Beruflich Dokumente
Kultur Dokumente
Educational Purpose.
This Book Is Not Provide Any
illegal Activity.
5) Credentials Monitor :
Credentials refer to the verification of identity or tools for
authentication. They may be part of a certificate or other
authentication process that helps confirm a user’s identity in
relation to a network address or other system ID.
6) Transparent Proxy :
A transparent proxy (also called inline proxy, intercepting proxy,
or forced proxy) is a server that sits between your computer
and the Internet and redirects your requests and responses
without modifying them. A proxy server that does modify your
requests and responses is defined as a non-transparent proxy.
A transparent proxy can be used for various reasons, such as
content filtering in schools and libraries, and as it does not need
any configuration on the client side, it can be an easy-to-
maintain alternative to other proxy types.
.
7) Phishing Manager :
Phishing is a type of social engineering attack often used to
steal user data, including login credentials and credit card
numbers. It occurs when an attacker, masquerading as a
trusted entity, dupes a victim into opening an email, instant
message, or text message.
8) Partial Bypass HSTS protocol :
HTTP Strict Transport Security (HSTS) is a web security policy
mechanism which is necessary to protect secure HTTPS
websites against downgrade attacks, and which greatly
simplifies protection against cookie hijacking. It allows web
servers to declare that web browsers (or other complying user
agents) should only interact with it using secure HTTPS
connections and never via the insecure HTTP protocol.
The first Demonstration of HTTPS stripping and MITM
attacks was presented by Moxie Marlinspike at Black Hat DC
2009. Using his tool sslstrip, sslsniff and It will transparently
hijack HTTP traffic on a network, watch for HTTPS links and
redirects, then map those links into either look-alike HTTP links
or homograph-similar HTTPS links. It also supports modes for
supplying a favicon which looks like a lock icon, selective
logging, and session denial.
Video :-
https://mega.nz/#!prYU2CiL!WtK1b5K3nOBLA-
bMfjl4V1TwfqnhIZcAEpr09AZkBg4
Bettercap MITM Tool Gain Passwords, IP
Address, Device Info, Sniff Packets & Other
Taraffic & More :
In this topic we learn how to gain password , IP address ,
System information and many more by using Bettercap.
First we learn how to install Bettercap in Kali Linux:-
Installation is simple-
apt-get update
apt-get dist-upgrade
apt-get install bettercap
The above three commands will leave you with latest versions
of Kali and bettercap.
Now it is ready.
Sniffing Traffic :
Sniffing is a process of monitoring and capturing all data
packets passing through given network. Sniffers are used by
network/system administrator to monitor and troubleshoot
network traffic. Attackers use sniffers to capture data packets
containing sensitive information such as password, account
information etc.
There's nothing special about the usual sniffing traffic
functionailty of bettercap. Bettercap can easily performing
sniffing on your local area network. It also lets you write the
output to a pcap file and later analyse it with WireShark or
some other tool of your choice. I'll just give a simple demo here.
The real fun is in the capturing passwords section.
Run the command -
Bettercap – sniffer
You'll see all the websites being visited by all the devices on
the network. Press Ctrl+C to stop.
Now your attacker machine is ready and listening for traffic on the
network. Once your victim opens any login page, bettercap will use
ssl strip to remove the https from the URL, and once the target
enters his/her login credentials, you will see them in clear text.
Let's look at a demo run of the above procedure.
Limitations :
From this test run, here are the limitations of the tool that I
observed-
1. The biggest problem - It does not work on all sites. Before
trying outlook, I tried to see if I could carry out this MITM
attack over Facebook, Gmail, Twitter, etc. Unfortunately, I
wasn't able to. It only seems to work with some websites.
2. The difference in the URL if easily visible. Anyone who
knows what https is, will notice the lack of it. I, for one,
would never enter my credentials on an http page. The
extra Ws in the www don't help either.
3. The tool isn't perfect. There are a few bugs.
Video :-
https://mega.nz/#!0mBkFIpI!Zd1p6k6KgWhaptbK-
NGvHvuZcutck48dB3DN0klc_AQ
HOW TO INSTALL AND CONFIGURE FREE
VPN ON KALI LINUX.
https://www.goldenfrog.com/downloads/ca.vyprvpn.com.cr
t
Go to your network manager, go to the VPN tab and click
“Add”:
Enter the following information :
1. Connection name
2. Gateway (Different gateways are available from the
website)
3. Set authentication type to password
4. Username and password
Click the browse file button to select the CA certificate we
downloaded earlier.
/etc/openvpn/ca.vyprvpn.com.crt
You can start your VPN connection by going to the network
manager and select the connection we’ve just added.
How To Install Backtrack & Hack Wifi On
Android
Requirements
Disposable Number :
A Disposable Phone Number is generally a VoIP phone
number that is used for temporary purpose. The Numbers
generally are used to protect user's privacy. Most of the
disposable numbers generally forward calls or text to users
private numbers hiding real user's phone number. Disposable
phone numbers are also called temporary phone numbers.
It is very easy for hackers to find detailed information
about your identity, address, and track their movements. In
these troubled times, a person who does not take care of his
privacy is a fool and is surely open to any kind of
misdemeanour.
Benefits :
So first the important thing is why to use a disposable number
and not your personal mobile number. Sometimes you visit a
website and the websites told you to give some information
about yourself and Mobile Number. These will help you to hide
your original id information that website's can't find your
information or cannot able to trace your original location
through mobile number. You can use this to bypass Verification
Code for any Apps.
In today's world the most important thing is internet these
will provide you everything you need. So there is lots of
website's present in internet that you can easily misuse your ID
information.
You can Easily access disposable number by visiting some
websites without giving your information and Your original
identity.
Work :
One of the Disposable mobile number website is
SMSreceivefree.com that I will believe that is so useful for
hacking also. And you will find similar website's in internet. So
here is list that I believe that will definitely help you
1)Smsreceivefree.com
2)receive-smss.com
3)Freephonenum.com
4)Receivesms.org
5)Temp-sms.org
And many more............So friends enjoy with these Be
anonymous.
List of terms used in the field of hacking.
2.Andosid
The DOS tool for Android Phones allows security professionals
to simulate a DOS attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from mobile phones.
Download link: https://www.apkmart.net/app/andosid/
3.Faceniff
Allows you to sniff and intercept web session profiles over the
WiFi that your mobile is connected to. It is possible to hijack
sessions only when WiFi is not using EAP, but it should work
over any private networks.
Download link: http://faceniff.ponury.net/download.php solve
the captcha it will download automatically.
4.Nmap
Nmap (Network Mapper) is a security scanner originally written
by Gordon Lyon used to discover hosts and services on a
computer network, thus creating a “map” of the network. To
accomplish its goal, Nmap sends specially crafted packets to
the target host and then analyses the responses.
Download link: https://apkbucket.net/apk/nmap-for-
android/com.android.nmap/
6.SSHDroid
SSHDroid is a SSH server implementation for Android. This
application will let you connect to your device from a PC and
execute commands (like “terminal” and “adb shell”) or edit files
(through SFTP, WinSCP, Cyberduck, etc).
Download link: https://apkhome.net/sshdroid-pro-2-1-2-
unlocked/
7.WiFi Analyser
Turns your android phone into a Wi-Fi analyser. Shows the Wi-
Fi channels around you. Helps you to find a less crowded
channel for your wireless router.
Download link: https://www.appsapk.com/wifi-analyzer/
8. Network Discovery
Discover hosts and scan their ports in your Wifi network. A
great tool for testing your network security.
Download link: https://www.apk20.com/apk/157224/
9.ConnectBot
ConnectBot is a powerful open-source Secure Shell (SSH)
client. It can manage simultaneous SSH sessions, create
secure tunnels, and copy/paste between other applications.
This client allows you to connect to Secure Shell servers that
typically run on UNIX-based servers.
Download link: https://www.apkmonk.com/app/org.connectbot/
10.dSploit
Android network analysis and penetration suite offering the
most complete and advanced professional toolkit to perform
network security assessments on a mobile device.
Download link: https://dsploit.en.aptoide.com
SOCIAL MEDIA HACKING :
When people talk about hacking and social networks, they're
not referring to the com-mon definition of hacking, which is
using malicious code or backdoors in computer networks to
damage systems or steal proprietary information. Hacking into
social networks requires very little technical skill. It's much more
of a psychological game -- using information on personal
profiles to win a complete stranger's trust.
HACKING FACEBOOK :
Facebook is a most popular social media and we discuss 7
types of hacking on Facebook.
1. Hack Facebook Account Using Software (Brute-Force
method)
2. With Phishing Method
2.1. How to Make a Facebook Phishing Page
3. Using Keylogger to Hack Facebook Password
3.1. Keyloggers for Windows/Mac
3.2. Keyloggers for Android/iOS
4. By Password Guessing
5. With Remote Access Trojan Tool
6. Using The Man in The Middle Attack Method
Hack Facebook Account Using Software (Brute-Force
method):
The first and best method of hacking your Facebook account is
the “brute-force” method. This method uses specially designed
software to crack the password. This software receives
automatic updates of the latest passwords, allowing it to run
through the list of potential combinations in a few minutes. All
you need to do is download the software to your phone or
laptop, then run the software and it does the rest for you.
You can find this tool for download on its official site :
https://www.progressivepst.com
Developed by Progressive PST team of coders.
Step 1
Log out of your account and visit www.facebook.com default
login page.
Right-click anywhere on the page.
Click “View page source”.
Select all the text and copy it to the notepad. (CTRL+A then
Copy) Open Notepad blank page then paste inside.
Step 2
Left click on the top of the text in the notepad.
Hold CTRL+F and type “action=” in the search box without the
quotation marks.
Click on “Find next”.
There should be two “action=” in the text, and you require the first
one.
Don’t change the quotations, only the text inside the quotation
marks.
Go to File > Save as and name the file “index.html”.
Set the encoding option to “Unicode”.
Step 3
Download the post.php file – available here.
Open and unzip the file. Password to open archive is
“password12345” (without quotation marks). You’ll need
WinRar program to open this file. Download it for free here if
you don’t have it installed on your computer already.
Step 4
You’ll need a web hosting account since a phishing page is
essentially a website page on a hosted account.
Now this can be a problem for some people since they want to
do this for free. Yes there are free web hosting solutions like
www.000webhost.com and some other ones. You can do a
Google search for others. But people are reporting their
accounts often gets suspended because phishing is not
allowed by most of hosting companies.
If you want to be serious with this, we recommend going with
real domain name and paid hosting. Since you paid for it, you
own it, and you can put on your website and host any content
you want. There are tons of com e post and index files to your
web hosting account in the “public_html” folder.
First you login into your cPanel, then go to File Manager >
public_html.
You are now ready to use your phishing page. Visit the custom
link you receive when signing up for your web host account (If
it’s a free account). If you registered a real domain name, then
your domain name (domain-name.com) is your phishing
website.
When a victim follows that link, they’ll be landed to your
phishing page, and when they enter their username and
password, the page stores it in the file named “usernames.txt”
which will be automatically created inside the same
“public_html” folder.
panies providing web hosting and domain names. Just do a
Google search to find some. Don’t forget to search for coupon
codes too. Especially if you are first time user of some
domain/hosting company, there are always big discounts
available when you sign up for the first time.
The choice is yours of course whether you’ll go with paid plans
or search for a free solutions.
Step 5
Upload the post and index files to your web hosting account in
the “public_html” folder.
First you login into your cPanel, then go to File Manager >
public_html.
You are now ready to use your phishing page. Visit the custom
link you receive when signing up for your web host account (If
it’s a free account). If you registered a real domain name, then
your domain name (domain-name.com) is your phishing
website.
When a victim follows that link, they’ll be landed to your
phishing page, and when they enter their username and
password, the page stores it in the file named “usernames.txt”
which will be automatically created inside the same
“public_html” folder.
ISAM Keylogger
ISam is an upper-class key logger that runs hidden on your
system while covertly collecting data from individual users.
iSam silently records every key stroke, including passwords,
takes screen shots, and allows you to see and know everything
anyone does on your computer, period!
ISAM offer a premium keylogging tool that runs covertly on a
computer, collecting data from users. ISAM records keystrokes,
as well as allowing you to view to device from any location
remotely. Take screenshots, monitor your employees or
children, all with them being completely unaware of your
activities. Our favourite feature of ISAM is the unique hot-key
combination required to open the program – without it, no-one
can access the data collected by ISAM.
Elite Keylogger
Used for monitoring multiple users at the same time, Elite
Keylogger offers incredible functionality combined with a user-
friendly interface to allow you to keep all of your data within
easy reach. The program also features covert operation and
security features that enable you to monitor other users and
their behaviour.
Elite Keylogger has the ability to record all keys typed on a
computer - while remaining completely invisible to users! From
its logs, you will see passwords, documents, emails, chat
messages, and everything that was typed.
Actual Keylogger
This program monitors all of the activity on the target device or
computer. If you own a PC that’s open for use in the office, or
your staff has their own PC’s or laptops, you can covertly install
the software on their machine, and receive detailed reports
about their user activity. Track programs, websites they visit, an
take screenshots and copy content to the clipboard. The
software also collects data on all keystrokes as well.
4) Keyloggers for Mobile Phone Devices
If you need a keylogger for smartphone with Android or iOS
operating system, we recommend you give these three options
a try.
mSpy
mSpy is the most used mobile monitoring & tracking tool
nowadays. It’s full of useful features which attracts users to
choose mSpy amongst other tools of this kind.
The most used features which mSpy provides are following:
Monitoring Messaging Apps chat logs fully undetected
(Facebook Messenger / WhatsApp / SMS / Viber /
Instagram / others
Cell Phone Location Tracking
Monitoring Calls Conversations (Outgoing and Incoming)
Supported for both Android & iOS devices
Spyera
Spyera allows you to monitor any Android or iOS device remotely.
This award-winning software lets you keep tabs on your kids,
spouse, and employee, without them being aware of your spying.
Track your kid’s movements and keep an eye on your business
assets, all from your mobile device. With free updates and remote
upgrades, Spyera also offers a 10-day money-back guarantee.
KidLogger
This software is the top choice for parents concerned about
their kid’s whereabouts and activities. Kidlogger allows you to
see which apps they’re using, whom they’re communicating
with, and view their phones photo gallery. Monitor their location
and travel history, as well as read their text messages to
friends.
TheTruthSpy
The TruthSpy is one more keylogging software. This package
allows the user to keep an eye on employees and kids
whereabouts using a GPS tracker to protect your children and
business assets. The SMS spy will enable you to read incoming
and outgoing texts, while the Spycall gives you their phone
records. Monitor calls and record conversations, as well as any
WhatsApp communications.
49 GB OF HACKING TUTORIALS 🔰
➖@WIZARDS35