Kali Linux: Goohost.sh extracts Hosts, IPs, or Email from Google

ski-mask-hacker-2

Goohost is a simple shell script written by Watakushi that extracts hosts/subdomains, ip or emails for a specific domain with Google search. Installation First create a directory for the installation $ mkdir -p /pentest/enumeration/google/goohost/ Then download the tool and make … Continue reading

Wordlists for Password Cracking and Other Brute Force Resources

Biggest password cracking wordlist

Brute Forcing and Dictionary Attacks are two methods of getting the same result, a password. Dictionary Cracking can mostly rely on the quality of your word list. Quite often, I have people ask me where they can get wordlists. It … Continue reading

How To Hack: Kali Linux Router Password Hack Using Medusa

medusa

Medusa is described as a “speedy, massively parallel, modular, login brute-forcer” with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa … Continue reading

How To Bypass Antivirus Detection – Making An Executable FUD

antivirus_5

So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Their are lots of approaches, however here we will take a look at how to make an executable FUD … Continue reading

Tutorial: MDK3 – Network Traffic Disruption

2008-11-06-wifi

Today, we are going to go over some options with the tool MDK3, however it has to be said that the use of these options can wreak havoc on wireless networks and should be used with caution ! And of … Continue reading

Tutorial: theHarvester – Collect a Company’s Email Addresses, Subdomains, Related Servers

theharvester-thumbnail

The information gathering steps of footprinting and scanning are of utmost importance. Good information gathering can make the difference between a successful penetration test and one that has failed to provide maximum benefit to the client. We can say that … Continue reading

Mimikatz: Windows Powershell Script for Dumping Local and Domain Passwords

powershell_2

clymb3r recently posted a script called “Invoke-Mimikatz.ps1” basically what this does is reflectively injects mimikatz into memory, calls for all the logonPasswords and exits. It even checks the targets architecture (x86/x64) first and injects the correct DLL. This is really … Continue reading

How To Hack: Creating an iOS7 Application Pentesting Environment

Unix-Iphone

Now that you have your shiny new Evasion7 jailbreak running it’s time to set up the environment for application testing! Getting in Since mobile substrate is not working yet we will focus on getting our idevice up and running as … Continue reading

How To Hack: Exploit SNMP for Reconnaissance

Hugh-Jackman-Swordfish

The more we know about a system or network, the better our chances of owning it and not leaving a trace for investigators to follow. One of the often overlooked sources for information is the Simple Network Management Protocol (SNMP). … Continue reading

How to Hack: Snatch the Sysadmin Password from Remote Desktop Protocol (RDP)

cain-rdp

One of the keys to becoming a professional and successful hacker is to think creatively. There is always a way to get into any network or system, if you think creatively. In previous tutorials, I have demonstrated ways to crack … Continue reading

Kali Linux on Android Using Linux Deploy

kali-android-deploy

Kali Linux on any Android Phone or Tablet Getting Kali Linux to run on ARM hardware has been a major goal since day one. So far, there have been native images built for the Samsung Chromebook, Odroid U2, Raspberry Pi, … Continue reading

All About Dos Attacks – Hacking Tutorials And Lessons

distributed-denial-of-service

The effects of a ping flood attack A person can get all excited when they learned to ping flood (Denial of Service) someone for the first time. The thought of having the power to slow someone’s network speed down might … Continue reading

How To Hack: Change the Signature of Payloads to Evade Antivirus

crypting

I’ve written several listener guides on creating a malicious PDF or malicious Word document that would carry in it a payload with the Meterpreter, or reverse shell enabling you to own the system. One of the hurdles to using these … Continue reading

Wireless Security: Everything you ever needed to know about Wifi Hacking

71zv9N8F-qL._SL500_AA300_

The following is a very thorough and concise overview of Wifi Security. I think it will be very important for my fellow Security Hacker / Pen Testers to have this knowledge stored away somewhere in the back of their head. … Continue reading

Hacking Tricks: LANs.py – Packet Parsing/Injecting ARP Poisoner

One_Byte_at_a_Time

LANs.py: (Download at Github) Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can … Continue reading

Hacking Wifi: Cracking WEP with Kali Linux

wifi-hacking

Today, we commonly find wireless networks around us. Most wireless networks are encrypted using WEP or WPA encryption methods. I was recently looking around my site and realized that I had not ever posted a how-to on easily cracking WEP. … Continue reading

How to Hack: Ultimate Metasploit Meterpreter Command Cheat Sheet

metasploit

Many of you have probably heard about the MetaSploit Meterpreter Shell. A number of you have probably even used it. But some of you are probably wondering, “What are all the commands for Meterpreter?” Well, here we have a comprehensive … Continue reading

How to Hack: Use Wireshark to Capture, Filter, and Inspect Packets

wireshark-logo

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets. This … Continue reading