Skip to main content

Posts

Showing posts from April, 2017

TX Power - how to increase signal strength in kali linux 2017

Increase Wi-Fi TX Power / Signal Strength USE this command to check your current dbs :-  iwconfig  example -  root@rockstardevil:~# iwconfig lo        no wireless extensions. eth0      no wireless extensions. wlan0     IEEE 802.11  ESSID:"devilzlinux.blogspot.com"           Mode:Managed  Frequency:2.427 GHz  Access Point: D2:99:K2:54:DC:17            Bit Rate=65 Mb/s   Tx-Power=20 dBm             Retry short limit:7   RTS thr:off   Fragment thr:off           Encryption key:off           Power Management:off           Link Quality=49/70  Signal level=-61 dBm...

CyberWar - check real time attack in world

Cyber War Real Time Cyber War – Here are some awesome sites which give you the live detail of Cyber Wars and threats that are occurring in the world. The graphic awesomeness gives you the goosebumps. With details on what ports? Country? Region? Etc.. is available. These contain DDOS attacks also. Worth visiting these - http://map.norsecorp.com/#/ https://cybermap.kaspersky.com/ http://hp.ipviking.com/ https://threatmap.checkpoint.com/ThreatPortal/livemap.html https://www.fireeye.com/cyber-map/threat-map.html

how to Find Your Gateway IP(linux/win/osx)

It's important for you to know the internal IP address of your default gateway, which is normally your router's LAN IP address. If you have ever had to access your router to configure it, you should know the address. It's what you type in your browser address bar to reach the configuration interface (example: http://192.168.1.1/ ) and, if not, you can find it with the following steps: Windows : Click Start > All Programs > Accessories > Command Prompt . When Command Prompt is open, type the following command: ipconfig | findstr /i "Gateway" (You can copy & paste it in the command prompt; just right-click anywhere in the command prompt window and select Paste .) You should see something like this: C:\Documents and Settings\administrator>ipconfig | findstr /i "Gateway" Default Gateway . . . . . . . . . : 192.168.1.1 In this example, your default gateway (router) IP address is 192.168.1.1 . Linux : You...

How can I decode a base64 string from the command line?

If you have ever needed to quickly decode or encode base64, Linux has a command line utility called base64 that works great. I’ll show you how it works! To encode text to base64, use the following syntax: $ echo -n 'devilzlinux.blogspot.com' | base64 ZGV2aWx6bGludXguYmxvZ3Nwb3QuY29tCg== To decode, use base64 -d. To decode base64, use a syntax like the following: $ echo -n ZGV2aWx6bGludXguYmxvZ3Nwb3QuY29tCg== | base64 -d devilzlinux.blogspot.com Note: if on OS X, use capital D: echo -n ZGV2aWx6bGludXguYmxvZ3Nwb3QuY29tCg== | base64 -D same work with another way python ___________________________________________________________ python - m base64 - d <<< "ZGV2aWx6bGludXguYmxvZ3Nwb3QuY29tCg==" devilzlinux.blogspot.com  ____________________________________________________________________ perl _____________________________________________________________ perl - MMIME :: Base64 - ne 'printf "%s\n",decode_base...

Hacking and Gaining Access to Linux by Exploiting SAMBA Service (exploit/multi/samba/usermap_script)

Hacking and Gaining Access to Linux by Exploiting SAMBA Service we are using kali linux 2016.2 with backtrack wallpaper    this attack work on linux os which have open port in  samba becouce we are using exploit/multi/samba/usermap_script and this script work on linux .. Step 1) First, we need to find out the ports and services running on the target system. To find the open ports and services, the command is: Command: nmap -sS -Pn -A 192.168.2.142 Step 2: Once you find the open ports and service like the samba port and service ready, get set for sending an exploit through that port to create a meterpreter session. To perform this attack, you need to open metasploit. Step 3: Once you open metasploit, first we need to find the version of samba Command: – msf> search scanner/samba (This command used to finding the scanner parameter to find samba version) Step 3: Once you find the scanners to find the samba version of the tar...

How to Extract Metadata from Websites Using FOCA for Windows

at is most likely to work against that site or network. In this tutorial, we will looking at FOCA's ability to find, download, and retrieve files from websites with the file's metadata. This metadata can give us insight into such information as the users (could be critical in cracking passwords), operating system (exploits are OS-specific), email addresses (possibly for social engineering), the software used (once again, exploits are OS-, and more and more often, application-specific), and if we are really lucky, passwords. Step 1 Downlaod FOCA for Windows First, let's download FOCA Free 3.0 for Windows . Step 2 Choose Where You Save Results When you install FOCA, you will greeted with a screen like that below. The first task we need to do is to start a new project and then tell FOCA where we want to save our results. Click on image to enlarge. I created a new directory at c:\foca and will save all my results there. Of course, you can save y...

How to Conduct Passive Reconnaissance of a Potential Target

Why Passive Recon? Reconnaissance can be divided into at least two categories, active and passive. Active reconnaissance requires that you interact with the target computer system to gain information about it. Although this can be very useful and accurate, it risks detection. If you're detected doing reconnaissance on a system, the system admin may choose to block your IP address and you'll leave a trail to your subsequent activity. If possible, we would prefer to gather the essential information without ever interacting with the system, thus leaving no trail to trace back to us. That's what passive reconnaissance is. Although there are a number of ways to conduct passive recon, one of the best ways is to use a website like Netcraft . Step 1 Navigate a Browser to Netcraft Let's open a browser and navigate to the Netcraft website. We should see a webpage that looks like this. Netcraft is a UK company that tracks virtually every webs...

How to Find Any Router's Web Interface Using Shodan

Welcome back, my hacker noviates! In a recent post, I introduced you to Shodan , the world's most dangerous search engine. Shodan crawls the globe from IP to IP address, attempting to pull the banners of each web-enabled device and server it finds. These banners are what the web servers and devices "advertise" to the world as to who they are. By searching these web banners, we can find the log-in interface for nearly every web-enabled device on planet earth. Shodan Doesn't Index Content, It Indexes Banners It's important to note that unlike Google, Bing, Yahoo, and other search engines, Shodan does not index the content of a website, rather it indexes the information in the banner. These banners will tell us whether the device is a webcam, a router, a VOIP phone system, or whatever, along with something about the underlying technology. To do a specific search in Shodan, you need to understand what is in these banners and how we can use it to se...

Use NMAP to Discover Vulnerabilities, Launch DoS Attacks and More!

NMAP is an essential tool in any hacker's arsenal. Originally written by Gordon Lyon aka Fydor, it's used to locate hosts and services and create a map of the network. NMAP has always been an incredibly powerful tool, but with it's newest release, which dropped mid-November of last year, they've really out done themselves. NMAP version 7 comes equipped with a ton of new scripts you can use to do everything from DoSing targets to exploiting them (with written permission, of course). The scripts cover the following categories Auth: Use to test whether you can bypass authentication mechanism Broadcast: Use to find other hosts on the network and automatically add them to scanning que. Brute: Use for brute password guessing. Discovery: Use to discover more about the network. Dos: Use to test whether a target is vulnerable to DoS Exploit: Use to actively exploit a vulnerability Fuzzer: Use to test how server responds to unexpected or randomized fields...

How to Conduct Active Reconnaissance and get information

In this tutorial, we'll look at active reconnaissance of a target with one of the best network scann ing tools, nmap . The risk with active scanning is that you will be detected and the security hardware or security admin will block any further attempts by you to pwn the site, or worse—report you to law enforcement. Nmap has multiple modes of scanning a potential target and many ways of evading detection. Step 1 Open Nmap Step 2 Using Nmap When you select nmap, you'll open a screen that looks like the screenshot below. Note that it opens a Linux terminal with the help screen for nmap. Whenever you want to see the help screen, you can simply type at the command prompt: bt > nmap -h You can also get the manual for nmap by typing: bt > man nmap Nmap is a delightful tool for gathering information on a network or site. For instance, if we want to gather information on ESPN.com , we can type: bt > nmap -sT espn.com ...

Reconnaissance with Recon-Ng, Part 1 (Getting Started)

I encourage you to start with these reconnaissance tools and others before even considering hacking/exploitation. In recent years, a brand new reconnaissance framework has become available to us that leverages many of the tools we are already using, but makes them far more powerful. This tool, Recon-ng , was developed by Tim Tomes while at Black Hills Information Security. He developed it as a Python script and tried to model its usage after Metasploit, making it easy for a pentester with Metasploit skills to use Recon-ng. It is built into Kali, so there's no need to download or install anything. Let's explore its many and powerful capabilities a bit here. Step 1 Starting Recon-Ng Fire up Kali, open a terminal, and type: kali > recon-ng This will open a splash screen like below. Note that the splash screen lists the number of modules by type. Unlike SET, but rather like Metasploit, we use commands and not numbers to use Recon-ng. Step 2 Vi...