we need to smart enough to know about what you are holding on your hand that is a smart phone which is ru...