diaphram

Friday, June 5, 2020

USE OF CRYPTOGRAPHY IN HACKING

WHAT IS CRYPTOGRAPHY?

The Cryptography is derived from the Greek words "Kryptos". This is the study of secure communication techniques that allow only the sender and recipient of a message to view it's contents of transforming information into nonhuman readable form or vice versa is called cryptography.

As we know that information plays a vital role in running of any business and organizations etc, sensitive details in the wrong hands can leads to loss of business.

Cryptography is the science of ciphering and deciphering messages.To secure communication organizations use cryptology to cipher information .

Or

Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.

In Computer Science, Cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.

This is one of the secure way of communications for a hacker with the help of virtual private network(VPN) like Tor Browser which is also very helpful to change the IP Address(Location of the sender ) for illegal purpose to perform crime in cyberspace . I will discuss in brief about the VPN .

How to Encrypt and Decrypt the text in Cryptography?

Open this website with the help of internert surfing for encryption-"http://wwwmd5online.org"

Open the link for Decrypt the code text-"http://www.md5online.org/md5-decrypt.html"

Type whatever you want for encryption and it will crypt in the code form, copy that code and forward to the intended person whom you want for secure communication and then he/she will Decrypt in the real form.

KillShot: A PenTesting Framework, Information Gathering Tool And Website Vulnerabilities Scanner

Why should i use KillShot?
You can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot

This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe and Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan XSS and SQL.

Use Shodan By targ option
CreateAccount Here Register and get Your aip Shodan AIP And Add your shodan AIP to aip.txt < only your aip should be show in the aip.txt > Use targ To search about Vulnrable Targets in shodan databases.

Use targ To scan Ip of servers fast with Shodan.

KillShot's Installation
For Linux users, open your Terminal and enter these commands: If you're a Windows user, follow these steps:

First, you must download and run Ruby-lang setup file from RubyInstaller.org, choose Add Ruby executables to your PATH and Use UTF-8 as default external encoding.

Then, download and install curl (32-bit or 64-bit) from Curl.haxx.se/windows. After that, go to Nmap.org/download.html to download and install the lastest Nmap version.

Download killshot-master.zip and unzip it.

Open CMD or PowerShell window at the KillShot folder you've just unzipped and enter these commands:

ruby setup.rb
ruby killshot.rb

KillShot usage examples

Easy and fast use of KillShot:

Use KillShot to detect and scan CMS vulnerabilities (Joomla and WordPress) and scan for XSS and SQL:

References: Vulnrabilities are taken from

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

Sploitus | Exploit & Hacktool Search Engine

CXSECURITY.COM Free Security List

Download KillShot

Thursday, June 4, 2020

Removing Windows 8/8.1 Password With CHNTPW

[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial

Cracking Windows 8/8.1 passwords with Mimikatz

So we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but once I also got stuck. So I did a little work around. In this tutorial I'm going to show you how to remove Windows 8/8.1 passwords using CHNTPW. Well it's little bit tedious than the older one but believe me it's fun too.

Background:

Let's get started with a little bit background. Windows OSs have a User known as Administrator which is hidden by default. This user is there for security reasons (maybe it's the way around). Most of the users who use Windows are lame, sorry to say that but I'm not talking about you, they don't even know that such an invisible account exists so it is almost everytime without a password. But this Administrator user is a SU (Super User), that means you work wonders once you get access to this account. So our first task will be to make it visible and then we'll access it and using it's power privilages we'll remove password of other accounts (which is not really neccessary cuz you can access any user folder or file using Administrator Account).

Requirements:

1. Physical Access to the Victems computer.
2. A Live Bootable Kali/Backtrack Linux Pendrive or DVD.
(You can downoad Kali Linux here)

Steps:

1. Plug in the Live Bootable Pendrive/DVD into to victim's computer and then boot from it.

2. After accessing kali linux (I'm using Kali Linux) from victim's computer open a terminal.

3. Now we have to mount the drive on which the victim's OS is loaded. In my case it is sda2. So in order to mount that drive I'll type the command:
mount /dev/sda2 /media/temp

this means that I'm mounting the drive in folder /media/temp if you haven't created a temp folder in /media then you must create one by typing these command:
cd /
mkdir /media/temp

4. After mounting the OS we need to access the SAM file and make visible Administrator account using chntpw. It's so simple lemme show you how.
first we'll navigate to /media/temp/Windows/System32/config:
cd /media/temp/Windows/System32/config

now we display the list of users on our victim's computer:
chntpw SAM -l

You'll see an Administrator User there which is disabled. Now we'll enable that:
chntpw SAM -u Administrator

now type 4 and hit return

press 'y' to save changes to SAM file.

OK voila! the hard part is done.

5. Now restart your Computer and take out your Pendrive/DVD from your computer and boot into windows 8 OS. You should be able to see Administrator User on Logon screen now. If not then look for a backward pointing Arrow besides the user Login Picture. Click on that Arrow and you should see an Administrator User. Click on the Administrator Account and wait for a while until windows 8 sets it up.

6. After a while you get Access to the computer and you can access anything. Enjoy :)

7. What you want to remove the password? I don't think it's a stealth mode idea, is it? OK I'll tell you how to do that but It's not a good hacker way of doing.
Open up the command prompt, simple way to do it is:

Press Ctrl + 'x' and then Press 'a' and if prompted click yes.
After that Enter following commands:

net user
(This command will display all users on computer)

net user "User Name" newPassword
(This Command will change the Password of User Name user to newPassword).
OK you're done now logout and enter the new password. It will work for sure.

8. If you want to disable the Administrator Account again then type in command prompt:
net user Administrator /active:no

I tried it on Windows 8/8.1 all versions and it works. Guess what it works on all windows OSs.

Hope you enjoyed this tutorial. Don't forget to share it and yes always read the Disclaimer.

Related news

wpCrack - Wordpress Hash Cracker

Wordpress Hash Cracker.

Installation

git clone https://github.com/MrSqar-Ye/wpCrack.git

Video

Download wpCrack

Wednesday, June 3, 2020

Masad Clipper And Stealer - Windows Spyware Exfiltrating Data Via Telegram (Samples)

Reference

2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram

"Masad Clipper and Stealer" steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own.

It is written using Autoit scripts and then compiled into a Windows executable.
It uses Telegram to exfiltrate stolen information.

Download

Other malware

Download. Email me if you need the password (see in my profile)

Hashes

SHA256	SHA1	MD5
1acf5a461ee16336eb8bbf8d29982c7e26d5e11827c58ca01adac671a28b52ad	6001b34c17c122d201613fffd846b056614b66da	e03234c2259c474aeb69500423ddeed7
290a1b89517dec10bfd9938a0e86ae8c53b0c78ed7c60dc99e4f8e5837f4f24a	32800c10588053813f55bf8c87771311c5f7f38e	2df4c1cf093c8373a8f2f194e77b69a2
7937a1068f130a90b44781eea3351ba8a2776d0fede9699ba8b32f3198de045b	a2a67b06344e4f1cf85086f6b584316ec53d5e54	8368f1c4d8f0d908f5f4ff671df5f1da
87e44bca3cc360c64cc7449ec1dc26b7d1708441d471bf3d36cd330db3576294	2fe5483e6b82220eeeef12e531eb3347fea16ac1	1082ce517dd23eee335bedfc6bcd8205
cf97d52551a96dacb089ac41463d21cab2b004ba8c38ffc6cb5fb0958ddd34db	5b79a15cb61f5260f0b9d807faa160e6d49590e4	b5fdf9653eb1ffbdae8cb4f1f2d71747
79aa23c5a25c7cdbaba9c6c655c918dac3d9823ac62ebed9d7d3e94e1eaafc07	4a279a6b82fe801d3c8be9d16df2ef5623b17704	0029ab0fd56cd7e493b46a331ef18bd3
03d703f6d341be258ac3d95961ff0a67d4bf792f9e896530e193b091dca29c2e	a9740352af2c9cc926deba7dffc452f213f7f05f	a462aac76def5b53351b3b1ddb41124c
a368b6755e62e5c0ff79ea1e3bd146ee8a349af309b4acf0558a9c667e78293a	e16167ab646381c277c2ca84319ceb57bacb2c92	c4cdc7665adb1cda5897d4df4a560f88
ba933cefbe9a8034f0ba34e7d18481a7db7451c8ef4b6172fb0cad6db0513a51	00749407e97085af470c75ef004f2235d30af44f	c26a3f2317507a09d91014469b045384
3ba3c528d11d1df62a969a282e9e54534fb3845962672ad6d8bbc29cb6d062f5	b8100890c0f1894544b3f99168377ec46c38e911	4a0607b4488cd539b8b0b443abd121e3
b763054180cd4e24c0a78b49055ad36dbc849f1a096cddf2db8cee0b9338c21d	7bec99308ce4bf409417b642cd9432000a5c19d2	2dfb1d606e5539399aa1a536baafd2f8
d5ce4b04b7eec6530a4a9d40510177468fadc235253e5a74530a8c9d990f3c50	27fc204ffa42262b7570b6fccb435d4d38a3610f	c5d8b73da810646407c333fe52186281
965a5949d8f94e17ebcd4cb6d0a7c19f49facbfc1b1c74111e5ceb83550d6c8f	7698584b2e7c62061447a6a2583ed6957180c205	e7ebe4411664672359b393f530fc2fc1
44134b9d4b10d94f6381b446a1728b116d62e65c1a52db45235af12caf7e38c0	fd114077927d501606575ba9ab38ecfb3407d432	a4388980d7e3539d74a950dab23d00ac
848d76a227f4fe282b7ddfd82a6dfc4c25da2735a684462b42fe4e1c413d8e34	135cee7610890497183eb6251efef307ea013fe1	7bb23077b4f80df48b91b425eda05828
5ca0a957fe6c253827f344da4ba8692d77a4e21a1df4251594be2d27d87dd8ae	d231874332ca462fb462e4f68450d2c2c22d4bcd	dda77b3f3f74a2bdffd167917686e139
016fa511f6546ed439d2606c6db8821685a99f5a14ef3f710668b58dc89c6926	5c83749c62ee0131710bf26931cb1e463a8fbda3	b0c34df85677d8f752dc1e1a5eeba0c9
22be594fbfa878f631c0632f6c4d260b00918817ff66a1f9f15efe44c1a58460	856d635fca52631305f1fefc58eafa74496524b6	60ebf41953d5c6e212fc306cdb0c6519
f3571ec66288405dab43332ca03812617f85fb08832fbbe1f1d89901fe034b8a	819485e20d841195e2e8a7ae5b41ff709887bb21	6984d37863c08b9fdd969297d35d3538
04c949eca23103b1de05278b49f42c3ab6b06f4bf20aafa5f2faefaa84c16ecd	0487db2df1802dd4ee4ae3b62b5f08937dd5c77c	4366ee61cbd7e636aea8540836a60036
d6fc04acda8f33a6d35eb577c27754c2f2b4d6f4869576c7c4e11b2c5e9b0176	83ae89826114662dad8553d5eeed5217b57047f2	2bc964e294d7ab314c34e5934d91a5a9
18c0bd4dd98008383fc52045ad896449fa7f0037593bb730ed1ef88aa547006d	bcaa05b60a9d625852ac4f2d0d805ab164988155	35d9f08c39c4cf396427f3a345e5c09a
4c9d5469e9095813418260045c2b11e499e4eaa0ffb25293f90f580c464157df	4c6aacc0b893ed366f9f307326e59efa61e51534	50dddaf7e5bb24aabf66eecd0c8b79cf
0b5f1fbc05dc8baca492b748adeb01fb4904e02723b59211ecde222f7b12d91e	87f898e0d41c0f2c22d4e9278a942326877fc368	da780b72140535d4c2d391e76dc8181d
31ad5c4547ceae4d0550c8460524c16a6105afc056760e872c4966656256c9dc	37f485d3fa8f6cf13061cb1ea38ae0d5d2edfd95	134aefcf640c24a1ab5344a96150fb05
edb00a0e5ff70e899857549e3263c887a799416c8bbab43ab130ca1be9bbd78c	42c30dc551a3cb3bc935c0eae79b79f17942e439	c2722241f765d2ad4fb58edd76a4adea
96f852b81760a425befaa11ea37c0cdea2622630bf2a0c94bb95042211ab614d	5d9782064bc38d40c88f32c0410479cbd61caa40	f332cfcda8c0ef579ede59eff23caa1e
57fd171a5b1a88e9583b42439851a91a940eb31105ab29cb314846da2ed43b82	0bfec2059823b936d782bea7bc16abd9923dddb5	6fff82df7a565b4570d299486697310f
277018b2cc6226dca6c7678cac6718c8584f7231340ad8cd7c03477559fdf48b	261f916ce97ffc6817a4772705df68e6ccca8181	009dc7d8766a85d85bb6a26ee69b66fe
e968affb1fc7756deb0e29807a06681d09a0425990be76b31816795875469e3d	cf78484a999183324da9affdf2aaeff508d1dc47	3e1b8f6313447b8a4b49671ddeb8a4ee
4b1ccf6b823ee82e400ba25b1f532cd369d7e536475a470e2011b77ffeaf7bb3	bc988f7cd32d411f2a9888afc72c7a892e2a1def	55128a3da6f70129acdbf9dbe955cfe7
fc84d6636a34ad1a11dbaa1daec179e426bdcd9887b3d26dc06b202417c08f95	1df31bec02e35c9a4656bb3a3bdf631bb37605a8	55d77ab16377a8a314982f723fcc6fae
9ca15f15fbae58cb97b0d48a0248461e78e34e6d530338e3e5b91f209a166267	8505dfaad6d10b84c73544eb748d547cb5bad9bd	ebc12c530dab0a65c37ffd72612fa705
31f3a402c1662ed6adffbf2b1b65cf902d1df763698eb76d21e4e94b4c629714	18c972722d984ff6da2bc26a0aca4c7f209cc39c	05bbf6e72b5b24c0c81e0671bf17b1e7
8d9f124ddd69c257189f1e814bb9e3731c00926fc2371e6ebe2654f3950ca02e	553cd98c83e945ee3013aa40897baec0305b34a2	b4030025e039c54c2d3923057447494c
a0923d7645604faaa864a079adeb741a5d6e65507a2819b2fee4835d396077d9	f8e6995e28c789d8b24e982ac53d5d6ba453de73	b796f85c8a7de71407d6e3c4206edda3
a19b790ea12f785256510dde367d3313b5267536a58ca0c27dbdac7c693f57e1	a92f7393daf7ead9a44b12e35f850705798fc879	a6defec886d31f6375712466dd794a96
f030fb4e859ee6a97c50c973a73dced3640befe37f579cfd15367ce6a9bbede2	ad3a1e779f02539ccd07bff735e0823add9730b2	c259564a8fe72333604a5686e30f6242
f01db6d77ac21211992ceae4e66e1e03c1cb39d61e03645b9369f28252ca7693	14c6bf63ff4d32d8a0a42e81ea39304fb7ab13c8	80fe593ef5538fbf66b3b3e1cb7b9b8b
dfe3d0e95feaed685a784aed14d087b019ba2eb0274947a840d2bdbae4ae3674	2107d057478328df8f538102508de00b0c4b37c7	b5a85a0e7a2c4197c3794c8bb2eb5763
bf6083040ca51e83415f27c9412d9e3d700bd0841493b207bc96abf944ab0ca7	09a695ce6c35c029dd7577e29f403d7144698b41	7a2edceb31a9c0d05e5f13c6caee0576
b154151dc8ace5c57f109e6bb211a019db20c4f0127c4d13c7703f730bf49276	8c0cda049c85493df4e97db3db4ddc94075ba62c	b6a895ac5ba5b6472680d47410a238a5
6bf6b1bde63cee9b81902efd187fdd56ecee5853754ce0a19d5ab5c3b0242988	6e2d4f0bcc97ce130ae89647f648d3e96548a391	a29f9d176b913e7f693355700aaadbb9
0dcf547bd8f4074af97416d8b84ea64b2f3319064aa4bce64ad0c2e2d3957175	a996b925e9391a69140caf6e4adba928694ffe66	dd575413a40839f2807593aa21c71152
6cff1249cc45b61ce8d28d87f8edc6616447e38168e610bed142f0b9c46ea684	9baa823deb9075e8df77b891115c019244de09de	488bb5c0739485721182c01a82b01d14
5b5ebe019806885bbaafe37bc10ca09549e41c240b793fd29a70690a5d80b496	3d46711f9064b96ff2d0affdef1ecd82d120659d	b95e2d8a8509ac05f5445d18d32cc7cb
103d87098c9702cab7454b52869aeeb6a22919f29a7f19be7509255ce2d8c83e	e29a163488438c9ea9014ddf1a9b2d382cc5d7e6	baf2587fafaedbab4a78b9b7fd8b55f8
c73675005a09008bc91d6bc3b5ad59a630ab4670dca6ac0d926165a3ecfd8d92	d8ea2280cd06a5cc32b7d668e2b4b2e68f3a7e2a	98ecc6fbb2cb5649daf751fcbfb81bcb
ef623aadd50330342dc464a31b843b3d8b5767d62a62f5e515ac2b380b208fbe	620ff5a7aaf7f3fcf4abc9365e0e77b3ec4b434d	b14535c5835c9dfb3cbbc7f6fef6034c

More articles

Voodoo-Kali - Kali Linux Desktop On Windows 10

How it works?
* Kali Linux with XFCE Desktop Environment in Windows Subsystem for Linux (WSL)
* VcXsrv X Server for Windows is doing the hard GUI lifting
* XFCE is started natively in WSL and displayed by VcXsrv

Install Voodoo-Kali:
1, Enable WSL and install Kali Linux from the Microsoft Store. Read Install Kali Linux desktop on Windows 10 from Microsoft Store

2, To start Kali Linux in Windows 10, open Command Prompt and enter the command: kali

3, Enter this commands:
  apt install wget -y
  wget https://raw.githubusercontent.com/Re4son/WSL-Kali-X/master/install-WSL-Kali-X
  bash ./install-WSL-Kali-X

4, Download and install VcXsrv Windows X Server from SourceForge

5, Start VcXsrv, accept change in firewall rules, exit VcXsrv

Run Voodoo-Kali:
Start kali in Windows as normal user (that's default), and launch Voodoo-Kali:
* as normal user: ./start-xfce
* as root: sudo /root/xtart-xfce

Run Kali Desktop in an RDP session:
In Kali Linux WSL, type: sudo /etc/init.d/xrdp start
In Windows 10, open Run and enter mstsc.exe and connect to "127.0.0.1:3390"

Status: Voodoo-Kali is in its infancy and it is far from being elegant. I'm working on it though and step by step I'll push out improvements. Below a snippet of the To-Do list:
* Clean up and comment the scripts
* Make for a cleaner exit
* Better error handling and dependency checking (get rid of sleep, etc.)
* Improve stability of Java programs
* Improve the looks??
* …

Any help is truly appreciated, in any shape or form – from tips to pull requests.
Why don't you join the forums to discuss?

Further Information:
* Offsec – Kali Linux in the Windows App Store
* MSDN – Windows Subsystem for Linux Overview

Download Voodoo-Kali

Continue reading

What Is Cybersecurity And Thier types?Which Skills Required To Become A Top Cybersecurity Expert ?

What is cyber security in hacking?

The term cyber security refers to the technologies and processes designed to defend computer system, software, networks & user data from unauthorized access, also from threats distributed through the internet by cybercriminals,terrorist groups of hacker.

Main types of cybersecurity are

Critical infrastructure security

Application security

Network Security

Cloud Security

Internet of things security.

These are the main types of cybersecurity used by cybersecurity expert to any organisation for safe and protect thier data from hack by a hacker.

Top Skills Required to become Cybersecurity Expert-

Problem Solving Skills

Communication Skill

Technical Strength & Aptitude

Desire to learn

Attention to Detail

Knowledge of security across various platforms

Knowledge of Hacking

Fundamental Computer Forensic Skill.

These skills are essential for become a cybersecurity expert.

Cyber cell and IT cell these are the department in our india which provide cybersecurity and looks into the matters related to cyber crimes to stop the crime because in this digitilization world cyber crime increasing day by day so our government of india also takes the immediate action to prevent the cybercrimes with the help of these departments and also arrest the victim and file a complain against him/her with the help of cyberlaw in our constitution.