Hacking WordPress Website with Malicious Plug-in

Welcome back today we will talk about how we could compromise a WordPress website for a reverse meterpreter shell though use of malicious WordPress addons. This will allow us to create a malicious WordPress plugin to use as a payload and achieve a reverse shell back to the attacking machine. Requirements: Linux Python Metasploit malicious-wordpress-plugin … Read more

Hacking Linux Operating System for Remote Access: Malicious Debian Package

Welcome back today we will be talking about Remote Access of machines running on Linux Operating Systems. Why would someone want to Target a system running on Linux? Over 60% of all web servers around the world are running variations of Linux and a lot of personal Computers & Smart Phones. Let us just say … Read more

V3n0M-Scanner – Python Pentesting Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns. [Live Project – Python3.6] https://github.com/v3n0m-Scanner/V3n0M-Scanner V3n0M is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the … Read more

Inside Internet Security – What Hackers Don’t want You To Know – Addison Wesley 2002 [E-Book]

inside-internet

This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It arms systems administrators with a thorough understanding of the problems of network security and their solutions, and thus helps realize the tremendous potential of e-business. With the explosion … Read more

JuNest – Arch Linux distro that runs upon any Linux distro

arch-linux

The Arch Linux based distro that runs upon any Linux distros without root access. JuNest (Jailed User NEST) is a lightweight Arch Linux based distribution that allows to have an isolated GNU/Linux environment inside any generic host GNU/Linux OS and without the need to have root privileges for installing packages. JuNest contains mainly the package … Read more

Create an SSH Botnet Client manager Botdr4g0n

SSH Botnet

The Botdr4g0n is a security tool for DDOS attacks on SSH BOT management for distributed attacks. SSH Botnet SSH Botnet How to Install python 2.7 git clone https://github.com/mh4x0f/botdr4g0n.git cd botdr4g0n python setup.py install root@local:~# botdr4g0n _ _ _ _ _ ___ | |__ ___ | |_ __| |_ __| || | __ _ / _ … Read more

WebRTC can leak your IP address even if your behind a VPN

  WebRTC (Web Real-Time Communication) is a collection of communications protocols and application programming interfaces that enable real-time communication over peer-to-peer connections. This allows web browsers to not only request resources from backend servers, but also real-time information from browsers of other users. This enables applications such as video conferencing, file transfer, chat, or desktop … Read more

Unicorn – PowerShell Downgrade Attack Evade Anti-Virus

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. https://www.trustedsec.com Welcome back today we will talk about Powershell downgrade attacks using uniscan and inject shellcode … Read more

Useful Msfvenom and Metasploit Commands

Useful Msfvenom and Metasploit Commands The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Metasploit Framework, is a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is well known for its anti-forensic and evasion … Read more

Slowloris Layer 7 DDOS Attack

slowloris

Slow Loris is Layer 7 Application (Protocol Attack) it was developed by Robert “RSnake” Hansen don’t be fooled by its power even a single computer could have the ability to take down a full web server single handedly Slowloris is a simple and powerful /DDOS attack it is also known as a low-and-slow Slowloirs is … Read more

Best Kali Linux Compatible Wireless Adapters

aircrack-image

Welcome back today I will show you what the best compatible adapters for Kali Linux are. If you new to Kali Linux & Pen testing it can be quite tricky to decide on the correct wireless adapter to use don’t worry we will cover the most compatible adapters for Linux below. All the adapters listed below … Read more

Estimate Proximity Between Bluetooth Devices

Welcome back in this tutorial I will show you how to estimate the proximity between Bluetooth Devices. Blueranger is a simple bash script designed by JP Dunning to estimate a distance between bluetooth devices by sending L2P Bluetooth pings. Most often Bluetooth devices allow a ping without any authentication. Blueranger only estimates the distance between … Read more

Kali Linux Man in the Middle Attack Arpspoofing/Arppoisoning

man-in-the-middle

Welcome back today we will talk about Man-in-the-middle attacks. In computer security, a man-in-the-middle attack (often abbreviated mitm, or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. In this guide we will be … Read more

Dr0p1t-Framework – Dropper that bypass most AVs

Dr0p1t-Framework

Dr0p1t-Framework Dr0p1t-Framework A framework that creates a dropper that bypass most AVs, some sandboxes and have some tricks 😉 Credits: D4Vinci – https://github.com/D4Vinci/ Installation & run server On Linux and Windows it’s the same after installing Dr0p1t by doing the steps mentioned above, install modules in server_requirements.txt by using pip like : python -m pip … Read more

Autopsy – Digital Forensics Platform

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. Installers can be found at: http://www.sf.net…http://www.sleuthkit.org/autopsy/ … Read more

Hack Android Mobile Phone using MSFVenom Kali Linux

android-hacked

In this tutorial, you will learn how to Hack any Android mobile phone using MSFVenom. Requirements Linux Based Operating System (In this tutorial we are using Kali Linux 2017.2) Metasploit Framework MSFVenom is a hacking tool that targets the Android operating system. The tool is a combination of MSFEncode & MSFPayload. Ok now let’s get … Read more

PytheM – Multi-purpose pentest framework

pythembkg

PytheM – Penetration Testing Framework v0.6.6 Credits: m4n3dw0lf Download PytheM PytheM is a python multi-purpose pentest framework. It has been developed in the hope that it will be useful and I don’t take responsibility for any misapplication of it. Only runs on GNU/Linux OS. Examples ARP spoofing – Man-in-the-middle pythem> set interface [+] Enter the … Read more

Snoopy Tutorial – Finding Previously Connected SSID’S of a Device

wifi1

Wireless Networks can leak a treasure trove of information. In this tutorial we will use Snoopy to find various Wireless Access Points and Access points a device is probing for this can help us determine the name to call our malicious SSID for a evil twin network. When a device is probing for Wireless Access … Read more

Installing Additional Modules in Metasploit

metasploit

In this guide you will learn how to install additional modules in Metasploit. Metasploit is An open source attack framework first developed by H. D. Moore in 2003. Metasploit is used for hacking into systems for testing purposes. Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. lets … Read more

Davscan – A Tool That Fingerprints servers, finds exploits, scans WebDAV

dav-scan

DAVScan Credits: Graph-X [sociallocker id=”968″]Download Davscan[/sociallocker] DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the target server and … Read more