How to block DNS queries with only 1 config file

Hello everyone, this is IRISnoir from Hackingarise. Bringing to you another tutorial. Today, I will discuss about DNS query blocking.

But first, if you don’t know what DNS is or what they even mean, you should take a look at this. Also read this too if you want to understand what I’m babbling about.

Now, Malwares can use this to their advantage if you don’t know how to self secure. Luckily, this is why I am here, as a friend, to help you.

Now, what you need to do is to edit this configuration file:
/etc/hosts
Yes. This bad boy right here.

But before that, the requirements must meet:
– R0OT privilege
– Mounted READ-WRITE on /SYSTEM
– A text editor (Captain obvious)
And that’s about it. But missing any of these will lead to failure.

First, getting Root privilege is relatively easy.
Next, mounting read-write is with this command:
mount -o rw,remount /system
If you want to mount it back to read-only then use:
mount -o ro,remount /system

You need root and /system mounted read-write in order to edit this file.

If the requirements meet, you can edit the file:
Use your text editor on /etc/hosts

And no, not /data/data/com.termux/files/usr/etc

After opening the editor, you can see:
127.0.0.1 localhost
What you wanna do to secure yourself from bad places is to add:
0.0.0.0 example.com

Now, for example, example.com is a bad, bad place that will do something malicious to you if you enter it. You can do this to secure yourself from it. When you accidentally press it with your fat fingers, it won’t do anything or give a virus.

The /etc/hosts file will always be read before a DNS query is made. The system will personally conduct it. If a DNS query is approved, you can view the site and vice versa, but if it is denied, the site will look like it’s not even alive and up and you will be presumed dead to them.

System: NEXT!
youtube.com: Can I come in?
System: SURE, HAVE A NICE DAY WITH OUR USER.

System: NEXT!
serveo.net: Can I come in?
System: ENTRY DENIED, GET LOST!

I hope that you find this useful. If you do, why not share it with your friends. Remember, stay safe and ethical as we are NOT responsible for any of your malicious acts.

How to use Nmap for network scanning

Hello, this is IRISnoir from Hackingarise. Bringing to you another tutorial.

Today we will be discussing about one of the most essential steps in hacking: Scanning, and it’s representative, Nmap.

Now, hacking has 5 phases:
– Reconnaissance
– Scanning
– Gaining access
– Maintaining access
– Covering tracks
We will focus on the scanning phase.

Scanning refers to the technique used by hackers to uncover vulnerabilities in a system. Once a flaw is detected, the hacker can proceed to use it to their advantage to compromise a system.

Let’s take a real-life scenario as an example.
You are a burglar, and you wish to rob someone. But you need info about them and their security level. This is the part where you scan them. You look out for places that you can enter safely and quickly into and out of their house, also have an eye out for dogs, security cameras, etc.. In order not to alert the owner in any way as you break in.
DISCLAIMER: Don’t take this as advice for breaking and stealing as it is illegal and can land you in jail.

Now, you get the gist of how it works, we go to the tool and it’s usage.

Brief description of it’s usage:
The tool’s name is Nmap, as you can see in the title. It is a network mapper which enables you to map your whole network or an IP or domain. This includes finding open ports, looking for vulnerabilities, scanning your network, etc..

Now you will want to open the help menu:
nmap -h
Don’t worry, it’s not as hard as you would think. In fact, it’s really easy.

Let’s try to perform those network scans.

The network scan:
First you want to connect to your network by accessing a Wifi.
Then use:
ifconfig
Then go to the wlan0 section, find your IP address. And remember this part: 192.168.X.X
Now fill in this command:
nmap 192.168.X.0/24
Replace the “X” in the IP with the value I told you to remember.
It will proceed to sweep the network for any online hosts, then find port. You can fill in extra commands to make it stronger and scan better and more. Don’t worry, it’s only hard if you make it seem so.

The firewall evading scan technique:
Usually, hosts have firewalls to keep their ports to themselves. Even though that is the case, they do need to filter all kinds of packets. And you only need one single flaw to be discovered.

Firewall filtered ports will appear as “filtered” in the scan report. You need to select the right packet type to do the job. The packets range from TCP SYN (-sS), Connect()(-sT) to FIN(-sF), TCP Null(-sN) and more. The advanced packets do need root to work though. You can use:
tsudo nmap -sF 192.168.X.0/24
For example, it scans the network via FIN packets so as to dodge firewall. If it succeeds, hooray. If it fails, try another packet type. If all fails, then sad for you.

You can learn all about Nmap at its homepage.

I hope you enjoy this tutorial. If you like, please share with your friend. And remember, stay ethical as we aren’t responsible for any of your malicious acts. Thank you and goodbye.

Brute forcing emails with Hyrda v8.9.1

welcome to hacking a rise in this post we are going to show you how to brute a email account with not password list using hydra pre-installed tool on kali linux as u know my last post was the gui of Hydra check it out here now we are going to use the terminal base tool i was going to start with gmail but it gave false positives this means it tells you the password is real but when you log in it tells you its wrong so no we are going to try something simple so you have a understanding of how the tool work.

(note) brute forcing wont work unless the password in in the list and allso the odds of you brute forcing a email is very slim like but sometimes you can get lucky

what is Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Source: https://www.thc.org/thc-hydra/

How to install hydra

HOW TO COMPILE
To configure, compile and install hydra, just type:

./configure
make
make install
If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add “-DWITH_SSH1=On” option in the cmake command line. IMPORTANT: If you compile on MacOS then you must do this – do not install libssh via brew!

If you use Ubuntu/Debian, this will install supplementary libraries needed for a few optional modules (note that some might not be available on your distribution):

apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \
libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \
firebird-dev libmemcached-dev libgpg-error-dev \
libgcrypt11-dev libgcrypt20-dev
This enables all optional modules and features with the exception of Oracle, SAP R/3, NCP and the apple filing protocol – which you will need to download and install from the vendor’s web sites.

For all other Linux derivates and BSD based systems, use the system software installer and look for similarly named libraries like in the command above. In all other cases, you have to download all source libraries and compile them manually.

SUPPORTED PLATFORMS
All UNIX platforms (Linux, *BSD, Solaris, etc.)
MacOS (basically a BSD clone)
Windows with Cygwin (both IPv4 and IPv6)
Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq)

source : https://github.com/vanhauser-thc/thc-hydra

How to use Hydra

so lads fire up you terminal and type hydra for the short help menu

for the full menu type hydra -h

so now we are going to hack a yahoo account as i mead one just for this frogawaga@yahoo.com

now lads were are ready to brute the email so type hydra -S -l frogawaga@yahoo.com -p /root/routersploit/routersploit/resources/wordlists/passwords.txt -e ns -V -s 465 smtp.mail.yahoo.com smtp

so just let it run as i use a pre installed word list the pass was not in it but that not the point as this to show you how to brute force a email if its gmail outlook or a company private emails ie are ones are @hackingarise.com see brute forcing is one the oldest methods in hacking and its still use today in pentests on a company or person
as allways im the laughingman this hacking arise happy hacking

Disclamer

hacking someones email is a crime we do not condole it nor support it so dont be a dick

XHydra to brute ssh

Welcome to hacking a rise in this we are going to show you how to brute a ssh with xhydra pre installed on kali linux this the gui of hydra (aka Thc-Hydra) i have taking the ip for the attack of shodan the hackers search engine find out more here

what is Xhrydra

xHydra (better known as “thc-hydra”) is an online password attack tool. It brute forces various combinations on live services like telnet, ssh, http, https, smb, snmp, smtp etc. Hydra supports 30+ protocols including their SSL enabled ones. It brute forces on services we specify by using user-lists & wordlists. Hydra works in 4 modes:
One username & one password
User-list & One password
One username & Password list
User-list & Password list
Hydra Homepage here

How to use Xhydra

Step 1: Open xhydra

Step 2: Set Target & protocol in the target tab.

Step 3: Set the username as root & specify the location for a wordlist in passwords tab.

Note: Kali Linux comes with built-in wordlists. Search them using the command: locate *.lst or *.txt in terminal.
command: locate *.lst
Other wide ranges of wordlist ranging up to 3GB or more are available on the web or github .

Setting Password Options

Step 4: Set no of tasks to 28 in tuning tab since this will reduce congestion & chance of detection. But takes longer to complete. This is also necessary to mitigate account lockout duration.

Tuning Options

Step 5: Start the xhydra from Start tab.

starting the Attack

Step 6: Scroll Down & Wait until the password gets cracked

So lads there ya have it how to brute ssh what xhydra or the gui for hydra lol its a nice easy tool to use so gave it a shot and see that ya can get lol anyways lads im the laughingman

HACK THE PLANT

Whatweb web app vulnerability Scanner 0.4.9

welcome to hacking a rise in this post i will show u how to use whatweb a simple vulnerability scanner pre installed on kali linux

What is Whatsweb

WhatWeb is a next generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1000 plugins, each to recognise something different. Find more here

Whatweb can identify all sorts of information about a live website, like:

Platform
CMS platform
Type of Script
Google Analytics
Web server Platform
IP address, Country
900+ Plugins & their libraries used
Server Headers, Cookies and a lot more.

Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion & various types of queries & identify all technologies just like a vulnerability scanner.
Options

Syntax of whatweb

Options is deprecated. Only major options or listed. Visit tool homepage for complete options

TARGET SELECTION:
Enter URLs, filenames or nmap-format IP ranges.
–input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin

TARGET MODIFICATION:
–url-prefix Add a prefix to target URLs
–url-suffix Add a suffix to target URLs
–url-pattern Insert the targets into a URL. Requires –input-file,

AGGRESSION:
The aggression level controls the trade-off between speed/stealth and reliability.
–aggression, -a=LEVEL Set the aggression level. Default: 1
Aggression levels are: 1,2,3 & 4

HTTP OPTIONS:
–user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.8-dev.
–follow-redirect=WHEN Control when to follow redirects.Default: always
–max-redirects=NUM Maximum number of contiguous redirects. Default: 10

AUTHENTICATION:
–user, -u= HTTP basic authentication
Add session cookies with –header, e.g. –header “Cookie: SESSID=1a2b3c;”

PROXY:
–proxy Set proxy hostname and port Default: 8080
–proxy-user Set proxy user and password

PLUGINS:
–list-plugins, -l List all plugins

OUTPUT:
–verbose, -v Verbose output includes plugin descriptions. Use twice for debugging.
–colour,–color=WHEN control whether colour is used. WHEN=’always’, ‘never’ or ‘auto’
–quiet, -q Do not display brief logging to STDOUT
–no-errors Suppress error messages

LOGGING:
–log-brief=FILE Log brief, one-line output
–log-verbose=FILE Log verbose output
–log-xml=FILE Log XML format

PERFORMANCE & STABILITY:
–max-threads, -t Number of simultaneous threads. Default: 25.
–open-timeout Time in seconds. Default: 15
–read-timeout Time in seconds. Default: 30
–wait=SECONDS Wait SECONDS between connections

HELP & MISCELLANEOUS:
–help, -h This help
–debug Raise errors in plugins
–version Display version information. (WhatWeb 0.4.8-dev)

How to use Whatsweb

open terminal and type whatweb https://hackingarise20.home.blog/

what see a little more detail use the -v Display version information whatweb -v https://hackingarise20.home.blog

There ya have it lads nice and easy see when using what web it automatic use all the plug ins for this scanner to work to see the plug ins type whatweb -l
WhatWeb Plugin List

Plugin Name – Description
——————————————————————————–

Recovering Formatted files with Photorec

Welcome to hacking a rise in this post we are going to show you step by step to recovering deleted files or lost data from a reformatted partition or corrupted file system with Photorec.

What is Photorec? 

 Before we talk about how you can recover your data, let’s get to know something about the tool we are going to use Photorec. PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. 

PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted. Photorec is free and runs on Windows, Linux, FreeBSD, NetBSD, OpenBSD, Sun Solaris, Mac Os and almost every unix system.

How to run Photorec  

If you don’t have photorec on your system, feel free to download Photorec here and download the one best for your operating system. After downloading the file, extract everything inside the archives.

For those on Windows, look for where you extracted  PhotoRec. Open the folder and  right click photorec_win.exe and then click Run as administator to launch PhotoRec.

For BSD, Unix, Linux user, open terminal and please make sure you are a root user and navigate into the extracted folder and type ./photorec_static  and press the Enter key as show below.

For our Mac Os user,  navigate into the extracted folder and start /photorec_static but please make sure you are  root user otherwise PhotoRec will restart itself using sudo after a confirmation on your part. Sudo will ask for a password – enter your Mac OS X user password.

if you were able to install Photorec successfully the i guess we are good to continue, if not leave a comment and we will get back to you..

 Selecting your Disk

if you got the installation right installation right you show see like this for all Os  but I’m running mine from linux

 and please make sure the want to recover has been insert.

From the image above you will see the media available listed. In other to select a media use  up/down arrow keys to select the media that contains the formatted files. Press Enter to proceed

Selecting a Source Partition

If the disk you are trying to recover was a partitioned disk, then you will have to select the partition that holds the formatted files. In my case, I’m  trying to recover the formatted files on  whole partition so i selected the whole disk. Before we proceed, there are some options we need to have a look before we recover our file and it can be seen at the bottom of the image above.

Search after selecting the partition that holds the lost files to start the recovery,Options to modify the options, File to modify the list of file types recovered by PhotoRec. Let’s see how the Search, Options and File Opt work. Lets start with the Options

Options

From the image above you can see that

• Paranoid By  default is set to Yes (Bruteforce disabled) which means recovered files are verified and invalid files rejected but when we enable bruteforce, it implies that you want to recover more fragmented JPEG files, note it is a very CPU intensive operation.

• Allow partial last cylinder modifies  how the disk geometry is determined – only non-partitioned media should be affected.

• The expert mode option  allows the user to force the file system block size and the offset. Each filesystem has his own block size (a multiple of the sector size) and offset (0 for NTFS, exFAT, ext2/3/4), these value are fixed when the filesystem has been created/formatted. When working on the whole disk (ie. original partitions are lost) or a reformatted partition, if PhotoRec has found very few files, you may want to try the minimal value that PhotoRec let you select (it’s the sector size) for the block size (0 will be used for the offset).

• Enable Keep corrupted files to  keep files even if they are invalid in the hope that data may still be salvaged from an invalid file using other tools.

• Enable Low memory if  your system does not have enough memory and crashes during recovery. It may be needed for large file systems that are heavily fragmented. Do not use this option unless absolutely necessary.

 Selecting File type

 File option gives you the opportunity to select the file type by pressing the space bar to select/deselect the file type or S to select/deselect all of them simultaneously. After the change press B to save the change.

File system type  

When the partition source is selected and other settings are put in place. It’s now time for us to validate the search. PhotoRec needs to know how the data blocks are allocated. Unless it is an ext2/ext3/ext4 filesystem, choose other

Select where recovered file should be kept

choose the directory to save the recovered files. Use the up/down key to choose the folder and uses  “..” to exist the current directory. And if you are recovering data into an external disk you can find the disk location in /media or /mnt

 

 

Recovery update

Now we can see the recovery process in the above image. The output shown in the above image base on the file type. One thing about this tool is, you can access the files found during the recovery process. You can find with folder name like this recup_dir in the destination you selected for the recovery

Recovery Complete

At the Stage the Photorec recovery process is complete. The details of the recovery process will be shown along with the directory the recover files was save to..

Hope you had a great time recovering your files..Have a nice day and don’t forget to share the link..

How to use Radare2 - Reverse engineering tool

Hello everybody~~

This is IRISnoir from hackingarise. Bringing to you another Termux tutorial. Today we’ll be discussing about the handy-dandy reverse engineering toolkit, Radare2.

Now, a brief description of it’s usage, shall we?
Radare2 is a very handy reverse engineering tool. It can be used to analyze some CRACKME stuff and solve them good. It’s use is complex and sophisticated. But it is also very interesting and unique. Not to mention one of the most useful tool I’ve seen besides Metasploit and other. You can also use it to analyze and confirm malware.

Now, it’s installation and usage:

To install it, just casually use:
pkg install radare2

It has a LOT of tool based on it.
I’m going to break down each one.

First tool is definitely:
radare2
The main tool of the whole project. It’s alias is:
r2
This can be used as a hexadecimal editor, disasembler and debugger. That’s the shortened description of it’s usage.

Next tool is:
r2agent
Which can let you tune in with your browser and do your job on it.

Now, we keep flowing with the tools list. Next up will be:
rahash2
This is a block-based hashing utility. You can use it to calculate, check, and view the hash value of a file.

Keep going, you can see:
rax2
This lets you convert between positive and negative integer, float, octal, binary and hexadecimal values.

Next, there is:
rabin2
This can be used to extract all info from a file, script, programs, etc.. This includes compiler info, programming language used, class, etc..

I hope you are keeping up, because next on our list is:
rarun2
This can lend you a hand in running scripts and programs. Activating a script or program with this tool will enable you to run them in exotic environments. How convenient.

Keep up with the list, we got:
rasm2
This is a assembler and disassembler for many architectures. Can assemble and disassemble files and hexpair strings.

Next up, there is:
r2pm
A package manager used to install, uninstall, update packages and discover plugins that is related to radare2.

Keep going, we have:
radiff2
This is a binary diffing utility. Implements and supports many algorithms. It will analyze and compare 2 files in a hash algorithm and print the results.

Another one:
rafind2
This is a tool that help you find byte patterns in files.

We are almost done, next tool is:
ragg2
This is a frontend for r_egg. This tool will compile programs written in high-level language into convenient sized binaries for x86, x86-64 and ARM.

Final command:
r2p
It will let you run r2 commands and pipe via r2pipe.

It will take me ages to instruct you on how to use this tool. Fortunately, I found a perfect PDF that can help.

Click here to download the PDF

Now, my sincerest comments. Since the Radare2 project has a lot of tools and all of them are equally helpful, it has gained a special place in my heart.

I hope you enjoy my tutorial. If so, please share it with your friends. And remember, stay ethical as we are not responsible for any of your malicious acts or any trouble you get into. Thank you. Have a nice day.

Python 3 Masterclass, Learn Python Programming

Python 3 Masterclass, Learn Python Programming and build your own Python programs: Data Science, Machine Learning, etc

Created by Denis Panjuta, Jannis Seemann, Tutorials.eu by Denis Panjuta
Last updated 12/2018
English
English [Auto-generated]

What you’ll learn with python 3 masterclass

? From 0 to 100: From beginner to python all-rounder
? Become a sought-after developer

? Write real desktop applications with Qt

⚙️ Use a crawler to extract data from web pages
? Challenge yourself with quizzes and exercises
? Everything explained with simple examples
? Understand the “why” behind it
? Evaluate data and create DataScience analyses
? Learn and understand object oriented programming
Requirements
No programming skills are required
A computer (Windows / Mac / Linux) with an Internet connection is sufficient

Description of python 3 masterclass

PYTHON 3 MASTERCLASS

This course makes you a professional Python 3 developer– no matter if you are a Python beginner, have already programmed a bit, or just want to discover the advanced features of Python 3. It is the ideal Python for beginners course.

This course contains over 250 lessons, countless quizzes, tests, practical projects, fact sheets, and exercises – the easiest way if you want to become a Python 3 developer.

NO PROGRAMMING SKILLS ARE REQUIRED – PYTHON FOR BEGINNERS

First a small overview of what this course offers you:

Understand the basics of Python 3 development
Understand object orientation
Develop your own applications in Python 3 development
Challenge your knowledge with various quizzes and exercises
Easy repetition of knowledge: Extensive fact sheets
Various practical examples:

Extract data from web pages with a web crawler
Write real desktop applications with Qt
Develop a web server with Flask
Apply Data Analysis with Python 3
Develop a face detection software
Develop a simple machine learning application
And much more…
Python 3 is an incredibly cool programming language that can be used for various purposes. Therefore, it is not only important that you learn Python yourself, but also which tools complement Python perfectly. And that’s why I developed this Python for beginners course – to make you a highly skilled in Python development, no matter what direction you want to go after the course.

After completing this Python for beginners course you can write desktop applications, master Python website development, extract data from other websites, collect additional data via cool forms, and evaluate it automatically with Python – the complete workflow.

PYTHON 3 MASTERCLASS

To this end, we will look at various additional tools in the course:

The Data Science – Stack: Numpy, Pandas and Matplotlib
Web – Crawling with “requests” and “beautifulsoup”
Web – Development with Flask
Interactive programs with Jupyter notebooks
Desktop applications with PyQt
My goal is that after completing this Python for beginners course you will be very good at Python development – no matter what purpose you want to use Python for later. This makes you perfectly prepared for future jobs and projects.

Frameworks allow you to save loads and loads of effort and time, when building your programs.

NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions to operate on these arrays.

In computer programming, pandas is a software library written for the Python programming language for data manipulation and analysis. In particular, it offers data structures and operations for manipulating numerical tables and time series for maximum Python development capabilities.

Build a web crawler with “requests” and “beautifulsoup” which allows you to read data from a website and reuse it how ever you like.This is a super powerful tool, which comes in handy in so many occasions.

With Flask you can build websites with Python. Flask is a micro web framework written in Python. It is classified as a microframework because it does not require particular tools or libraries. So you can get started with it super fast.

In this Python for beginners course you will also learn how to use PyQt. With PyQt you can build beautiful GUIs (Graphical User Interfaces). Either with code, or by just using the Qt Creator, which allows you to drag and drop your UI elements onto your Window. That is not only convenient, but also decreases the development time, required to build desktop applications.

Machine learning is a super interesting and demanded area. Python is the programming language to go with, when it comes to Machine Learning. So hop aboard and ride with the Python hype train. As you will learn the basics of machine learning with Python in this Python for beginners course. At the end you are skilled in Python development to the highest degree.

HOW IS THE PYTHON FOR BEGINNERS COURSE STRUCTURED:

First you learn, how the very basics of Python work. This includes variables, functions, loops, if statements, etc.

Then you learn how to use object oriented programming. These skills whill not only help you with Python programming, but also with other programming Languages. As soon as you feel confortable with those skills, you will learn more advanced topics and build more and more interesting and real world applications such as a web crawler, a twitter bot, a website with flask, data science with numpy, pandas and matplotlib.Each chapter contains multiple quizzes, leaflets/handouts and exercises, which help you to progress steadily.

So you see, the course will make you a complete Python developer in no time.

WHO IS PYTHON 3 MASTERCLASS FOR?

The course is for anyone, who wants to learn Python and wants to become professionally good in Python programming. No experience is required what so ever. It is for total Python beginners. It is designed that anyone who can handle a mouse and keyboard will succeed finishing it. The only real requisite is the desire to learn.

ABOUT YOUR INSTRUCTOR OF PYTHON 3 MASTERCLASS

My name is Denis Panjuta and in my courses I have taught over 50.000 students how to code. I have a Bachelor of Engineering at the University of Applied Sciences in Constance (Germany). I love teaching and creating high quality courses. My mission is, to teach programming to over 100.000 people!

As you see, this is the only Python course you will ever need!

You will learn all the Python fundamentals, all Python basics and everything that you need to know to succeed in Python programming and building your own cool applications.

So don’t waste any more time and start to make your dreams and ideas come true by taking this course now!

Who this course is for:

Beginners who want to get started with the programming language Python
Advanced developers who want to experience various Python application scenarios
In short: who want to use Python productively – whether as a hobby or for the job
Size: 12.84 GB

Download Here

to pay for the course Here

Lunar a python Pen testing Framework

Welcome back to hacking a rise i am the one and only laughing man coming from the middle of no were hahaha in this post we going to look at lunar a python pen testing framework

What is lunar

Lunar is a frame work tool designed by metacharHIS GITHUB

Install Lunar

open terminal and follow these steps
1:git clone https://github.com/metachar/Lunar.git
2:cd Lunar/
3:ls
4:chmod +x install.sh
5: ./install.sh

How to use Lunar

now its done installing the dependents we can now the main.py file type python main.py in to terminal it will then ask you if you are using windows or linux type linux then agree to the t and cs

now type HELP for the commands
+] Default commands (7)
└──> clear/cls : Clears Screen (linux)/ Windows
└──> exit : Exits
└──> help : Shows help screen
└──> / : Use last command
└──> banner : prints banner
└──> History : Shows command History
└──> Tools : Shows all downloadable tools
└──> c-history : Clears command history
└──> os : Enter a os command
└──> msf : Starts Metasploit

[+] Cryptography (7)
└──> hex_encode : Encode word(s) to hex
└──> hex_decode : Decode Hex to string
└──> key_encode : Encodes word(s) to a token & key
└──> key_decode : Decodes a token & key to words
└──> hash_md5 : Encodes word(s) to hash (MD5)
└──> hash_sha256 : Encodes word(s) to hash (SHA256)
└──> hash_sha512 : Encodes word(s) to hash (SHA256)
└──> hash_sha1 : Encodes word(s) to hash (SHA1)
└──> hash_sha384 : Encodes word(s) to hash (SHA384)

[+] Virus Bank Mac (10) –> Pass infect3d <-- └──> mac_backdoor: Downloads a mac backdoor virus
└──> mac_keylog : Downloads a mac key logger
└──> mac_adware : Downloads a mac adware virus
└──> mac_thief : Downloads a mac bitcoin stealing virus
└──> mac_dropper : Downloads a mac dropper virus
└──> mac_spyware : Downloads a mac spyware virus
└──> mac_ransom : Downloads a mac ransomware virus
└──> mac_worm : Downloads a mac worm
└──> mac_pass : Downloads a mac password stealer

[+] Virus Bank Windows (6) –> Pass Infected <-- └──> win_fflash : Downloads a fake flash player malware
└──> win_bonzi : Downloads Bonzi Buddy
└──> win_memz : Downloads the MEMZ virus
└──> win_phish : Downloads a email phisher
└──> win_exploit : Downloads a exploit kit
└──> win_trojan : Downloads a Trojan

[+] Wordlist (6)
└──> realpass12k : Downloads a real password list with 12k words
└──> darkweb2017 : Download the top passwords from the dark web
└──> prob_wpa : Download probable WPA passwords
└──> unknown-azul: Downloads txt list unknown azul
└──> bt4_list : Downloads the bt4 pass list
└──> cracked_hash: Downloads the cracked hash list

[+] Networking (12)
└──> showmac : Shows mac address
└──> showip : Show ipaddress
└──> port listen : Listen to a port
└──> geolocation : Locate an ip address
└──> reverse_ip : Reverse ip domian lookup
└──> dns_lookup : Do a dns lookup
└──> dns_host_rec: Show a dns servers host record
└──> zonetransfer: Do a zone transfer test
└──> shared_dns : Show a dns servers shared dns
└──> traceroute : Trace an ip
└──> Whois : Does a Whois lookup
└──> tcpscan : Does a tcp port scan
└──> wireshark : Opens wireshark with choice of iface

[+] Web (5)
└──> sourcecode : Get source code from website
└──> site2ip : Find ip address from website
└──> headers : Show headers of a website
└──> admin : Find admin pannel of website
└──> hydra : Hydra email brute force
└──> sublink : Find links from a website

now to use the modules in the frame work type the name of it for example i wanna see the downloadable tools so we type tools

now i want to download highjack so i type highjack this will now begin cloning the tool of github it mite take some time depending on ur internet speed

this will clone highjacker to lunars file

now say i wanna use the traceroute so i got a ip from a free proxy online so type traceroute press enter it will ask for ip

Final thoughts on lunar

there ya have it lads and gals its a nice little tool for any beginner in pentesting as it offers a few good features like downloading word-lists,portscanners,site cloner etc .. as well as starting wireshark and metasploit for fast loading but my favorite has to be the virus backs section

hahahha easy knowing my thoughts i seen that hahaha but ya i say if u are starting out in hacking this the tool for you.
I am the laughingman and this a tutorial for hacking a rise see you in the next one

HAPPY HACKING

HACK THE PLANT

Java Key tool - Create Key store

Welcome to Hacking a rise in this post we are going to talk about keytool this is used to gen keystores for making apk payloads fud

Introduction

Who of us didn’t visit ebay, amazon to buy anything or his personal bank account to check it. Do you think that those sites are secure enough to put your personal data like (credit card number or bank account number, etc.,)?

Most of those sites use the Socket Layer (SSL) protocol to secure their Internet applications. SSL allows the data from a client, such as a Web browser, to be encrypted prior to transmission so that someone trying to sniff the data is unable to decipher it.

Many Java application servers and Web servers support the use of keystores for SSL configuration. If you’re building secure Java programs, learning to build a keystore is the first step.

SSL and how it works

A HTTP-based SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This handshake produces the cryptographic parameters of the session. A simplified overview of how the SSL handshake is processed is shown in the diagram below.

This is in short how it works:

A browser requests a secure page (usually https://).
The web server sends its public key with its certificate.
The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
The web server sends back the requested html document and http data encrypted with the symmetric key.
The browser decrypts the http data and html document using the symmetric key and displays the information.
The world of SSL has, essentially, three types of certificates: private keys, public keys (also called public certificates or site certificates), and root certificates.

3. Private Keys
The private key contains the identity information of the server, along with a key value. It should keep this key safe and protected by password because it’s used to negotiate the hash during the handshake. It can be used by someone to decrypt the traffic and get your personal information. It like leaving your house key in the door lock.

4. Public Certificates
The public certificate (public key) is the portion that is presented to a client, it likes your personal passport when you show in the Airport. The public certificate, tightly associated to the private key, is created from the private key using a Certificate Signing Request (CSR). After you create a private key, you create a CSR, which is sent to your Certificate Authority (CA). The CA returns a signed certificate, which has information about the server identity and about the CA.

5. Root Certificates
Root CA Certificate is a CA Certificate which is simply a Self-signed Certificate. This certificate represents a entity which issues certificate and is known as Certificate Authority or the CA such as VeriSign, Thawte, etc.

6. Certificate Authorities
Companies who will sign certificates for you such as VeriSign, Thawte, Commodo, GetTrust. Also, many companies and institutions act as their own CA, either by building a complete implementation from scratch, or by using an open source option, such as OpenSSL.

7. Certificate Chain
When a server and client establish an SSL connection, a certificate is presented to the client; the client should determine whether to trust this certificate, a process called the certificate chain. The client examines the issuer of a certificate, searches its list of trusted root certificates, and compares the issuer on the presented certificate to the subjects of the trusted certificates.

If a match is found, the connection proceeds. If not, the Web browsers may pop up a dialog box, warning you that it cannot trust the certificate and offering the option to trust the certificate.

8. Keystore using Java keytool
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. It protects private keys with a password.

Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key, then generate a CSR. Then you will import the certificate to the keystore including any root certificates.

Keystore Commands

Create Keystore, Keys and Certificate Requests

Generate a Java keystore and key pair

keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -storepass password
Generate a certificate signing request (CSR) for an existing Java keystore

keytool -certreq -alias mydomain -keystore keystore.jks -storepass password -file mydomain.csr

Generate a keystore and self-signed certificate

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360
Import Certificates
Import a root or intermediate CA certificate to an existing Java keystore

keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks -storepass password
Import a signed primary certificate to an existing Java keystore

keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks -storepass password
Export Certificates

Export a certificate from a keystore
1
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks -storepass password
Check/List/View Certificates

Check a stand-alone certificate
1
keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore
1
keytool -list -v -keystore keystore.jks -storepass password
Check a particular keystore entry using an alias
1
keytool -list -v -keystore keystore.jks -storepass password -alias mydomain
Delete Certificates

Delete a certificate from a Java Keytool keystore
1
keytool -delete -alias mydomain -keystore keystore.jks -storepass password
Change Passwords

Change a Java keystore password
1
keytool -storepasswd -new new_storepass -keystore keystore.jks -storepass password
Change a private key password
1
keytool -keypasswd -alias client -keypass old_password -new new_password -keystore client.jks -storepass password

Web hacking for Beginners

What you’ll learn

Understand How Websites Work.
Intercept and manipulate HTTP communication using Wireshark.
Discover, fix and exploit SQL injections.
How to Hack and Secure a WordPress Website.
Cross-Site Scripting (XSS).
Cross-Site Request Forgery (CSRF).
Hook victims with BeEF and steal credentials.
Gain full control over the target machine using BeEF and Weevely.
Requirements
A basic understanding of computers.
A desire to learn.

Description

The course will introduce the various methods, tools and techniques used by attackers. You will study web application flaws and their exploitation.
No special skills are required as the course covers everything from the very basics.

This course covers:

How the Web Works.
How to use Vega Web Vulnerability Scanner.
Understanding SQL Injection Attacks.
Hacking WordPress with WPscan.
Cross-Site Scripting & Cross-Site Request Forgery.
Hook victims using BeEF Framework.
Gain Full Control over the Target Machine.
How Phishing Works.
After completing this course, you will understand major web application flaws and how to exploit a number of dangerous vulnerabilities such as SQL injections, CSRF attacks, XSS vulnerabilities, Phishing, etc.

Who this course is for:

Anyone who just simply wants to learn about web application hacking.
Web developers and pentesters.

Download Here

Cloud Ethical Hacking : Use Kali Linux on Amazon AWS

The only course you need to start running Kali Linux and ethical hacking tasks on Amazon cloud!

What you’ll learn

Setup an Amazon Free Tier Account
Create Amazon AWS EC2 Instances
Create Kali Linux on Amazon AWS
Setup Guacamole Tool to access and run cloud lab
Run Pentests on Amazon AWS Infrastructure
Run basic commands with nmap and metasploit
Exploit a remote Windows Server with a vulnerability
Use Kali Linux on Browser with RDP connection
Requirements
Basic IT Skills (Windows and Linux OS)
Internet Access (Preferably faster than 5 Mbps)
Some Linux Command Line Skills is a plus
A valid credit card to create an account on Amazon AWS (It won’t cost you a thing as we will use free tier)

Description

Hi, welcome to the “Cloud Ethical Hacking : Use Kali Linux on Amazon AWS” course. The only course that you need to start running Kali Linux and ethical hacking tasks on Amazon cloud!

There are a lot of options for ethical hacking & penetration testing training, but this course is designed in a way you can practice newest & best techniques on ethical hacking. Here is why:

Instead of using your own host device, you will learn how to boot & run Kali Linux entirely on the Cloud.
You can use any browser to access your Kali Linux.
You will have an ethical hacking lab entirely on the cloud. This includes a Windows victim machine as well. No more cpu & memory problems, no more virtual machines in your local device.
You won’t have to spend a dime up to 1 year as you will use Amazon AWS Free Tier account for the entire training, provided that you take good care of the running instances to stay under the free limits. I will show you how you can do that.
You can access any Linux or Windows machine, directly within your browser. You can continue working in any PC and don’t lose the sessions.
You can save the entire screen like a movie so that you can show it as a proof of actions. You can later watch these screencasts to improve your skills.
You will practice nmap, metasploit, included in the course! Even if you are a complete beginner in cyber security and ethical hacking, or you want to refresh your skills, you will enjoy the course.
Furthermore, you can apply the skills in many hosting providers or even your own server! Amazon AWS is not the only option here. This is because some of the skills in this course is beyond the topic of ethical hacking.

The practical skills you will learn after you complete the course:

Current limitations of an ethical hacking lab
Benefits of running your VMs in the cloud
How to create an Amazon Free Tier account
How to run Kali Linux as an Amazon EC2 instance
EC2 dashboard management
Alternative terminal operations: A handy chrome extension for SSH sessions
Installing xRDP to Kali Linux. This is also useful if you intend to use GUI with any Linux machine
LXDE and XFCE session types
Running a Windows Server as an EC2 instance, which you can use both as a victim or an attacker machine.
Install Guacamole tool to access & operate any server using your Browser
Nmap basics to which helps you to start scanning in no time.
Metasploit commands to send exploits to vulnerable machines.
Exploting a vulnerable application on Windows Server/
In a nutshell, by the end of the course, you’ll be able to create your own Ethical Hacking Lab on Amazon AWS cloud from scratch, using the latest techniques which black hat hackers use to penetrate systems remotely. Better than that, it won’t even take an hour to start running your machines.

Who this course is for:

This Penetration Testing course is for newbies who has none or limited experience on ethical hacking
Anyone wishes to run virtual machines on Amazon AWS
Anyone wants to conduct pentesting and ethical hacking tasks on cloud

DOWNLOAD

Termux Tutorials by Techncyber

HomeHackingUltimate Guide To : Ethical Hacking With Termux

Hi there , Now You can use Almost all Useful Hacking Tools, Scripts on Your Android Mobile

There are several apps and Hacking Tools are available For Android Mobile and therefore We can Install Kali Linux On Our Android but it requires some time and patient
Contents [hide]
Termux Tutorial PDF
About Termux App
What Are Termux Commands?
Termux Commands List :
Accessing And Managing Files In Termux
How To Use Hacking Tools In Termux
How To Install NMAP Tool In Termux
How To Install Hydra In Termux
How To Install RED_HAWK Tool In Termux
How To Install Recondog In Termux
How To Install SQLMAP In Termux
How To Install Lazymux In Termux

About Termux App

Termux is a Powerful Android app which is Designed to Install Linux packages on your Android Mobile

With this Termux App You Can Install shell, python, c, c++, perl, ruby, java and many more useful packages and with the help of Termux we can use several Hacking Tools/scripts in our mobile including Nmap, Hydra, Sqlmap etc..

if you are about to use only the tools you needed then read this article completely to Learn How to Use Termux App and How To Install hacking Tools On Your Android mobile with simple termux commands

Before We drive into deep, you must have to know the termux commands

Okay, Guys Without wasting your valuable time am going to present you the Termux Commands list in a simple & short way, I was planned to create a Termux commands list pdf, due to lack of time, am posting the commands directly on this post.

DOWNLOAD HERE

Netset Operational Security utility and automator

Welcome to hacking a rise in this post we are going to show you how to install netset on kali linux as allways i am the laughingman and this is hacking a rise

What is net stat

Operational Security utility and automator.

NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor.

All the utilities installed and used by NetSet will be automatically configured as well. Of course the tool itself isn’t the be all of Operational Security. Rather it is a convenient way of getting yourself set up with the basics.

NetSet facilitates, among other things;

A terminal multiplexer on demand, that has it’s sessions routed through Tor. Secured DNS traffic through automatic installation and configuration of DNSCrypt-proxy. Tor Wall functionality that forces all traffic through the Tor Network. Easy access to online OPSEC resources, the web resources in question can be opened in-script

Install Netset

open terminal and type
git clone https://github.com/NullArray/NetSet.git
then
cd Netset
then
ls
then
chmod +x netset-main.sh
then
./netset-main.sh --install


now its going ask you to install protonvpn and netset on to your system you will have to type Y






Netset usage

Using netset is easy pick a number form 1 to 10


now we are going to use 1 for the help menu

+------------------------------------------------------>
| Options Overview
+------------------------------------------> +
| CLI Arguments |
| '-t' or '--terminal' Starts |
| terminal multiplexer with all |
| connections routed through Tor |
| |
| '-s' or '--status' prints a status |
| overview of NetSet related network +
| utilities and their current state.
|
| '-i' or '--install' runs a script
| designed to install all of NetSet's
| dependencies and configures them
|
| Menu Options
|
| 'Usage' - Print options overview
| 'Status' - Print Status overview
| 'Spoof MAC - Spoof MAC Address
| 'Random Proxies' - Scrape random proxies
| 'GeoSort Proxies'- Scrape GeoSorted proxies
| 'ProtonVPN' - Start ProtonVPN
| 'Tor Terminal' - Start terminal multi-
| plexer, with all sessions
| routed through Tor
| 'Tor Wall' - Configures iptables to
| force all connections
| through Tor.
| 'OPSEC Resources'- Display NetSet's included
| list of web resources.
| Select an entry to open
| it in your default browser
|
+---------------------------->

there ya have it lads





final thoughts

well is is a nice script for helping with anonymizing your network a great tool for thos that dont know how to