Friday, May 22, 2020

WiFiJammer: Amazing Wi-Fi Tool


The name sounds exciting but really does it jam WiFi networks? Yes, it is able to do the thing which it's name suggests. So today I'm going to show you how to annoy your friend by cutting him/her short of the WiFi service.

Requirements:


  1. A computer/laptop with WiFi capable of monitoring (monitor mode).
  2. A Linux OS (I'm using Arch Linux with BlackArch Repos)
  3. And the most obvious thing wifijammer (If you're having BlackArch then you already have it).


How does it work? You maybe thinking!, it's quite simple it sends the deauth packets from the client to the AP (Access Point) after spoofing its (client's) mac-address which makes AP think that it's the connected client who wants to disconnect and Voila!

Well to jam all WiFi networks in your range its quite easy just type:

sudo wifijammer



but wait a minute this may not be a good idea. You may jam all the networks around you, is it really what you want to do? I don't think so and I guess it's illegal.

We just want to play a prank on our friend isn't it? So we want to attack just his/her AP. To do that just type:

sudo wifijammer -a <<AP-MAC-ADDRESS>>

here -a flag specifies that we want to jam a particular AP and after it we must provide the MAC-ADDRESS of that particular AP that we want to jam.
Now how in the world am I going to know what is the MAC-ADDRESS of my friend's AP without disturbing the other people around me?
It's easy just use the Hackers all time favorite tool airodump-ng. Type in the following commands:

sudo airmon-ng

sudo airodump-ng

airmon-ng will put your device in monitor mode and airodump-ng will list all the wifi networks around you with their BSSID, MAC-ADDRESS, and CHANNELS. Now look for your friend's BSSID and grab his/her MAC-ADDRESS and plug that in the above mentioned command. Wooohooo! now you are jamming just your friend's wifi network.

Maybe that's not what you want, maybe you want to jam all the people on a particular channel well wifijammer can help you even with that just type:

sudo wifijammer -c <<CHANNEL-NUMBER>>

with -c we specify to wifijammer that we only want to deauth clients on a specified channel. Again you can see with airodump-ng who is on which channel.

wifijammer has got many other flags you can check out all flags using this command that you always knew:

sudo wifijammer -h



Hope you enjoyed it, good bye and have fun :)

More articles


  1. Growth Hacking Sean Ellis
  2. Hacking News
  3. Growth Hacking Courses
  4. Que Es Un Hacker
  5. El Hacker
  6. Hacking 2019
  7. Hacking 2019
  8. El Libro Del Hacker
  9. Que Es Hacking Etico
  10. Hacking Madrid
  11. Programa Hacker
  12. Paginas De Hackers
  13. Hacking Netflix Account
  14. Ethical Hacking
  15. Kali Hacking
  16. Brain Hacking
Posted by at No comments:

Thursday, May 21, 2020

Top System Related Commands In Linux With Descriptive Definitions


Commands are just like an instructions given to a system to do something and display an output for that instruction. So if you don't know how to gave an order to a system to do a task then how it can do while you don't know how to deal with. So commands are really important for Linux users. If you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well.
In this blog you will get a content about commands of Linux which are collectively related to the system. That means if you wanna know any kind of information about the system like operating system, kernel release information, reboot history, system host name, ip address of the host, current date and time and many more.

Note:

If you know about the command but you don't have any idea to use it. In this way you just type the command, then space and then type -h or --help or ? to get all the usage information about that particular command like "uname" this command is used for displaying the Linux system information. You don't know how to use it. Just type the command with help parameter like: uname -h or uname --help etc.

uname 

The "uname" is a Linux terminal command responsible of displaying the information about Linux system. This command has different parameter to display a particular part of information like kernel release (uname -r) or all the information displayed by typing only one command (uname -a).

uptime

This command is used to show how long the system has been running and how much load on it at current state of the CPU. This command is very useful when you system slows down or hang etc and you can easily get the info about the load on the CPU with the help of this command.

hostname

The "hostname" is the the command in Linux having different parameters to display the information bout the current host which is running the kernel at that time. If you wanna know about the parameters of hostname command then you just type hostname --help or hostname -h to get all the info about the command and the usage of the command.

last reboot

The "last reboot" is the command in Linux operating system used to display the reboot history. You just have to type this command over the Linux terminal it will display the reboot history of that Linux system.

date

The "date" is the command used in Linux operating system to show the date of the day along with the current time of the day.

cal

The "cal" command in Linux used to display the calendar which has the current date highlighted with a square box along with a current month dates and days just like a real calendar.

w

The "w" is the command used in Linux distro for the sake of getting the information about current user. If you type this command it will display who is online at the time.

whoami

The "whoami" is the command in Linux operating system used to show the information that who you are logged in as. For example if you are logged in as a root then it'll display "root" etc.

finger user

The "finger user" is the command used in Linux distribution to display the information about user which is online currently over that Linux system.

Related articles
Posted by at No comments:

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Related links
Posted by at No comments:

Odysseus


"Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server." read more...

Download: http://www.bindshell.net/tools/odysseus


Related posts

  1. Master Growth Hacking
  2. Herramientas De Seguridad Informatica
  3. Hacking Etico
Posted by at No comments:

Wednesday, May 20, 2020

Top 10 Best Google Gravity Tricks 2018

Best Google Gravity Tricks 2018

Top 10 Best Google Gravity Tricks 2018

Google is the search engine where the people look up for the things. Yet apart from being only a search engine this website is highly functional and has a lot of functions dubbed inside it. And even the webmasters don't know about all the features as they are so vast that you need to explore lots of things to get to know about them all.  There are a number of gravity opposing tricks in the Google search page that you would like to enjoy. Well many of you guys must be new to this word as only 15% of Google users know this thing and for rest, I'm here to guide you up in this. Here in this article, we have written about the best google gravity tricks that you could ever find in this year. If you are interested to know about it then please read the main section of this post as it is given below. This was all the introduction part of this post and now after this line, we are going to skip to the main section. We recommend you to read till the end to get the fullest information from this page!

Top 10 Best Google Gravity Tricks 2018

Below I have mentioned some of the best tricks that I tried as I was getting bored and thought about exploring something new and then I searched Google Tricks on google and then I get to know that even these things are also possible on the Google. You can use so many different things to kill your boredom on Google. There I decided to note down these tricks and share the article with you so that you can also avail these. So follow the below guide to proceed.

#1 Google zero gravity level fall

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is the first trick that amazed me as when I get to know this thing can happen when I was really surprised as it was quite funny. It is a standout amongst the most astonishing google gravity trap. In this trap, the substance will appear like tumbling to a level surface. Every one of the substances like pictures, writings, and so on of your page will be upset. They will look somewhat bouncy and turned around that looks exceptionally energizing and stunning.

#2 Google Sphere

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is second best google gravity trap. In this trap, the substance rotates in a round way. Be that as it may, you will think that its little hard to deal with it since you need to chip away at turning writings.

#3 Google Loco

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This google gravity trap is much like the google zero gravity. You will see the substance as falling in a seismic tremor,

#4 Zerg Rush

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is one of my most loved google gravity trap. In this deceive you will see somewhere in the range of zeros spreading in your page. to utilize this trap Open Google.com and hunt Zerg Rush through utilizing the search bar.

#5 Google submerged

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is of the most attractive google gravity trap. In this deceive you will see a domain of submerged. You will see the pursuit bar coasting in the water.

#6 Do a barrel roll

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is likewise an astounding google gravity trap. In this deceive, you will get an impact to your page with which, your page will turn in a solitary minute.

#7 Google Guitar

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
This is additionally a stunning google gravity trap. In this deceive, you can play guitar on the web index. You can play your coveted tunes with it. Google will give you notes to your tunes.

#8 Google zero gravity reversal

Best Google Gravity Tricks 2018
Best Google Gravity Tricks 2018
This is one of the coolest Google gravity trap. In this deceive, you will get a perfect representation of your site page. You will feel like you are on the opposite side of the screen.

#9 Google space

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks That You Need To Try
In this google gravity deceive you encounter a dream of the room. It implies that the substance of your page will appear like gliding noticeable all around with no gravitational power.

#10 Pacman

Best Google Gravity Tricks That You Need To Try
Best Google Gravity Tricks 2018 That You Need To Try
This is the standout amongst the most energizing google gravity trap. With this deceive, you can play Pacman game in this.
Finally, after reading this article, you have got to know about. We have tried to provide you this content in the simple and easy to read wordings and hope that you would have easily got about everything written up here. We believe that you might like this article and if it is what you think then please try to share it with others too. Your indulgence in our post is really valuable to us, so do not miss to write about your opinions and suggestions regarding this article through using the comments section below. At last but never the least thanks for reading this article!

Related news


Posted by at No comments:

OSIF: An Open Source Facebook Information Gathering Tool


About OSIF
   OSIF is an accurate Facebook account information gathering tool, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), sensitive information about residence, date of birth, occupation, phone number and email address.

For your privacy and security, i don't suggest using your main account!

OSIF Installtion
   For Termux users, you must install python2 and git first:
pkg update upgrade
pkg install git python2

   And then, open your Terminal and enter these commands:   If you're Windows user, follow these steps:
  • Install Python 2.7.x from Python.org first. On Install Python 2.7.x Setup, choose Add python.exe to Path.
  • Download OSIF-master zip file.
  • Then unzip it.
  • Open CMD or PowerShell at the OSIF folder you have just unzipped and enter these commands:
    pip install -r requirements.txt
    python osif.py

 Before you use OSIF, make sure that:
  • Turn off your VPN before using this tool.
  • Do not overuse this tool.
  • if you are confused how to use it, please type help to display the help menu or watch the video below.

How to use OSIF?


More information


Posted by at No comments:

OWASP-ZSC: A Shellcode/Obfuscate Customized Code Generating Tool


About OWASP-ZSC
   OWASP ZSC is open source software written in python which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with Python 2 or 3.

   What is shellcode?: Shellcode is a small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes...

   You can read more about OWASP-ZSC in these link:
Why use OWASP-ZSC?
   Another good reason for obfuscating files or generating shellcode with OWASP-ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators. Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.

   Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.

   According to other shellcode generators same as Metasploit tools and etc, OWASP-ZSC  using new encodes and methods which antiviruses won't detect. OWASP-ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP-ZSC one of the best! During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX.

OWASP-ZSC Installation:
   You must install Metasploit and Python 2 or 3 first:
  • For Debian-based distro users: sudo apt install python2 python3 metasploit-framework
  • For Arch Linux based distro users: sudo pacman -S python2 python3 metasploit
  • For Windows users: Download Python and Metasploit here.
   And then, enter these command (If you're Windows user, don't enter sudo):
DISCLAIMER: THIS SOFTWARE WAS CREATED TO CHALLENGE ANTIVIRUS TECHNOLOGY, RESEARCH NEW ENCRYPTION METHODS, AND PROTECT SENSITIVE OPEN SOURCE FILES WHICH INCLUDE IMPORTANT DATA. CONTRIBUTORS AND OWASP FOUNDATION WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

An example of OWASP-ZSC
Related links
Posted by at No comments:

Tuesday, May 19, 2020

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their

via The Hacker News
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Read more


Posted by at No comments:

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

More info

  1. Como Empezar En El Hacking
  2. Rom Hacking
  3. Hacking Udemy
  4. El Hacker
  5. Amiibo Hacking
  6. Portatil Para Hacking
  7. Hacking Wifi Windows
Posted by at No comments:

Monday, May 18, 2020

ShellForge


"ShellForge is a python program that builds shellcodes from C. It is inspired from Stealth's Hellkit. Some wrapper functions arround system calls are defined in header files. The C program uses them instead of libc calls. ShellForge uses gcc to convert it into assembler. It then modifies it a bit, compiles it, extract code from the object, may encode it and add a loader at the begining." read more...
More articles
  1. Mind Hacking
  2. Hacking Net
  3. Servicio Hacker
  4. Hacking Tor Funciona
  5. Hacking Videos
  6. Que Estudia Un Hacker
  7. Mundo Hacker
  8. Hacking Attacks
  9. Growth Hacking Sean Ellis
  10. Hacking Tools
  11. Hacking Hardware Tools
  12. Como Aprender A Hackear
  13. Hacking Google Home Mini
  14. Hacking Etico Libro
Posted by at No comments:

RED_HAWK: An Information Gathering, Vulnerability Scanning And Crawling Tool For Hackers


About RED_HAWK: RED_HAWK is a all in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all pentesters and hackers.

RED_HAWK's features:
  • Basic ScanSite Title (NEW):
       IP Address
       Web Server Detection IMPROVED
       CMS Detection
       Cloudflare Detection
       robots.txt Scanner
  • Whois Lookup (IMPROVED)
  • Geo-IP Lookup
  • Grab Banners IMPROVED
  • DNS Lookup
  • Subnet Calculator
  • Nmap Port Scan
  • Sub-Domain Scanner IMPROVED:
       Sub Domain
       IP Address
  • Reverse IP Lookup and CMS Detection IMPROVED:
       Hostname
       IP Address
       CMS
  • Error Based SQLi Scanner
  • Bloggers View NEW
       HTTP Response Code
       Site Title
       Alexa Ranking
       Domain Authority
       Page Authority
       Social Links Extractor
       Link Grabber
  • WordPress Scan NEW
       Sensitive Files Crawling
       Version Detection
       Version Vulnerability Scanner
  • Crawler
  • MX Lookup NEW
  • Scan For Everything - The Old Lame Scanner
List of CMS Supported on RED_HAWK
   RED_HAWK's CMS Detector currently is able to detect the following CMSs (Content Management Systems) in case the website is using some other CMS, Detector will return could not detect.
  • WordPress
  • Joomla
  • Drupal
  • Magento

RED_HAWK Installation
   How To Configure RED HAWK with moz.com for Bloggers View Scan?
   All set, now you can enjoy the bloggers view.

How to use RED_HAWK?

Known Issues of RED_HAWK
   ISSUE: Scanner Stops Working After Cloudflare Detection!
   SOLUTION: Use the fix command (for Debian-based distros) or manually install php-curl and php-xml.

   Watch the video to see how to solve that isuue:

Support and Donations
   Found RED_HAWK cool? Well you could buy a cup of tea for the author ๐Ÿ˜‰ Just send any amount of donations (in Bitcoin) to this address: 1NbiQidWWVVhWknsfPSN1MuksF8cbXWCku

   Can't donate? well that's no problem just drop a "THANK YOU, AUTHOR" this will motivate me to create more exciting stuffs for you ๐Ÿ˜‰

TODOs for RED_HAWK:
  • Make a proper update option ( Installs current version automatically )
  • Add more CMS to the detector
  • Improve The WordPress Scanner ( Add User, Theme & Plugins Enumeration )
  • Create a web version of the scanner
  • Add XSS & LFI Scanner
  • Improve the Links grabber thingy under bloggers view
  • Add some other scans under the Bloggers View



Continue reading


Posted by at No comments:
Subscribe to: Comments (Atom)