Skip to main content

Posts

Showing posts from May 17, 2017

Scan website for vulnerabilities with Uniscan Kali Linux Tutorial

Scan website for vulnerabilities with Uniscan Kali Linux tut Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities.  To achieve this we will be using a tool called Uniscan. This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so. Requirements: Kali Linux Uniscan (Comes Pre-Installed in Kali Linux) What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch. Installing Uniscan root@kali:~# apt-get install uniscan listing usage: You can use command uniscan -h to list help options and display usage. root@kali:~# uniscan -h #################################### # Uniscan project                  # # http://uniscan.sourceforge.net/  # #################################### V. 6.2 OPTIONS:     -h  help     -u  <url> exampl

Rollmac – Bypass Free Wifi Time & Data Restriction

Rollmac Free networks often impose either a time or data restriction and this can be used quickly. When this happens you can change your mac address and reconnect, but this is annoying, and it takes time. In addition, most networks will ask you to re-accept the terms and conditions of the network in order to continue. Rollmac – Bypass Free Wifi Time & Data Restriction Rollmac is designed to automate this process by using the WPAD protocol to discover the login page and automatically re-accept the terms and conditions. It also maintains a watch of the network current usage and/or time limit to ensure it is never reached. This means you can run downloads overnight or while you are away from your computer, automatically rolling mac’s and reconnecting to the free network. The entire operation usually takes about 10 seconds. You may need to configure the script slightly to adjust to individual network specifics, however, Rollmac allows you to download massive

brut3k1t – Server Side Bruteforce Module

Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and services (including Twitter, Facebook, Instagram). Installation Installation is simple. brut3k1t requires several dependencies, although they will be installed by the program if you do not have it. argparse – utilized for parsing command line arguments paramiko – utilized for working with SSH connections and authentication ftplib – utilized for working with FTP connections and authentication smtplib – utilized for working with SMTP (email) connections and authentication fbchat – utilized for connecting with Facebook selenium – utilized for web scraping, which i

Creating WordPress Admin Phishing Pages

Creating WordPress Admin Phishing Pages.. Hi welcome back today I will show you how to create WordPress phishing pages. Phishing is the practice of sending emails or fake pages in order to trick targets into unknowingly giving personal information such as passwords and credit and debit card numbers. Phishing attacks are a Social Engineering method that relies solely on human error and trickery. Scenario Lets assume we are doing a Pentest on a popular WordPress website the admin has giving us permission to try and phish information from staff members without breaking into their WordPress or gaining information from the SQLDatabases. The site admin has spent 1000’s of dollar maintaining security of his website and believes it to be quite safe although he can’t be to sure that his staff members will compromise his website through human error. A lot of people come to the conclusion that a user must be stupid or an idiot to fall for phishing pages. This is not th

FIX “Could not get lock /var/lib/dpkg/lock – Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

Fix “Could not get lock /var/lib/dpkg/lock – Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? You been installing packages or updating your repositories and you run in an error message from apt. “ Could not get lock /var/lib/dpkg/lock ” this error can become quite annoying to beginners don’t worry I will show you how to remove the lock from /var/lib/dpkg/lock this will remove the lock and allow us to continue installing software and resources from Kali Linux repositories. E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it? Method 1: First open up a new terminal and use the following command to remove the lock. rm /var/lib/dpkg/lock If the lock does not remove first time repeat the process above. The screen shot below shows the process of removing the l