Skip to main content

Posts

NMAP - INFORMATION GATHERING PART 2

Hey there everyone! The series continues , here is part 2 of Information Gathering , if you have not read the Part-1 , see to it! This article will describe Nmap also called NetMapper , and it's use! In my opinion, Nmap is must-use tool for all Pen-testers/Hackers! It's over 20 years old tool! It have so many awesome utilities! FOLLOWING INFORMATION IS JUST FOR EDUCATIONAL PURPOSE,  I'M NOT RESPONSIBLE FOR READER's ACTIONS AFTER READING THIS!        Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Ma...
Recent posts

WEB SERVER FINGERPRINTING USING NETCAT- INFORMATION GATHERING

Hey There! I just thought about starting a Web Security Testing Series! So , here it is! I just started the Series with Information Gathering, so it's a part of Information Gathering that is- "Web Server Fingerprinting" If you are beginner , it could be good start, because the information gathering is one of most initial stages of Web Security Testing (aka Hacking). Objective of Information gathering is to get more and more info about victim, so we can select the perfect attack or exploit , that could easily Find a vulnerability and get your way into system! I'll perform fingerprinting using Netcat Tool, that is pre-installed in Kali Linux, but it's bright side is that you could use it on WINDOWS, It's compiled to Windows Executable File by a non-official authority, so go and get it here ! And If it's not installed on your Linux System, run following command in Terminal! sudo apt-get install netcat Netcat is called Swiss Army Knife of Hack...

SHODAN - Internet of Things

Shodan is one of best things ever happened to internet! It's search engine that will search a device that is connected to internet! So ultimately it's a device search engine! Shodan allows you to find computers on the web by searching for them by keyword. For example, you can search for all the Microsoft IIS 7.0 servers in Canada, or all the systems using Linux in Africa. It uses keywords to get better results, yes exactly like google keywords! The trick to using Shodan effectively is to know the right keywords. Usually they are the manufacturer’s name, or a device model number, but sometimes they are the name of a very obscure embedded web server that you would never think to look for. You can find if your device is publicly connected to Internet! The Device could be Smart Refrigerator, Smart TV, CCTV Camera , Automated Doors, Aquariums , etc. You can use Shodan by opening ShodanHQ.com or Shodan.io  ... These both links lead to shodan.io. You can do comm...

WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!

OBFUSCATION - A very important part of closed source programming! That helps in security of apps, websites,softwares, etc. We'll mention about obfuscating code of different languages, if we're missing something, that you were expecting, tell in comments, I'll add that one! But first of all,what is obfuscation? Dictionary meaning of obfuscation is , the action of making something obscure, unclear, or unintelligible. It's so similar in programming too, so in programming,   It's simply conversion of a code in a computer language into some secret unreadable, non-understandable code! That could be understood by only compiler or the machine you are running on! Why obfuscation? It's too easy to decompile C# or Java code, and it could allow goons to read all the code of a program, and then he/she may copy it or even harm the organization! So, most of languages have a compiler that converts your raw code into Byte Code , that either converts it into non...

REPORT PHISHING SITES AND WIN PRIZES

Hey guys! Most of you might be aware with a famous password stealing technique- PHISHING , but if you don't know, I'm givin' a short intro  about Phishing. Phishing is using names of famous organizations (obviously illegally) and stealing credentials (passwords, OTP , etc.) of a member related to that organization. Yet, confused ? (If not, get to next paragraph).. It could be a fake call from goon that names himself as manager, or any official from that company but most commonly It will be a fake page of certified famous organizations, like Facebook, Twitter , Instagram. How to identify a Phishing page, well it appears to be so similar to that of real  page. Just the difference is in URL and the target URL of links.You can see in following image . It's phishing page of facebook. Observe it carefully, it's exactly similar to login page of facebook , but URL is different. So it's Phishing page! So, Right now I'm only telling about t...

INSTALLING ALL KALI LINUX TOOLS ON OTHER LINUX OS

Whenever it comes to Penetration and Security Testing , KALI LINUX is considered one of best ever penetration testing Operating System. As It have hundreds of security testing tools. However there are some disadvantages of Kali. Like, you can use STEAM OS as your Linux Preference, You may use Ubuntu as beginner, but they don't have those all tools that are present in Kali. So here I want to introduce a tool that can install all Kali Linux tools in your Linux OS (obviously, other then kali) . It's KATOOLIN  , It's a Python-Based Tool , available on GITHUB, CLICK HERE. OR Directly Clone it into your system from terminal by copying following line: git clone https://github.com/LionSec/katoolin.git So now you have Katoolin installed. Next step is to make it executable. Do it by copying following command to your Terminal chmod +x /usr/bin/katoolin usr/bin/katoolin is location where katoolin script is saved. Next, run katoolin by simply typing katoolin in T...

SPY CCTV CAMERAS USING GOOGLE DORKS

Hey Welcome Back, Guys!! My exams are going on so I'm irregular nowadays , I got some time to write the followings. Google Dorks one of most easy, fun and powerful hacking techniques, online. On Internet, Websites are not only to be hacked, Websites are just part of Internet. There are many other products like Refrigerator, CCTV Cameras, Automated Doors, Televisions, Power Plants, etc. that are connected to Internet, and some of them could be accessed through google. So, right now we will be discussing about CCTV Cameras. Following are some Google Keyword Searches that you can simply type in into Google Search Box and find your CCTV live! * inurl:”CgiStart?page=” * inurl:/view.shtml * intitle:”Live View / – AXIS * inurl:view/view.shtml * inurl:ViewerFrame?Mode= * inurl:ViewerFrame?Mode=Refresh * inurl:axis-cgi/jpg * inurl:axis-cgi/mjpg (motion-JPEG) (disconnected) * inurl:view/indexFrame.shtml * inurl:view/index.shtml * inurl:view/view.shtml * liveapplet ...

Resources