Follow by Email

Search This Blog

Youtube Videos

Featured post

SocialFish V3 - The Ultimate Phishing Tool

SocialFish V3 - The Ultimate Phishing Tool Educational Phishing Tool & Information Collector Setting Up SocialFish Prerequis...

Recent PostAll the recent news you need to know

How to install Pupy

How to install Pupy
Pupy is an open source tool for cross-platform remote administration (Windows, Linux, OSX, Android are supported as “clients”) and subsequent exploitation (post-exploitation). Written mostly in Python.


    Simply put, this program, which can create backdoors for different systems, perform actions for attaching to remote systems, perform exploits to collect data, increase the privileges of downloading and uploading files, capture the screen, capture keystrokes, etc. as well as other similar tools, also perfectly is suitable for legitimate remote administration of systems.
    • Potential Pupy Uses:
    • Safety studies
    • Education
    • Penetration Testing
    • System administration
    • Privacy projects focused on python, requiring minimal interaction with persistent storage (so as not to leave traces on the hard disk)
    • And other…
    This is one of several articles about Pupy in which the installation is described step by step. The following articles will discuss the principles of the program, basic concepts, practical examples of use.

    Things to do After Installing Ubuntu 19.04


    As you may know, Ubuntu is the most popular distribution and the developers are trying to make it so that users do not need to spend a lot of time on settings, there are still many things that are missing by default.
    This article will look at setting up Ubuntu after installation, let's look at adding repositories, setting up the shell, and installing the most needed programs.

    how to install Ubuntu on VirtualBox

    In many cases, it is more convenient to configure a virtual machine and install the necessary programs on it than to do it on a real computer. First, when installing on a “clean” virtual machine, there is a greater chance that everything will pass without errors, since There will be no conflicts with already installed programs. Secondly, the virtual system can be easily “rolled back” to the previous state if something went wrong. Thirdly, all virtual machine data is stored as files on your computer, so it is easy to copy it somewhere else and, for example, take it with you on a business trip to work on any real computer in a familiar virtual environment. Fourthly, virtually any operating system (OS) can be installed on a virtual machine, including one that does not coincide with the system installed on your computer.

    How to use SQL injections to execute OS commands and to get a shell

    One of the main goals of almost any hacking is to get a shell (access to the command line) to execute system commands and eventually master the target computer or network. SQL injections are usually associated only with databases and the data that they contain, but in fact they can be used including to get the shell. In this tutorial, we will use SQL injection to exploit a simple vulnerability to get the ability to execute commands, resulting in a reverse shell on the server.
    SQL injections

    To perform the attack, we will use Kali Linux and a specially created virtual machine with vulnerabilities - DVWA http://www.dvwa.co.uk/. If you are new to Kali, then we recommend that you work through our Kali configuration and security guidelines to ensure that your system is ready for the tasks in this article.

    How to list NetBIOS shares using the NBTScan and Nmap Script Engine

    NetBIOS is a service that provides network connectivity and is often used to join a domain and legacy applications. This is a rather old technology, but it is still used in some software environments. And since this is an unprotected protocol, quite often it can be the starting point for an attack on a network. A good start would be to scan NetBIOS shares using the NBTScan and Nmap Script Engine.
    NetBIOS shares

    To accomplish this task, we will use our target machine as Metasploitable 2- a virtual machine with vulnerabilities intentionally created in it. We will attack it with Kali Linux, a distribution for hackers and pentesters.


      NetBIOS Overview

      NetBIOS literally means “Basic Network Input / Output System”. It is a service that allows computers to communicate with each other over a network. However, NetBIOS is not a network protocol, but an API. It works on top of TCP / IP protocols using the NBT protocol, which allows it to work in modern networks.

      NetBIOS provides two basic methods of communication. The datagram service allows you to communicate over a network without establishing a connection, which is ideal for situations where fast data transfer is important, for example, when generating errors. Session service, on the other hand, allows two computers to establish a connection to provide more reliable communication. NetBIOS also provides name services that deal with name resolution and network registration.

      The main method of exploiting NetBIOS hackers is poisoning attacks. Their essence lies in the fact that the attacker being in the network, disguised as another machine in order to control and redirect traffic. At this stage, the hacker can also obtain the hashed user credentials in order to subsequently crack them.

      how to install rtl8812au driver

      In order for dual-band WiFi adapter with the rtl8812au drive  to be used in the Kali Linux , you need to install the driver.
      rtl88xxau-aircrack-dkms-git

      Although there are few WiFi adapters that can be put into Monitor mode, those that use RealTek's RTL88xxAU chipset are particularly well known as "capable".

      however the driver need to be installed in Kali Linux to work and to be able to start monitor mode,
      to do so please follow this tutorial step by step..

      ifconfig Command examples

      The ifconfig command has been used for a very long time to configure the network in Linux operating systems. With it, you can enable or disable network interfaces, configure their settings, switch modes, and more. Then the ip utility was developed that contains more functions and has a completely different syntax.
      ifconfig-command

      But many users are used to using ifconfig, especially since its syntax is simpler.
      Installing ifconfig
      With the advent of the ip utility, ifconfig has been removed from many distributions. But for the most part it still comes by default. Installing ifconfig in Ubutnu is done with the command: Now type popd to return to the previous directory:
      sudo apt install net-tools
      In Arch Linux:
      sudo pacman -S net-tools
      ifconfig Syntax
      The ifconfig utility has a very simple syntax when calling without parameters, it will return a list of network interfaces connected to the system and their characteristics, such as ip address, gateway address, packet size, frequency for wireless networks and other parameters. If you specify the interface and the necessary commands, you can change various interface settings. Here is the syntax itself:

      cd Linux Command

      When working in the terminal, all commands are bound to the current folder. Files will be created in it if the exact address has not been specified, temporary files can be created in it. And it is much more convenient to address files to a team from the current folder just by specifying the file name, and not the full path in the file system.
      cd linux command
      By default, the home folder is used as the current folder, but for more convenience we often have to change it to another. For this there is a command cd linux. In this short article we will look at how to use this command and what features it has.

      41 Linux Commands you Should know

      Linux terminal commands
      In all operating systems, including Linux, the term 'command' means either a command line utility or a specific feature built into the system shell. However, for the users themselves, this distinction does not really matter. In the end, both those and other Linux terminal commands are called the same. You enter a word in your terminal emulator and get the result of the command.
      linux-commands

      This article about Linux terminal commands, designed for beginners, those who are just taking their first steps in mastering Linux.
      Its goal is to build basic simple and complex Linux commands that every user should know in order to most effectively manage their system. For the convenience of memorizing command options, I added the words from which they originated in parentheses - so much easier, I checked it out for myself.

      I will try to cover all the most useful, something that can be useful in everyday life. To make it easier to read, we divide this list into categories of teams by purpose. Most of the utilities reviewed here do not require additional installation, they will be pre-installed in any Linux distribution, and if they are not, then they are easy to find in the official repositories.


        Linux File management commands

        1. ls Command
        Utility to view the contents of directories. By default it shows the current directory. If you specify a path in the parameters, it lists the contents of the destination directory. Useful options are -l ( L ist) and -a ( A ll). The first formats the output in the form of a list with more detailed information, and the second includes the display of hidden files.
        ls -l file1
        LS Command

        2. cat Command
        Prints the contents of the file passed in the parameter to standard output. If you transfer multiple files, the team will merge them. You can also redirect the output to another file using the '>' symbol. If you want to print only a certain number of lines, use the -n ( N umber) option .
        cat file.txt
        CAT Command

        3. cd
        Allows you to go from the current directory to the specified. If run without parameters, it returns to the home directory. A call with two points returns one level up from the current directory. The dash call (cd -) returns to the previous directory. More about Linux cd command here
        cd ..
        cd command

        4. pwd
        Prints the current directory. This can be useful if your Linux command line does not display this information. This command will be required in Bash programming, where a script is executed to get the directory reference.
        pwd
        pwd command

        5. mkdir
        Create new directories. The most convenient option -p ( P arents), allows you to create the entire structure of subdirectories with one command, even if they do not already exist.
        mkdir Kalitut
        mkdir -p sedicomm-files
        Mkdir command

        6. file
        Shows the type of file. In Linux, files are not required to always have extensions in order to work with them. Therefore, it is sometimes difficult for the user to determine what file is in front of him. This little utility solves the problem.
        file filename

        7. cp
        Copying files and directories. It does not copy default directories recursively (that is, all subdirectories and all files in subdirectories), so do not forget to add the option -r ( R ecursive) or -a ( A rchive). The latter includes the mode of saving attributes, owner and temporary stamp in addition to recursive copying.
        cp command

        8. mv
        Move or rename files and directories. It is noteworthy that in Linux it is the same operation. Renaming is moving a file to the same folder with a different name.
        mv command
        9. rm
        Deletes files and folders. A very useful Linux command: with it, you can remove all the clutter. If recursive deletion is required, use the -r option. However, be careful: of course, in order to damage the system you will need to seriously try, but you can delete your own important files. Rm does not delete the files in the basket, from which then everything can be restored, and completely erases. The actions of the rm operator are irreversible. Believe me, your excuses in the spirit of "rm ate my coursework" will not interest anyone.
        rm linux command
        10. chmod
        Changes file permissions. This is reading, writing and executing. Each user can change the rights for their files.
        chmod linux command
        11. chown
        Changes the owner of the file. Only the superuser can change the owners. For recursive change, use the -R option.
        chwon linux command
        12. find
        Search in file system, files and folders. This is a very flexible and powerful Linux command, not only because of its snoop abilities, but also due to the ability to execute arbitrary commands for the files found.
        find linux command
        13. locate
        Unlike find, the locate command searches the updatedb database for file name patterns. This database contains a snapshot of the file system, allowing you to search very quickly. But this search is unreliable, because you cannot be sure that nothing has changed since the last snapshot.
        linux locate command
        14. du
        Shows the size of the file or directory. The most useful options are -h ( H uman), which converts file sizes to an easily readable format, -s ( S ummarize), which displays a minimum of data, and -d ( D epth), which sets the depth of recursion in directories.
        du linux command
        15. df
        Disk Space Analyzer By default, the output is quite detailed: all file systems are listed, their size, amount of used and free space. For convenience, there is an -h option that makes dimensions readable.
        df linux command

        16.dd
        As stated in the official manual, this is the terminal command for copying and converting files. Not very clear description, but that’s all that dd does. You give it the source file, destination, and a couple of additional options. Then it makes a copy of one file to another. You can specify the exact size of the data to be written or copied. Works utility with all devices. For example, if you want to overwrite the hard disk with zeros from / dev / zero, you can do it. It is also often used to create LiveUSB or hybrid ISO images. More about dd command here

        17. mount / umount
        These are the Linux console commands to connect and disconnect Linux file systems. You can connect everything from USB drives to ISO images. And only the superuser has rights to do this.

        Linux console commands for text

        18. more / less
        These are two simple terminal commands for viewing long texts that do not fit on one screen. Imagine a very long command output. Or you called cat to view the file, and it took your terminal emulator a few seconds to scroll through all the text. If your terminal does not support scrolling, you can do it with less. Less is newer than more and supports more options, so there’s no reason to use more.
        more file.txt
        less file.txt

        19.head / tail
        Another pair, but here each team has its own scope. Head prints the first few lines from the file (head), and tail outputs the last few lines (tail). By default, each utility prints ten lines. But this can be changed with the -n option. Another useful option, -f, is short for f ollow (follow). The utility constantly displays changes in the file on the screen. For example, if you want to monitor the log file, instead of constantly opening and closing it, use the command tail -nf.
        Head linux command

        20. grep
        Grep, like other Linux tools, does one action, but does it well: it searches for text by pattern. By default, it accepts standard input, but you can search in files. A pattern can be a string or a regular expression. It can output both matching and non-matching lines and their context. Every time you execute a command that gives a lot of information, you do not need to analyze everything manually - let grep do its magic.
        • grep 'word' filename – Search any line that contains the word in filename on Linux
        • grep -i 'bar' file1 – A case-insensitive search for the word ‘bar’ in Linux and Unix
        • grep -R 'foo' . – Search all files in the current directory and in all of its subdirectories in Linux for the word ‘foo’
        • grep -c 'Kalitut' frontpage.md – Search and display the total number of times that the string ‘kalitut’ appears in a file named frontpage.md
        21. sort
        Sort lines of text according to various criteria. The most useful options are -n ( N umeric), by numeric value, and -r ( R everse), which flips the output. This can be useful for sorting du output. For example, if you want to sort files by size, simply connect these commands.

        22. wc
        A Linux command line utility for counting the number of words, lines, bytes, and characters.
        wc linux command

        23.diff
        Shows the differences between the two files in a line comparison. And only the lines in which differences are found are displayed. Changed lines are marked with a "c", deleted - "d", and new - "a".
        diff linux command

        Linux commands for managing processes


        24. kill / xkill/ pkill / killall 
        Serve to complete processes. But they take different parameters to identify processes. Kill need the PID of the process, xkill - just click on the window to close it, killall and pkill accept the process name. Use the one that is convenient in a particular situation.
        commands for managing processes

        25. ps / pgrep
        As already mentioned, to destroy a process, you need its identifier. One way to get it is the ps utility, which prints information about running processes. The default output is very long, so use the -e option to see information about a specific process. This is only a snapshot at the time of the call, and the information will not be updated. The ps command with the aux key displays complete information about the processes. Pgrep works like this: you specify a process name, and the utility displays its ID.
        ps linux commnad

        26. top / htop
        Both commands are similar, both display processes and can be used as console system monitors. I recommend installing htop if it is not supplied by default in your distribution, as this is an improved version of top. You can not only view, but also control the processes through its interactive interface.
        you can install htop with this command apt-get install htop
        htop linux command

        27. time

        Process execution time. This is a stopwatch to run the program. Useful if you are wondering how much your implementation of the algorithm is lagging behind the standard one. But, despite this name, it will not tell you the current time, use the date command for that.
        zsh
        time
        time command

        Linux user environment commands

        28. su / sudo
        Su and sudo are two ways to perform the same task: run the program on behalf of another user. Depending on your distribution, you probably use one or the other. But both work. The difference is that su switches you to another user, and sudo only executes the command on its behalf. Therefore, using sudo will be the safest way to work.

        29. date
        Unlike time, it does exactly what you expect from it: displays the date and time to standard output. It can be formatted according to your needs: display the year, month, day, set the 12 or 24 hour format, get nanoseconds or the week number. For example, date + "% j% V" will display the day in the year and the week number in ISO format.

        30. alias
        The command creates synonyms for other Linux commands. That is, you can make new teams or groups of teams, as well as rename existing ones. This is very useful for shortening long commands that you often use, or creating clearer names for commands that you use infrequently and cannot remember. More about alias command here

        31. uname command
        Displays some basic information about the system. Without parameters, it will not show anything useful except a line of Linux, but if you specify the -a ( A ll) parameter , you can get information about the kernel, the host name, and find out the processor architecture.
        uname command

        32. uptime unix command
        Tells you the running time of the system. Not very important information, but it can be useful for random calculations or just for the sake of interest, to find out how long the server was rebooted.
        uptime linux command

        33. sleep
        You are probably wondering how you can use it. Even without considering Bash scripting, it has its advantages. For example, if you want to turn off the computer after a certain period of time or use it as an impromptu alarm.
        sleep 10
        Delays for 10 seconds.

        Linux user management commands

        34. useradd / userdel / usermod
        These Linux console commands allow you to add, delete, and modify user accounts. Most likely, you will not use them very often. Especially if it is a home computer, and you are the only user. You can manage users using a graphical interface, but it's better to know about these commands just in case.

        35. passwd
        This command allows you to change the password of a user account. As a superuser, you can reset the passwords of all users, even though you cannot see them. Good security practice - change your password often.

        Linux commands for viewing documentation

        36. man /whatis
        The man command opens the manual for a specific command. For all basic Linux commands, there are man pages. Whatis shows which sections of the manual are for this command.
        man command
        linux man command
        whatis command
        whatis linux command


        37. whereis
        Shows the full path to the executable file of the program. It can also show the path to the sources, if they are in the system.
        whereis linux command

        Linux commands for network management

        38. ip
        If the list of Linux commands for managing a network seems too short, you most likely are not familiar with the ip utility. The net-tools package contains many other utilities: ipconfig, netstat, and other obsolete ones, like iproute2. All this replaces one utility - ip. You can consider it as a Swiss army knife for working with a network or as an incomprehensible mass, but in any case, the future lies with it. Just get over it.
        ip linux command

        39. ping
        Ping is an ICMP ECHO_REQUEST datagram, but in fact it doesn't matter. It is important that the ping utility can be a very useful diagnostic tool. It will help you quickly check whether you are connected to a router or to the Internet, and gives you some idea of ​​the quality of this connection.
        ping command

        40. nethogs
        If you have a slow Internet, then you probably would be interested to know how much traffic some program uses in Linux or which program consumes all the speed. This can now be done using the nethogs utility. To specify a network interface, use the -i option.
        nethogs utility

        41. traceroute
        This is an improved version of ping. We can see not only the complete route of the network packets, but also the availability of the node, as well as the time of delivery of these packets to each of the nodes.
         traceroute linux command

        We have reviewed the basic Linux commands that may be useful to you in everyday use of the system. If you think that there are other commands that need to be added to this list, write in the comments!
         

        Dd Linux command and everything related to it

        On UNIX systems, there is one very ancient command called dd. It is designed to copy something somewhere byte-by-byte.
        dd Linux command

        At first glance, nothing outstanding, but if you consider all the features of this universal tool, you can perform quite complex operations without involving additional software, for example: perform a backup of the MBR, create data dumps from various drives, mirror media, restore data from a backup on media and more, and, when combining the capabilities of dd and supporting the cryptographic algorithms of the Linux kernel, you can even create encrypted files that contain whole files yy system.
        Again, in the note I will describe the most frequently used examples of using the command, which greatly facilitate the work on UNIX systems.

        Burp Suite Guide

        Burp Suite is a graphical (GUI) application that is primarily used for testing web applications. Burp Suite is also written and abbreviated as "Burp" or "BurpSuite" and is developed by PortSwigger Security.
        Burp Suite consists of multiple applications such as a scanner, proxy, spider etc.
        But Burp Suite also comes in 2 variants, namely a free (community) and a paid (professional) variant. The community edition of Burp Suite only has the basic functionalities compared to the professional edition. In this post we deal with the community version which is already installed by default in Kali Linux.
        BurpSuite


          The community edition is especially interesting for mapping the web application. You can use the following Burp tools in the community edition, among others:
          • Advanced application-aware crawler
          • Detailed scope-based configuration so that you can work accurately and precisely
          • Custom "not-found" web responses detective with which false positives can be prevented
          • Tree-based display in which all found content is displayed.
          • Burp Suite (Man-in-the-middle) proxy that allows you to intercept all browsing traffic
          • A number of "manual" test tools such as the http message editor, session token analysis, sitemap compare tool and much more.
          • BApp Store where you can find ready-made Burp Suite extensions developed by the Burp Suite community
          • Burp Suit API so that Burp Suite can work together with other tools
          The professional version of Burp Suite costs around 330 euros per year, but you will get a lot of extras for that, such as:
          • Automatically crawl and scan over 100 common web vulnerabilities
          • Support for various attack insertion points with requests such as parameters, cookies, headers etc.
          • Advanced manual scan options
          • Advanced scan logic and processing such as analysis of static code, out-of-band techniques, IAST and support of the newest techniques such as JSON, REST, AJAX etc.
          • Vulnerabilities sitemap, vulnerability advise etc.
          • Burp Intruder for the automation of custom attacks that increase the speed and effectiveness of manual tests such as placing payloads, applying "fuzzing", using internal word lists, etc.
          • Even more "manual testing" tools
          • The ability to create HTML reports or to export found vulnerabilities to XML
          The biggest difference between the community and professional edition is that the professional edition of Burp Suite gives the user more access to perform automatic testing. The community edition lacks a lot of functionality and focuses primarily on "manual" tests. As far as I'm concerned, the community version is therefore more a demo for the professional version. But yes, everyone has to earn money right?
          Comment by stackcrash:Just one thing to point out. The biggest difference between community and pro isn't the automated scanning it's the extensions. Only pro will allow extensions to creat custom issues which is how quite a few of the quality extensions work. The automated scanning is nice but from a bug bounty perspective it's not really used.

          RouterSploit guide

          RouterSploit sounds a bit like Metasploit ... right? . RouterSploit is an exploitation framework for peripherals and in particular for routers. Many people protect their computers and even their phones, but often leave other network components and IoT devices unsecured. RouterSploit has been created so that you as an administrator can discover these devices and patch, upgrade or replace them if necessary. As always, the software can (and will) be used maliciously. So first, a disclaimer:
          Router Exploitation Framework




            it's not for nothing that RouterSploit sounds a bit like "Metasploit". It shows a lot of similarities such as the fact that the code is open source, command-line navigation and the structure of the commands. If you are if you are familiar with Metasploit then RouterSploit is no problem for you.

            RouterSploit is a Python based application for which everyone can easily develop their own modules. In this way you can help develop the RouterSploit software. It is recommended to update RouterSploit very regularly because new modules are added almost daily.