Showing posts with label introduction. Show all posts
Showing posts with label introduction. Show all posts

Wednesday, June 14, 2017

Kali Linux Tutorial Introduction To Parsero Vulnerability Analysis Tool

Kali Linux Tutorial Introduction To Parsero Vulnerability Analysis Tool


Introduction To Parsero Vulnerability Analysis Tool - picateshackz.com

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn’t be indexed. For example, “Disallow: /portal/login” means that the content on www.example.com/portal/login it’s not allowed to be indexed by crawlers like Google, Bing, Yahoo… This is the way the administrator have to not share sensitive or private information with the search engines.

But sometimes these paths typed in the Disallows entries are directly accessible by the users without using a search engine, just visiting the URL and the Path, and sometimes they are not available to be visited by anybody… Because it is really common that the administrators write a lot of Disallows and some of them are available and some of them are not, you can use Parsero in order to check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.

Also, the fact the administrator write a robots.txt, it doesn’t mean that the files or directories typed in the Dissallow entries will not be indexed by Bing, Google, Yahoo… For this reason, Parsero is capable of searching in Bing to locate content indexed without the web administrator authorization. Parsero will check the HTTP status code in the same way for each Bing result.

  • Recommended: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial

TOOLS INCLUDED IN THE PARSERO PACKAGE:-

Open up a terminal in Kali Linux and type following command:

root@kali:~# parsero -h

Introduction To Parsero Vulnerability Analysis Tool - picateshackz.com

 PARSERO USAGE EXAMPLE:-

root@kali:~# parsero -u www.bing.com -sb
____
|  _ __ _ _ __ ___  ___ _ __ ___
| |_) / _` | ‘__/ __|/ _ ‘__/ _
|  __/ (_| | |  __  __/ | | (_) |
|_|   __,_|_|  |___/___|_|  ___/
Starting Parsero v0.75 (https://github.com/behindthefirewalls/Parsero) at 06/09/14 12:48:25
Parsero scan report for www.bing.com
http://www.bing.com/travel/secure 301 Moved Permanently
http://www.bing.com/travel/flight/flightSearchAction 301 Moved Permanently
http://www.bing.com/travel/css 301 Moved Permanently
http://www.bing.com/results 404 Not Found
http://www.bing.com/spbasic 404 Not Found
http://www.bing.com/entities/search 302 Found
http://www.bing.com/translator/? 200 OK
http://www.bing.com/Proxy.ashx 404 Not Found
http://www.bing.com/images/search? 200 OK
http://www.bing.com/travel/hotel/hotelSearch 301 Moved Permanently
http://www.bing.com/static/ 404 Not Found
http://www.bing.com/offers/proxy/dealsserver/api/log 405 Method Not Allowed
http://www.bing.com/shenghuo 301 Moved Permanently
http://www.bing.com/widget/render 200 OK

Also Read:

  • Kali Linux Tutorial: Find IP Address Of Any Website And Trace Its Location
  • Kali Linux Tutorial: Information Gathering Using TheHarvester
  • Kali Linux Tutorial: Using Maltego Tool To Scan Network And Finding IP

Available link for download

Read more »
Posted by at
Labels: , , , , , , , ,

Kali Linux Tutorial Introduction To SAKIS3G Hardware Hacking

Kali Linux Tutorial Introduction To SAKIS3G Hardware Hacking


kali-linux-SAKIS3G-hardware0hack -picateshackz.com

Sakis3G is a tweaked shell script which is supposed to work out-of-the-box for establishing a 3G connection with any combination of modem or operator. It automagically setups your USB or Bluetooth™ modem, and may even detect operator settings. You should try it when anything else fails.

Recommended: An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial.


TOOLS INCLUDED IN THE SAKIS3G PACKAGE

root@kali:~# sakis3g help
Sakis 3G All-in-one script – Version 0.2.0e
(c) Sakis Dimopoulos 2009, 2010 under GNU GPL v2
Usage:
sakis3g [actors] [switches] [variables]
Sakis3G is a shell script which is supposed to work out-of-the-box for
establishing a 3G connection with any combination of modem or operator.
NOTE: This script requires root priviledges to properly work. If not executed from root, it will try to acquire them.
Common actors are:
connect       – Attempts to establish 3G connection.
disconnect    – Stops all active PPP connections.
toggle        – Attempts to establish 3G connection. If already connected, it
disconnects instead.
reconnect     – Attempts to establish 3G connection. If already connected, it
first disconnects and then attempts.
start         – Same as connect. Provided for use as init.d script.
stop          – Same as disconnect. Provided for use as init.d script.
reload        – Same as reconnect. Provided for use as init.d script.
force-reload  – Same as reload. Provided for use as init.d script.
restart       – Same as reload. Provided for use as init.d script.
desktop       – Creates desktop shortcut for this script.
status        – Prints connection status and exits. Exit code is 0 if
connected, or 6 if not connected.
help          – Prints this screen and exits.
man           – Displays man page.
NOTE: For more information, you should consult man page or official Sakis3G
wiki, available at:
http://wiki.sakis3g.org/

 SAKIS3G USAGE EXAMPLE

root@kali:~# sakis3g –interactive “connect”

Video TUTORIAL



Also Read:

  • Programming Languages For Hackers And Learn It From Most 6 Helpful Websites
  • Installing Hackers OS Kali Linux In VMware (Beginners Guide With Screenshots)
  • Easy Steps to Create Web Penetration Testing Lab in Kali Linux

Available link for download

Read more »
Posted by at
Labels: , , , , , , ,

Sunday, April 30, 2017

Kali Linux Tools Brief Introduction To 10 Powerful Hacking Tools

Kali Linux Tools Brief Introduction To 10 Powerful Hacking Tools


introduction to kali linux tools- picateshackz.com

Kali Linux, the hackers operating system is very powerful Linux distro and it is my favorite OS, not only my favorite but also many Hackers and pentesters choosing Kali Linux as their favorite hacking tool. The main reason hackers and newbies like Kali is because it is blessed with 300+ hacking tools and it has developed by Offencive Security team, so today i want to introduce you the top 10 tools i like most in kali linux. Here i am giving tutorials for each hacking tools so everybody can understand it well.

If you want to know more about Kali Linux then you should read this article first: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial


1. Metasploit


Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. The Metasploit Project, or better known as simply is a hugely popular pentesting or hacking tool that is used by cyber security professionals and ethical hackers. Metasploit is essentially a computer security project that supplies information about known security vulnerabilities and helps to formulate penetration testing and IDS testing.

Metasploit is in fact a sub-project of the Metasploit Framework. This hacker tool and framework is best known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Tutorial: Introduction to using Metasploit in Kali Linux


2. THC Hydra


Although often considered as yet another password cracker, THC Hydra is hugely popular and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH.

Tutorial: How to Crack Online Passwords Using THC-Hydra in Kali Linux


3. Sqlmap


Basically its just a tool to make Sql Injection easier. Their official website introduces the tool as -"sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections."

Tutorial: How to Hack Website Using Sql Map in Kali Linux - Sql Injection


4. Nikto


There are a number of tools and applications to find vulnerabilities in websites, but one of the simplest (and one of my favorites) is nikto.

This small and simple tool examines a website and reports back to you the potential vulnerabilities that it found that you could use to exploit or hack the site. In addition, its one of the most widely used website vulnerabilities tools in the industry and in many circles considered the industry standard.

Tutorial: Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto


5. Ettercap


Ettercap has a huge following and is widely used by cybersecurity professionals. Ettercap works by placing the users network interface into promiscuous mode and by ARP poisoning the target machines, i.e. facilitating a Main In The Middle or MITM attack. Once successfull Ettercap (and the hacker) can deploy various attacks on the victims. A popular feature about Ettercap is its ability to support various plugins.

Tutorial: Man In The Middle Attack Using Ettercap In Kali Linux


6. BeEF


BeEF was developed by a group of developers led by Wade Alcorn. Built on the familiar Ruby on Rails platform, BeEF was developed to explore the vulnerabilities in browsers and test them. In particular, BeEF is an excellent platform for testing a browser’s vulnerability to cross-site scripting (XSS) and other injection attacks.

Tutorial: Kali Linux Tutorial: Hack A Web Browser Using BeEF


7. Wireshark


Wireshark, formerly known as Ethereal, is one of the mostpowerful tools in a network security analysts toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues. Its also priced right: its free!

Tutorial: Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark


8. Maltego


Maltego is capable of gathering information about either a network or an individual; here we will focus on the former and leave individual information gathering for another time. We will be looking at gathering info on all the subdomains, the IP address range, the WHOIS info, all of the email addresses, and the relationship between the target domain and others.

Tutorial: Kali Linux Tutorial: Using Maltego Tool To Scan Network


9. Msfvenom


From 8th june 2015 we will no longer receive the services of msfpayload and msfencode. They are going to retire permanently. Yeah! Permanently off course this is a bad news. These both tools are serving us since ten years but the time has come to say good bye. Thank you msfpayload and msfencode for serving us in every level of hacking or penetration testing we will never forget you.

But the good news is msfpayload and msfencode are being replaced by a new tool called msfvenom. This is the combination of both the tools, almost from three and half years this new tool is being tested and the time has come to use it.

Tutorial: Msfvenom: One Single Tool Instead Of Msfpayload And Msfencode


10. Wireless Auditing


In this Section i am introducing you to the 3 wireless hacking tools, Aircrack-ng, Reaver, and Pixiewps. PicaTesHackZ do not condone the illicit activities of wireless auditing on unauthorized systems. We do however encourage you to use this knowledge to your benefit to learn and practice exploitation using the latest in Wireless Auditing. Although I did do a write up about using reaver and pixiewps, there has been updates, I have more tests, and more knowledge on the tools. Please keep in mind it is illegal to penetrate networks that are not your own without proper permission. This falls on you, so do what you will but we will hold no liability for your actions.

Tutorial: Kali Linux Tutorial: Wireless Auditing with Aircrack-ng, Reaver, and Pixiewps


Available link for download

Read more »
Posted by at
Labels: , , , , , , , ,

Saturday, April 8, 2017

Kali Linux Tutorial Introduction To ShellNoob Exploitation Tool

Kali Linux Tutorial Introduction To ShellNoob Exploitation Tool


Introduction To ShellNoob Exploitation Tool - picateshackz.com

Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!

Features:-

  • convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm. (All details in the “Formats description” section.)
  • interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode and you want to figure out if a specific assembly instruction will cause problems.
  • support for both ATT & Intel syntax. Check the –intel switch.
  • support for 32 and 64 bits (when playing on x86_64 machine). Check the –64 switch.
  • resolve syscall numbers, constants, and error numbers (now implemented for real! :-)).
  • portable and easily deployable (it only relies on gcc/as/objdump and python). It is just one self-contained python script, and it supports both Python2.7+ and Python3+.
  • in-place development: you run ShellNoob directly on the target architecture!
  • built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.
  • “prepend breakpoint” option. Check the -c switch.
  • read from stdin / write to stdout support (use “-” as filename)
  • uber cheap debugging: check the –to-strace and –to-gdb option!
  • Use ShellNoob as a Python module in your scripts! Check the “ShellNoob as a library” section.
  • Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!
  • Extra plugins: binary patching made easy with the –file-patch, –vm-patch, –fork-nopper options! (all details below)

download from :- https://github.com/reyammer/shellnoob

Also Read:

  • Easy Way To Crack Password Using John The Ripper In Kali Linux
  • Kali Linux Tutorial: Setting Up ProxyChains + Tor For Anonymity And Security
  • Kali Linux Tutorial: Introduction To Parsero Vulnerability Analysis Tool

TOOLS INCLUDED IN THE SHELLNOOB PACKAGE

  • root@kali:~# shellnoob -h
  • shellnoob.py [–from-INPUT] (input_file_path | – ) [–to-OUTPUT] [output_file_path | – ]
  • shellnoob.py -c (prepend a breakpoint (Warning: only few platforms/OS are supported!)
  • shellnoob.py –64 (64 bits mode, default: 32 bits)
  • shellnoob.py –intel (intel syntax mode, default: att)
  • shellnoob.py -q (quite mode)
  • shellnoob.py -v (or -vv, -vvv)
  • shellnoob.py –to-strace (compiles it & run strace)
  • shellnoob.py –to-gdb (compiles it & run gdb & set breakpoint on entrypoint)

  • Standalone “plugins”
  • shellnoob.py -i [–to-asm | –to-opcode ] (for interactive mode)
  • shellnoob.py –get-const <const>
  • shellnoob.py –get-sysnum <sysnum>
  • shellnoob.py –get-strerror <errno>
  • shellnoob.py –file-patch <exe_fp> <file_offset> <data> (in hex). (Warning: tested only on x86/x86_64)
  • shellnoob.py –vm-patch <exe_fp> <vm_address> <data> (in hex). (Warning: tested only on x86/x86_64)
  • shellnoob.py –fork-nopper <exe_fp> (this nops out the calls to fork(). Warning: tested only on x86/x86_64)

  • “Installation”
  • shellnoob.py –install [–force] (this just copies the script in a convinient position)
  • shellnoob.py –uninstall [–force]


  • Supported INPUT format: asm, obj, bin, hex, c, shellstorm
  • Supported OUTPUT format: asm, obj, exe, bin, hex, c, completec, python, bash, ruby, pretty, safeasm
  • All combinations from INPUT to OUTPUT are supported!

  • Check out the README file for more info.

SHELLNOOB USAGE EXAMPLE:-

Start in interactive mode (-i) in asm to opcode mode (–to-opcode):

  • root@kali:~# shellnoob -i –to-opcode
  • asm_to_opcode selected (type “quit” or ^C to end)
  • >> xchg %eax, %esp
  • xchg %eax, %esp ~> 94
  • >> ret
  • ret ~> c3
  • >>


Available link for download

Read more »
Posted by at
Labels: , , , , , , ,
Subscribe to: Posts (Atom)