Port forwarding practical to access an out of network victim machine.mp4
Port forwarding practical to access an out of network victim machine.mp4
Download now
Follow us for more...
Download now
Follow us for more...
How to access victim smartphone after successfully registered payload
How to access victim smartphone after successfully registered payload ?
Download now
Follow us for more...
Download now
Follow us for more...
Steganography tutorial for beginners (Live Practical) .mp4
Steganography tutorial for beginners (Live Practical) .mp4
Download Now
Enjoy! Follow us for more...
Download Now
Enjoy! Follow us for more...
Computer Networking Tutorial for Beginners_ Cisco_.mp4
Computer Networking Tutorial for Beginners_ Cisco_.mp4
Size:- 320.2 MB
Download Now
Enjoy! Follow us for more...
Size:- 320.2 MB
Download Now
Enjoy! Follow us for more...
How To Install Kali Linux in VirtualBox.mp4
How To Install Kali Linux in Orecle Virtual Box.mp4
Size:- 19.5 MB
Download Now
Enjoy! Follow us for more...
Size:- 19.5 MB
Download Now
Enjoy! Follow us for more...
How to Capture WPA Passwords with Fluxion ?
How to Capture WPA Passwords with Fluxion
Warning:
This Technique Could Be Illegal Without PermissionLegally, Fluxion combines scanning, cloning, creating a fake AP, creating a phishing login screen, and using the Aircrack-ng script to obtain and crack WPA handshakes. As such, it leaves signatures in router logs consistent with using these techniques. Most of these practices are illegal and unwelcome on any system you don't have permission to audit.
We will launch an attack against users attached to the access point "Probe," capture a handshake, set up a cloned (evil twin) AP, jam the target AP, set up a fake login page, and confirm the captured password against the handshake. And hack the password.

Install Fluxion
cd fluxion
sudo ./fluxion
sudo ./Installer.sh
A window will open to handle installing the missing packages. Be patient and let it finish installing dependencies After all the dependencies are met, our board is green and we can proceed to the attack interface. Run the Fluxion command again with sudo ./fluxion to get hacking.Scan Wi-FiIt will take some times wait for 20-30seconds. Press CTRL+C to stop the capture process whenever you spot the wireless network that you want.
Choose Your Target APSelect a target with active clients for the attack to run on by entering the number next to it. Unless you intend to wait for a client to connect (possibly for a long time), this attack will not work on a network without any clients
Select Your AttackOnce you've typed the number of the target network, press enter to load the network profile into the attack selector. For our purpose, we will use option 1 to make a "FakeAP" using Hostapd. This will create a fake hotspot using the captured information to clone the target access point. Type 1 and press enter.Get Handshake
In order to verify that the password we receive is working, we will check it against a captured handshake. If we have a handshake, we can enter it at the next screen. If not, we can press enter to force the network to provide a handshake in the next step. Using the Aircrack-ng method by selecting option 1 ("aircrack-ng"), Fluxion will send deauthentication packets to the target AP as the client and listen in on the resulting WPA handshake. When you see the handshake appear, as it does in the top right of the screenshot below, you have captured the handshake. Type 1 (for "Check handshake") and enter to load the handshake into our attack configuration.Create the Fake Login PageSelect option 1, "Web Interface," to use the social engineering tool. Select as language as victm.Capture the PasswordThe user is directed to a fake login page, which is either convincing or not, depending on which you chose.Entering the wrong password will fail the handshake verification, and the user is prompted to try again. Upon entering the correct password, Aircrack-ng verifies and saves the password to a text file while displaying it on the screen. The user is directed to a "thank you" screen as the jamming ceases and the fake access point shuts down.
You can verify your success by checking the readout of the Aircrack-ng screen. Congratulations, you've succeeded in obtaining and verifying a password, supplied by targeting the "wetware." We've tricked a user into entering the password rather than relying on a preexisting flaw with the security.
You can verify your success by checking the readout of the Aircrack-ng screen. Congratulations, you've succeeded in obtaining and verifying a password, supplied by targeting the "wetware." We've tricked a user into entering the password rather than relying on a preexisting flaw with the security.
How to Avoid Getting Banned on WhatsApp
🥏 **🥏
*Let's begin* 🧘♂️
1) Have a real content, a survey that the person agreed with is different than a marketing message on a saturday night
2) Add every contact you will send a message to your contacts list
3) Send messages written in different ways, you could make a script that places spacebars randomly on your string AND include the person’s (first) name
4) Never use fixed times, always go for sending the first message, wait a random time between 30 ~ 60 seconds and then send the second message
5) It’s expected that you run Whatsapp Web on the same network of the primary app on your phone. If you have whatsapp (app) running on your real phone with you and whatsapp (web) on some cloud solution like AWS that is hosted far away from you, I’m sure you will be banned
6) Unless you know how to crack whatsapp’s number validation system very well (there are some tutorials), prefer to use physical devices other than emulators
7) A good proxy is a must, make sure that both phone and bot are on the same IP and that this IP matches with your contacts country
8) Always try to group contacts by their area code, Whatsapp expects a regular person to talk mostly with contacts that are within the same area of your phone number
9) Have a profile picture, this is not related to Whatsapp Bots Catcher® but sending a new message for someone not having a picture/name/status will elevate your chances of being manually tagged as spam
10) Don’t keep sending messages to people that have already blocked you, I suggest checking before sending the message if the contact is blocked
11) Even though you will be able to send messages to contacts that doesn’t have whatsapp, you must never do that. Always check if your contacts have whatsapp before sending a message
12) There are some special numbers that I believe are under tests from whatsapp, if you send a message to 00@c.us a official whatsapp advertising account will get the message, it's like selling cocaine to the police
13) Don’t let your code make requests that a regular Whatsapp Web wouldn’t, for example reaching a number without @c.us, some errors are logged as well
14) Send “seen” confirmation to messages or disable it on Whatsapp
15) don’t instantly reply to messages, a nice wait time is a random value from 5 to 10 seconds
16) It’s a good practice when sending messages to open the chat, mark as read, send a "typing..." status, wait a few seconds and then send the message
17) Have a new browser everytime you open Whatsapp Web,mean, don’t keep cache. It’s a real pain to always have to enter the QR code but unless you have only one account and the bot isn’t overloaded it’s for the best
18) Avoid sending links that were previously marked as spam on Whatsapp or non-HTTPS. A URL shortener is a good idea
19) It’s really bad if you send messages 24/7 without giving it some time to wait. Random belays between messages are not enough, send a resonable amount of messages keeping in mind your conversions rate, for exemple: for one hour send a maximum of 4 messages per contact that have replied to your message, stop sending messages for one hours, then start again. Again, don’t send messages without stopping for a while between every “package”
20) Send only one short message when starting a conversation, one should not send long texts or multiple messages without the user conscenting
21) If you have to send multiple messages as a reply, send the first one, wait a few seconds and then go for the second message. You can still get banned if it’s too fast even though you’ve waited some seconds to reply.
Always try to get everything inside one message
22) Don’t send different messages to different people at the same time, make it one-way only.
23) void using prefixes for messages
24) Do not use yowsup-cli
25) Become online to send messages
Enjoy ! Follow us for more...
*Let's begin* 🧘♂️
1) Have a real content, a survey that the person agreed with is different than a marketing message on a saturday night
2) Add every contact you will send a message to your contacts list
3) Send messages written in different ways, you could make a script that places spacebars randomly on your string AND include the person’s (first) name
4) Never use fixed times, always go for sending the first message, wait a random time between 30 ~ 60 seconds and then send the second message
5) It’s expected that you run Whatsapp Web on the same network of the primary app on your phone. If you have whatsapp (app) running on your real phone with you and whatsapp (web) on some cloud solution like AWS that is hosted far away from you, I’m sure you will be banned
6) Unless you know how to crack whatsapp’s number validation system very well (there are some tutorials), prefer to use physical devices other than emulators
7) A good proxy is a must, make sure that both phone and bot are on the same IP and that this IP matches with your contacts country
8) Always try to group contacts by their area code, Whatsapp expects a regular person to talk mostly with contacts that are within the same area of your phone number
9) Have a profile picture, this is not related to Whatsapp Bots Catcher® but sending a new message for someone not having a picture/name/status will elevate your chances of being manually tagged as spam
10) Don’t keep sending messages to people that have already blocked you, I suggest checking before sending the message if the contact is blocked
11) Even though you will be able to send messages to contacts that doesn’t have whatsapp, you must never do that. Always check if your contacts have whatsapp before sending a message
12) There are some special numbers that I believe are under tests from whatsapp, if you send a message to 00@c.us a official whatsapp advertising account will get the message, it's like selling cocaine to the police
13) Don’t let your code make requests that a regular Whatsapp Web wouldn’t, for example reaching a number without @c.us, some errors are logged as well
14) Send “seen” confirmation to messages or disable it on Whatsapp
15) don’t instantly reply to messages, a nice wait time is a random value from 5 to 10 seconds
16) It’s a good practice when sending messages to open the chat, mark as read, send a "typing..." status, wait a few seconds and then send the message
17) Have a new browser everytime you open Whatsapp Web,mean, don’t keep cache. It’s a real pain to always have to enter the QR code but unless you have only one account and the bot isn’t overloaded it’s for the best
18) Avoid sending links that were previously marked as spam on Whatsapp or non-HTTPS. A URL shortener is a good idea
19) It’s really bad if you send messages 24/7 without giving it some time to wait. Random belays between messages are not enough, send a resonable amount of messages keeping in mind your conversions rate, for exemple: for one hour send a maximum of 4 messages per contact that have replied to your message, stop sending messages for one hours, then start again. Again, don’t send messages without stopping for a while between every “package”
20) Send only one short message when starting a conversation, one should not send long texts or multiple messages without the user conscenting
21) If you have to send multiple messages as a reply, send the first one, wait a few seconds and then go for the second message. You can still get banned if it’s too fast even though you’ve waited some seconds to reply.
Always try to get everything inside one message
22) Don’t send different messages to different people at the same time, make it one-way only.
23) void using prefixes for messages
24) Do not use yowsup-cli
25) Become online to send messages
Enjoy ! Follow us for more...
How to create photo capture link in termux ?
$ aptupdate && apt upgrade
$ pkg install php
$ pkg install curl perl php openssh wget
$ git clone https://github.com/JTECHCODE/selfiehack.git
$ ls
$ cd selfiehack
$ chmod +x *
$ ./selfiehack.sh
on your mobile hotspot
After select 2
$ 2
Copy to the link send victim
Once the enemy has opened the link you can see his photo in termux
$ ls
How to view image
termux-open --view (image name)
Any doubt come what's app group send screenshot
My WhatsApp group Link
Enjoy! Follow us for more
$ pkg install php
$ pkg install curl perl php openssh wget
$ git clone https://github.com/JTECHCODE/selfiehack.git
$ ls
$ cd selfiehack
$ chmod +x *
$ ./selfiehack.sh
on your mobile hotspot
After select 2
$ 2
Copy to the link send victim
Once the enemy has opened the link you can see his photo in termux
$ ls
How to view image
termux-open --view (image name)
Any doubt come what's app group send screenshot
My WhatsApp group Link
Enjoy! Follow us for more
Full proof Hacking techniques :
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑
1) CALLBACK UNITS:
Callback units are a good security device, But with most phone systems,
it is quite possible for the hacker to use the following steps to get
around a callback unit that uses the same phone line for both incomming
and out going calls:First, he calls he callback unit and enters any
authorized ID code (this is not hard to get,as you'll see in a moment).
After he enters this ID, the hacker holds the phone line open - he does
not hang up. When the callback unit picks up the phone to call the user back,
the hacker is there, waiting to meet it.
> The ID code as I said, is simple for a hacker to obtain, because these
codes are not meant to be security precautions.The callback unit itself
provides security by keeping incomming calls from reaching the computer.
The ID codes are no more private than most telephone numbers. Some callback
units refer to the codes as "location identification numbers," and some
locations are used by several different people,so their IDs are fairly
well known.I've been told that, in some cases,callback ubits also have
certain simple codes that are always defined by default. Once the hacker
has entered an ID code and the callback unit has picked up the phone to
re-call him,the hacker may or may not decide to provide a dial tone to
allow the unit to "think" it is calling the correct number. In any event,
the hacker will then turn on his computer, connect with the system - and
away he goes.If the however, the hacker has trouble holding the line with
method,he has an option: the intercept.
🦑The Intercept:
Holding the line will only work with callback units that use the same
phone lines to call in and to call out.Some callback units use different
incoming and outgoing lines, numbers 555-3820 through 555-3830 are dedicated
to users' incoming calls, and lines 555-2020 through 555-2030 are dedicated
to the computers outgoing calls.The only thing a hacker needs in order to
get through to these systems is a computer and a little time - he doesn't
even need an ID code. First,the hacker calls any one of the outgoing phone
lines, which, of course, will not answer.Sooner or later, though, while the
hacker has his computer waiting there, listening to the ring, an authorized
user will call one of the incomming lines and request to be called back.
It will usually be less than an hours wait, but the hacker's computer
is perfectly capable of waiting for days, if need be.
> The callback unit will take the code of the authorized user, hang up,
verify the code, and pick up the phone line to call back.If the unit
tries to call out on the line the hacker has dialed, the hacker has his
computer play a tone that sounds just like a dial tone.The computer will
then dial the number given that matches up with the user's authorized ID.
After that,the hacker can just connect his computer as he would in any
other case.If he is really serious,he will even decode the touch tones
that the mainframe dialed,figure out the phone number of the user the
system was calling, call the person, and make a few strange noises that
sound as though the computer called back but didnt work for some reason.
2) TRAPDOORS AS A POSSIBLILITY
I haven't heard of this happening, but i think it is possible that a
callback modem could have a trapdoor built into it.Callback modems are
run by software, which is written by programmers.An unscrupulous programmer
could find it very easy to slip in an unpublicized routine, such as,
"if code =*43*, then show all valid codes and phone numbers." And such a
routine, of course, would leave security wide open to anyone who found the
trapdoor.The obvious protection here, assuming the situation ever arises,
is simply an ethical manufactorer that checks its software thoroughly before
releasing it.
> A trapdoor is a set of special instructions embedded in the large
program that is the operating system of a computer.A permanent, hopefully secret "doorway", these special instructions enabe anyone who
knows about them to bypass normal security procedures and to gain access to
the computer's files.Although they may sound sinister, trapdoors were not
invented by hackers, although existing ones are certainly used by hackers
who find out about them.
3) THE DECOY
One of the more sophisticated hacking tools is known as the decoy, and it
comes in three versions.The first version requires that the hacker have an
account on the system in question. As in my case,the hacker has a
low-security account,and he tries this method to get higher-security
account.He will first use his low-security account to write a program that
will emulate the log-on procedures of the systems in questions.
This program will do the following:
*- Clear the terminal screen and place text on it that makes everything
look as if the system is in charge.
*- Prompt for, and allow the user to enter, both an account name and a password.
*- Save that information in a place the hacker can access.
*- Tell the use the account/password entries are not acceptable.
*- turn control of the terminal back over to the system.
The user will now assume that the account name or password was mistyped
and will try again...this time (scince the real operating system is in
control) with more success.You can see a diagram of the way these steps are
accomplished
___________________
| Clear Terminal |
| screen |
|____________________|
||
_________||_________
| Print Compuserve |
| Computer |
|_____ Network ______|
||
_________||_________
| Print "ENTER |
| PASSWORD" |______
|____________________| |
|| |
_________||_________ |
| PASSWORD ENTERED? |NO|
|____________________|
||_YES
_________||_________
| SAVE PASSWORD |
| INFORMATION |
|____________________|
||
_________||_________
| PRINT "LOGIN |
| INCORRECT |
|____________________|
||
_________||_________
| LOG OFF/RETURN |
| CONTROL TO |
| OPERATING SYSTEM |
|____________________|
4) CALL FORWARDING
Many people use call forwarding by special arrangement with the phone
company.When a customer requests call forwarding, the phone company uses
its computer to forward all the customers incomeing calls to another
number. Lets say, for example, that you want calls that come to your office
phone to be forwarded to your home phone: A call from you to the phone
company,some special settings in the phone companys computer, and all
calls to your office will ring at your home instead.This little bit of help
from the phone company is another tool used by hackers. Lets say you thought
that the computer you were hacking into was being watched-because the
sysop might have seen you and called the fed's and your sort of bugged by
this nagging feeling that they will trace the next hacker that calls,
just call the phone company and ask for call forwarding, pick a number,
(ANY NUMBER) out of the phone book and have your calls forwarded to that
number,Hea,Hea, the number you picked is the one that will be traced to,
not yours, so you could be hacking away,they think that they have traced you,
but actually the number you had your calls forwarded too. they enter chat mode
and say (YOUR BUSTED!!!!, WE'VE TRACED YOUR PHONE NUMER THE FEDS ARE ON THE
WAY!!), You could reply (Hea, SURE YA DID! I'D LIKE TO SEE YA TRY AND GET ME!
GO AHEAD!) ,that wont seem very important to them at the time, but it will
sure piss them off when they bust the wrong guy!
5) RAPID FIRE
Memory-location manipulation can be helpful, but there is another, more
powerful,possibility, in some cases: the Rapid-fire method.To understand how
this methos works, you have to know something about the way operationg
systems work.When a user enters a command, the operating system first places
Enjoy ! Follow us for more...
Top 44 Ports (Basics)
*Top 44 Ports (Basics)*
1️⃣ FTP - Port 21
2️⃣ SSH - Port 22
3️⃣ Telnet - Port 23
4️⃣ SMTP | Port 25 and Submission Port 587
5️⃣ DNS - Port 53
6️⃣ Finger - Port 79
7️⃣ HTTP - Port 80
8️⃣ Kerberos - Port 88
9️⃣ POP3 - Port 110
1️⃣0️⃣ RPCInfo - Port 111
1️⃣1️⃣ Ident - Port 113
1️⃣2️⃣ NetBios
1️⃣3️⃣ SNMP - Port 161
1️⃣4️⃣ Check Point FireWall-1 Topology - Port 264
1️⃣5️⃣ LDAP - Port 389
1️⃣6️⃣ SMB - Port 445
1️⃣7️⃣ Rexec - Port 512
1️⃣8️⃣ Rlogin - Port 513
1️⃣9️⃣ RSH - port 514
2️⃣0️⃣ AFP - Apple Filing Protocol - Port 548
2️⃣1️⃣ Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
2️⃣2️⃣ HTTPS - Port 443 and 8443
2️⃣3️⃣ RTSP - Port 554 and 8554
2️⃣4️⃣ Rsync - Port 873
2️⃣5️⃣ Java RMI - Port 1099
2️⃣6️⃣ MS-SQL | Port 1433
2️⃣7️⃣ Oracle - Port 1521
2️⃣8️⃣ NFS - Port 2049
2️⃣9️⃣ ISCSI - Port 3260
3️⃣0️⃣ SAP Router | Port 3299
3️⃣1️⃣ MySQL | Port 3306
3️⃣2️⃣ Postgresql - Port 5432
3️⃣3️⃣ HPDataProtector RCE - Port 5555
3️⃣4️⃣ VNC - Port 5900
3️⃣5️⃣ CouchDB - Port 5984
3️⃣6️⃣ Redis - Port 6379
3️⃣7️⃣ AJP Apache JServ Protocol - Port 8009
3️⃣8️⃣ PJL - Port 9100
3️⃣9️⃣ Apache Cassandra - Port 9160
4️⃣0️⃣ Network Data Management Protocol (ndmp) - Port 10000
4️⃣1️⃣ Memcache - Port 11211
4️⃣2️⃣ MongoDB - Port 27017 and Port 27018
4️⃣3️⃣ EthernetIP-TCP-UDP - Port 44818
4️⃣4️⃣ UDP BACNet - Port 47808
*Perform A Ping sweep :* 🧹
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 <IP>
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 192.168.0.1
-sP = Scan Ports
-PE = ICMP echo, timestamp, and netmask request discovery probes
-PP = same as PE
-PS21,22.... = TCP SYN/ACK, UDP or SCTP discovery to given ports
-PA = same as PS
-T4 = Fast Scan
--source-port (source port from which we scan)
Scan 50000 IPs
$ nmap -n -sL -iR 50000 -oN -
*Scan Specific Target* 🧿
$ nmap -v -n -PE -Pn <target>
-n = never do DNS resolution
-v = verbose output -vv is higher verbosity level
-PE = ICMP echo, timestamp and netmask request discovery probes
-Pn = Bypassing Ping Probe Requests
$ nmap -v -n -PE -PO <target>
-PO = IP Protocol Ping
*Scan Specific Ports* 🔌
$ nmap -v -n -PS21-23,25,53,80,443,3389 -PO -PE -PM -PP <target>
$ nmap -sL 54.248.103.0/24 -oG -
-sL = List scan
-oG = Output scan
*Scan network with Firewall :* 🔥🚧
$ nmap --script firewalk --traceroute <target> -vv
$ traceroute 192.168.20.2
$ hping -R 192.168.20.2 -V
*TCP SYN/ACK, UDP or SCTP discovery to given ports*
$ nmap -PS/PA/PU/PY
*ICMP echo, timestamp, and netmask request discovery probes* 🕔
$ nmap -PE/PP/PM
*Never do DNS resolution/Always resolve [default: sometimes]* 🚫
Never do DNS resolution | -n
Always resolve | -R
*Scan Techniques*
1️⃣ TCP SYN scan -sS
2️⃣ Connect scan -sT
3️⃣ ACK scan -sA
4️⃣ Window scan-sW
5️⃣ Maimon scan -sM
6️⃣ UDP Scan -sU
7️⃣ TCP Null scan -sN
8️⃣ FIN scan -sF
9️⃣ Xmas scan -sX
1️⃣0️⃣ IP protocol scan -sO
*Scan UDP ports with Nmap, e.g.:*
$ nmap -sU -p U:53,161 <target>
*Scan "number" most common ports*
$ nmap -sS --top-ports "1000" <target>
*More :*
https://highon.coffee/blog/nmap-cheat-sheet/
This is a list of common ports that will give you a pretty good list of "alive" system when scanning internally or externally.
📄 *List of ports :*
1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,689,705,771,783,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4679,4848,5000,5038,5040,5051,5060-5061,5093,5168,5247,5250,5351,5353,5355,5400,5405,5432-5433,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7001,7021,7071,7080,7144,7181,7210,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535
*UDP Discovery* 🔎
53,123,161,1434
*Authentication Ports* ⌨️
1494,80,5985,5986,8200,902,9084,6129
*Easy-win Ports* 🏆
1099,1098,8500,623,6002,700,4848,9060,10000,11211,3632,3299
*Database Ports* ⚗️
3306,1521-1527,5432,5433,1433,3050,3351,1583,8471,9471
*NoSQL Ports* 🚫
27017,28017,27080,5984,900,9160,7474,6379,8098
Enjoy! Follow us for more....
WHAT IS NETCAT (kali-parrot tool ) ?
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Penetration test tool tutorial: How to use the > Netcat (nc.exe), Netcat actual combat tutorial
Netcat is very easy and versatile at the same time, like trying to explain everything you can do with a Swiss army knife.
To give some examples:-
1) Get logo
2) Bind the shell (backdoor)
3) to chat with
4) File upload and download
5) Port scan
6) Knock on the port
7) Forwarding port
8) Display web server HTTP file content
9) When you type nc -h in the terminal of kali Linux , there are many options in netcat to enhance its functions and effects. Before diving into the details of its work, you must know that here we use two systems, one as the attacker and the other as the target system.
Enjoy! Follow us for more...
HTTP requests.
HTTP requests
use Netcat to obtain web page information from a web server. With Netcat, you can search the full HTTP header to see the specific site that is running in the web server.
1) Now type the following command to connect to port 80.
> nc 192.168.1.11 80
> OPTIONS / HTTP / 1.0
🦑Port scanning :
Netcat can also scan TPC and UDP ports, so it can be used instead of NMAP, it will tell us the opening and closing ports of the target IP The
following command displays the target IP and port range
-z: Zero I / O mode [for scanning]
-w: timeout for connection and final network read
-v: -v verbose
-l: listen mode for inbound connections
-n: digital IP address only,
From the resulting image, you can see that there are open ports for running services.
🦑Chat
Netcat for further chat between two systems. We need to put Netcat together to listen to specific ports on both systems and connect to specific addresses.
?> nc -lvp 5678
🦑File transfer
As you know, in windows we have now downloaded the netcat.exe file, I have used it to upload the text file t.txt on the target system through a specific port.
> nc 192.168.1.21 5555 & lt; t.txt
> nc -lvp 5555 & gt; /root/Desktop/t.txt
written by undercode
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Top Android hacking application
🔰Top Android hacking application🔰
1. SpoofApp:- SpoofApp is a Caller ID Spoofing, Voice Changing and Call Recording mobile app for your iPhone, BlackBerry and Android phone. It’s a decent mobile app to help protect your privacy on the phone. However, it has been banned from the Play Store for allegedly being in conflict with The Truth in Caller ID Act of 2009.
2. Andosid:- The DOS tool for Android Phones allows security professionals to simulate a DOS attack (an http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.
3. Faceniff:- Allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks.
4. Nmapper:- (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmapper sends specially crafted packets to the target host and then analyses the responses.
5. Anti-Android Network Toolkit:-zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
6. SSHDroid:- SSHDroid is a SSH server implementation for Android. This application will let you connect to your device from a PC and execute commands (like “terminal” and “adb shell”) or edit files (through SFTP, WinSCP, Cyberduck, etc).
7. WiFi Analyser:- Turns your android phone into a Wi-Fi analyser. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.
8. Network Discovery:- Discover hosts and scan their ports in your Wifi network. A great tool for testing your network security.
9. ConnectBot:- ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on UNIX-based servers.
10. dSploit:-Android network analysis and penetration suite offering the most complete and advanced professional toolkit to perform network security assesments on a mobile device.
11. Hackode:- The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
12.**Androrat**:- Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
13.**APKInspector**:- APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.
14.**DroidBox**:- DroidBox is developed to offer dynamic analysis of Android applications.
15.**Burp Suite**:- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
16. Droid Sheep:- DroidSheep can be easily used by anybody who has an Android device and only the provider of the webm service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.
Enjoy! Follow us for more...
1. SpoofApp:- SpoofApp is a Caller ID Spoofing, Voice Changing and Call Recording mobile app for your iPhone, BlackBerry and Android phone. It’s a decent mobile app to help protect your privacy on the phone. However, it has been banned from the Play Store for allegedly being in conflict with The Truth in Caller ID Act of 2009.
2. Andosid:- The DOS tool for Android Phones allows security professionals to simulate a DOS attack (an http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.
3. Faceniff:- Allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks.
4. Nmapper:- (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmapper sends specially crafted packets to the target host and then analyses the responses.
5. Anti-Android Network Toolkit:-zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
6. SSHDroid:- SSHDroid is a SSH server implementation for Android. This application will let you connect to your device from a PC and execute commands (like “terminal” and “adb shell”) or edit files (through SFTP, WinSCP, Cyberduck, etc).
7. WiFi Analyser:- Turns your android phone into a Wi-Fi analyser. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.
8. Network Discovery:- Discover hosts and scan their ports in your Wifi network. A great tool for testing your network security.
9. ConnectBot:- ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on UNIX-based servers.
10. dSploit:-Android network analysis and penetration suite offering the most complete and advanced professional toolkit to perform network security assesments on a mobile device.
11. Hackode:- The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
12.**Androrat**:- Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
13.**APKInspector**:- APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.
14.**DroidBox**:- DroidBox is developed to offer dynamic analysis of Android applications.
15.**Burp Suite**:- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
16. Droid Sheep:- DroidSheep can be easily used by anybody who has an Android device and only the provider of the webm service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.
Enjoy! Follow us for more...
10 Free and Open source Cyber Security tools
1. Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. It’s the world’s foremost and widely-used network protocol analyzer. It allows you see what’s happening on your network at a microscopic level.
2. Nagios
Nagios is a free and open-source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It was designed to run on the Linux operating system and can monitor devices running Linux, Windows and Unix operating systems (OSes). Nagios software runs periodic checks on critical parameters of application, network and server resources
3 .Wazuh
Wazuh is a free, open-source host-based intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It offers Security Analytics, Intrusion Detection, Log Data Analysis, File Integrity Monitoring, Vulnerability Detection and more
4. Suricata
Suricata is an open source intrusion detection system and intrusion prevention system. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.
5. OSSIM
OSSIM is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention. It offers asset discovery, Vulnerability assessment, Intrusion detection, Behavioral monitoring and SIEM event correlation
6. Snort
Snort is a free open source network intrusion detection system and intrusion prevention system,Snort performs protocol analysis, content searching and matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, semantic URL attacks, buffer overflows, server message block probes, and stealth port scans.
7. Nmap
Nmap is a free and open-source network scanner it is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
8. Security onion
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek (formerly known as Bro), Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. I highly recommend this distro for security and defense purposes.
9. Kali Linux
Kali linux is a free and open source Linux distribution containing at least 300 different tools for security auditing. It provides variety of tools and frameworks that organizations use to scan their network, Systems, Applications for vulnerabilities. It’s the “ Most Advanced Penetration Testing Distribution, Ever. ”
10. HoneyBot
HoneyBOT is a medium interaction honeypot for windows. A honeypot creates a safe environment to capture and interact with unsolicited traffic on a network. HoneyBOT is an easy to use solution ideal for network security research or as part of an early warning IDS.
Enjoy! Follow us for more...
Join Our WhatsApp Group : $Development Environment
HOW TO CASH OUT FROM STOLEN CREDIT CARD ?
📱📱
IMPORTANT : Don't Ask Any Stupid Q
At First Check Your Equipment..?
1st : Onlinegame ?
2nd: Proxy ?
3rd : Creditcard ?
-----------------------------------------------------------------------------------
Your Tool to Cashout.
At first you have to register on a online game site, maybe where you can play poker or backgammon
its only important, that you can play with REAL MONEY...
Onlinegames like: Poker Online | Play Poker Games at PokerStars.com
You need 2 account... One of them must be your own and the second have to be like the Creditcard user.
To make account is in most onlinegames for free.
-----------------------------------------------------------------------------------
Proxy
Then join your Proxy... Its nice if you use the same Proxy like your creditcard comes from.
for example : German creditcard and German Proxy .
-----------------------------------------------------------------------------------
Creditcard?
Now when you connect to the Proxy, join your faked account to play online...
Then purchase Real money from the hacked or stealed Creditcard.
Dont use your own Creditcard . It wouldnt have any effeckt Big Grin
-----------------------------------------------------------------------------------
How to Cashout??
Join the game with your Account (your faked and your real) to play.
You have to click on the "Play with Real Money" Button.
To play you need more then 2 players on the Table.
You can make more accounts to shit with all your accounts on the table
but i played with some hackerfriends. So they knowed what i did.
Then Play Big Grin
IMPORTANT : Your real account need some real money too ... 10 Lira is enough Big Grin
ok continue :
Then your firends have to give up the round, so that only YOU AND YOUR FAKED account is in .
Like 1 on 1.
Then Press the "All-In" Button with your faked Account .
And with your real Account the Same...
The effeckt : your faked account will set all the money from the hacked/stolen Creditcard
and your real account will set 10 *8364; or Lira or $ . :clap:
Then your faked account have to lose... like give up.
So you will taken all the money and logout from the Game. :51:
Press " Cashout" to cashout your Money to your real Creditcard.
Enjoy! Follow us for more
Join our whatsapp Group : $Development Environment
IMPORTANT : Don't Ask Any Stupid Q
At First Check Your Equipment..?
1st : Onlinegame ?
2nd: Proxy ?
3rd : Creditcard ?
-----------------------------------------------------------------------------------
Your Tool to Cashout.
At first you have to register on a online game site, maybe where you can play poker or backgammon
its only important, that you can play with REAL MONEY...
Onlinegames like: Poker Online | Play Poker Games at PokerStars.com
You need 2 account... One of them must be your own and the second have to be like the Creditcard user.
To make account is in most onlinegames for free.
-----------------------------------------------------------------------------------
Proxy
Then join your Proxy... Its nice if you use the same Proxy like your creditcard comes from.
for example : German creditcard and German Proxy .
-----------------------------------------------------------------------------------
Creditcard?
Now when you connect to the Proxy, join your faked account to play online...
Then purchase Real money from the hacked or stealed Creditcard.
Dont use your own Creditcard . It wouldnt have any effeckt Big Grin
-----------------------------------------------------------------------------------
How to Cashout??
Join the game with your Account (your faked and your real) to play.
You have to click on the "Play with Real Money" Button.
To play you need more then 2 players on the Table.
You can make more accounts to shit with all your accounts on the table
but i played with some hackerfriends. So they knowed what i did.
Then Play Big Grin
IMPORTANT : Your real account need some real money too ... 10 Lira is enough Big Grin
ok continue :
Then your firends have to give up the round, so that only YOU AND YOUR FAKED account is in .
Like 1 on 1.
Then Press the "All-In" Button with your faked Account .
And with your real Account the Same...
The effeckt : your faked account will set all the money from the hacked/stolen Creditcard
and your real account will set 10 *8364; or Lira or $ . :clap:
Then your faked account have to lose... like give up.
So you will taken all the money and logout from the Game. :51:
Press " Cashout" to cashout your Money to your real Creditcard.
Enjoy! Follow us for more
Join our whatsapp Group : $Development Environment
How To Make An EMail Bomber Using Simple PHP And HTML
🔰🔰
What You'll Need?
Webhosting – Make Sure You Have SMTP Or It Wont Work
Small Knowledge About PHP And HTML
Steps:
1. So First We Will Want To Create A File Called “index.html”
2. We Will Place The Following Code In The index.html
For Code: Copy html code
3. Go ahead And Save That File In A Folder, Name The Folder What-Ever You Want.
4. Now In That Folder Go Ahead And Create A File Named “email.php”
5. Now Open The email.php And Place The Following Code Inside It.
For Code: Copy php code
6. Now You Can Go Ahead And Upload It To Your Server, And Boom.
Enjoy! Follow us for more...
Join our WhatsApp Group $Development Environment
What You'll Need?
Webhosting – Make Sure You Have SMTP Or It Wont Work
Small Knowledge About PHP And HTML
Steps:
1. So First We Will Want To Create A File Called “index.html”
2. We Will Place The Following Code In The index.html
For Code: Copy html code
3. Go ahead And Save That File In A Folder, Name The Folder What-Ever You Want.
4. Now In That Folder Go Ahead And Create A File Named “email.php”
5. Now Open The email.php And Place The Following Code Inside It.
For Code: Copy php code
6. Now You Can Go Ahead And Upload It To Your Server, And Boom.
Enjoy! Follow us for more...
Join our WhatsApp Group $Development Environment
FREE WHMCS LIFETIME LICENSE
What is WHMCS?
WHMCS is an Automation, Support and All-In-One Billing solution for your businesses online needs, and it is ideal for any size of company from multi-million pound companies to small scale start-ups.
WHMCS has become an established leader worldwide by providing automation and online recurring billing. Since WHMCS released the first version of their software back in 2005, they have catered for web hosts providers and, increasingly, a number of other types of online businesses.
WHMCS involve the customer feedback of their users intensively in developing and adding new features to their software, and have an excellent reputation for customer support. The WHMCS platform is secure, regularly updated and is highly extendable. This provides you with a solution that can scale to the needs of your business while keeping the costs of supporting and billing your customers low.
Go to👇
https://whmcs.com/hostgator
Enter: HckngVllg.clientarea.troplo.com (Replace HckngVllg with anything like “autopilot/whatever you want”)
then signup >>
check your email now
Join Our WhatsApp Group : - $Development_Environment
Enjoy! Follow us for more...
How to get "AWS RDP" for Free for only Indian ?
✳️ ✳️
➖➖➖➖➖➖➖➖➖➖➖➖➖
🔹 Step 1: Download IRCTC IMudra App
🔹 Step 2: Then Singup With Your Number After Completing Registration They Will Ask For Kyc
🔹 Step 3: Choose Mini KYC Then in Driving License Put :- 2013000xxxx ( in x Put any Random Number )
🔹 Step 4: Then Choose on Free Vcc > Then in Firefox Focus Go to AWS > Signup
🔹 Step 5: In Credit and Debit Card Copy Paste VCC Number & Start Your Free Trial.
☑️ Thats it, you are done🙂 . People selling RDP with much rates. So, rather than buying from them create your own RDP✌️.
Enjoy! Follow us for more...
➖➖➖➖➖➖➖➖➖➖➖➖➖
🔹 Step 1: Download IRCTC IMudra App
🔹 Step 2: Then Singup With Your Number After Completing Registration They Will Ask For Kyc
🔹 Step 3: Choose Mini KYC Then in Driving License Put :- 2013000xxxx ( in x Put any Random Number )
🔹 Step 4: Then Choose on Free Vcc > Then in Firefox Focus Go to AWS > Signup
🔹 Step 5: In Credit and Debit Card Copy Paste VCC Number & Start Your Free Trial.
☑️ Thats it, you are done🙂 . People selling RDP with much rates. So, rather than buying from them create your own RDP✌️.
Enjoy! Follow us for more...
Subscribe to:
Posts (Atom)
-
HOW TO HACK ALL TYPE OF WI-FI 20I8 [BACKTRACK]⚠ Step 1:- First Download Backtrack Step 2:- Burn the iso image on CD and boot your laptop fro...
