Posts

Android Security

Santoku : Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

Some nice articles on bug bounty πŸ“°

πŸ”—10degres.net    by    Gwendal Le Coguic
πŸ”—agarri.fr    by    Nicolas GrΓ©goire
πŸ”—geekboy.ninja    by    geekboy

SQL Injection Overview

πŸ”§ XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities, written in Python

Check browser fingerprinting/Leaks πŸ”

Is your browser safe against tracking : Check Here [panopticlick]

Check your identity after connecting a VPN : vpninsights    and    Dnsleaktest

An Overview of HoneyPots

Install VirtualBox Guest Additions in

Add this to /etc/apt/sources.list:

deb http://http.us.debian.org/debian sid main non-free contrib

Update repositories and install package

sudo apt-get update
sudo apt-get install virtualbox-guest-dkms

Some web site to learn and test Hacking skills πŸ”°

Nmap essential tips

-ATo enable OS and version detection, script scanning-T4For faster execution,prohibits the dynamic scan delay from exceeding 10 ms for TCP ports-VTo see which engines are supported-sSScan using TCP SYN scan-sUScan UDP ports-snPing Scan - disable port scan-pScan specified ports-g/--source-portUse given port number-PS/PA/PU/PY[portlist]TCP SYN/ACK, UDP or SCTP discovery to given ports-PE/PP/PMICMP echo, timestamp, and netmask request discovery probes

Examples:

Intense Scan
nmap -T4 -A -v 10.10.10.63

Regular Scan
nmap 10.10.10.63

Quick scan
nmap -T4 -F 10.10.10.63

Intense Scan plus UDP 
nmap -sS -sU -T4 -A -v 10.10.10.63

Intense Scan with all TCP port
nmap -p 1-65535 -T4 -A -v 10.10.10.63

Comprehensive scan [Slow]
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 10.10.10.63


Complete Reference https://nmap.org/book/man.html

Information gathering - Website Links 😈

✋ Please use at your own risk, We are not responsible for any direct or indirect damage caused due to the usage of the information's provided on this site ✋ πŸ˜Ž

❇️Grabify IP Logger : Grab someone's IP address by sending him/her a link, using Banner grabbing technique

❇️  Z-Shadow : offers free phishing pages of all major websites,

Cyber Security communities πŸ‘₯

πŸ’» Hackerspaces
πŸ’» Null
πŸ’» Defcon
πŸ’» Blackhat
πŸ’» Securitybsides
πŸ’» OWASP
πŸ’» SANS
πŸ’» Offensive-security
πŸ’» Pentesterlab
πŸ’» Cybrary
πŸ’» Rapid7
πŸ’» Bugcrowd
πŸ’» Hackerone
πŸ’» 0x00sec

Shell Scripting: Overview

Shell : Command Line Interface

It's allow users to execute commands and scripts

Script: Series of commands in a file

Bash : Bourne again shell

Some of the tools that used in Mr.robot :)

DeepSound: A tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS

Mimikatz is a great post-exploitation tool written by Benjamin Delpy (gentilkiwi). After the initial exploitation phase, attackers may want to get a firmer foothold on the computer/network. Doing so often requires a set of complementary tools. Mimikatz is an attempt to bundle together some of the most useful tasks that attackers will want to perform.

Linux Terminal Commands

System Infodate – Show the current date and timecal – Show this month's calendaruptime – Show current uptimew – Display who is onlinewhoami – Who you are logged in asfinger user – Display information about useruname -a – Show kernel informationcat /proc/cpuinfo – CPU informationcat /proc/meminfo – Memory informationdf -h – Show disk usagedu – Show directory space usagefree – Show memory and swap usage Keyboard ShortcutsEnter – Run the commandUp Arrow – Show the previous commandCtrl + R – Allows you to type a part of the command you're looking for and finds itCtrl + Z – Stops the current command, resume with fg in the foreground or bg in the backgroundCtrl + C – Halts the current command, cancel the current operation and/or start with a fresh new lineCtrl + L – Clear the screencommand | less – Allows the scrolling of the bash command window using Shift + Up Arrow and Shift + Down Arrow!! – Repeats the last commandcommand  !$ – Repeats the last argument of the previous commandEs…

Prank virus with notepad

Copy bellow code snippet to notepad and save as vbs file


X=MsgBox("Error while opening Computer. Do you want to Fix this Error?",4+64,"Computer")X=MsgBox("Unable to Fix this Error. Do you want to scan this Computer",3+48,"Computer")X=MsgBox("Alert ! Virus Detected. Delete Virus? ",3+16,"Alert!")X=MsgBox("Unable to delete this Virus",1+64,"Critical Error")X=MsgBox("Virus Is activated",2+16,"Alert")X=MsgBox("Deleling System Files.....",2+16,"File Deletion")X=MsgBox("Virus is copying your password.....",2+48,"Virus Alert")X=MsgBox("Please Wait, Uploading your data to Server. Do you want to Stop it",4+64,"File Transfer")X=MsgBox("Could not stop. File Transfer Completed",1+16,"Completed")X=MsgBox("Your Computer is Hacked",0+64,"Alert")X=MsgBox("HAHA This was Prank",0+64,"Fooled Y…

Remove Windows 10 Update notification

Open Task manager Find Process GWX and End task Go to Windows Update and search for Go to Windows Update and search for KB3035583 uninstall that update

Some useful tools for pentesters

dirb

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects.
eg: dirb http://192.168.1.224/ /usr/share/wordlists/dirb/common.txt

Basic Linux Tips

Simple way to change root's Home with environments

sudo su -

┌─[elliot@parrot]─[~]
└──╼ $whoami
elliot
┌─[elliot@parrot]─[~]
└──╼ $sudo su -
[sudo] password for elliot:
┌─[root@parrot]─[~]
└──╼ #whoami
root
┌─[root@parrot]─[~]
└──╼ #


Run/Installation

.run

chmod 755 FileName.run
./FileName.run


.sh

bash FileName.sh

.deb

dpkg -i FileName.deb


Open any file in it's default application

xdg-open <file_name>


Linux Permission types


NumberPermission TypeSymbol0No Permission---1Execute--x2Write-w-3Execute + Write-wx4Readr--5Read + Executer-x6Read +Writerw-7Read + Write +Executerwx


How to Create/Add a key in linux