Tuesday, November 3, 2015
Creating Swap space
Swap space is like virtual memory in Windows. In Linux environment it's very important to manage memory in occasions such as OOM(out of memory). When Large programs run simultaneously this can occur if it's a server the case is worst. So we have to assign additional memory space from our hard disk to avoid OOM. But assign memory in hard disk is not a good practice because reading and writing on hard disk is very slow with compared to RAM. So using swap space or virtual memory is more convenient in SSD. Any way here is how to assign swap space on hard disk
Hack Windows 10
Windows 10 is the Microsoft's latest OS for 2015. It's so attractive and it's better than Windows 8. For me it's great. Any way in this post I'm going to show you how to hack the Windows 10. That means I'm going to tell about following things.
In windows XP, Vista, 7, and some times 8 we could use Hiren's Boot disk to achieve this. But believe me I've tried using Hiren's Boot any of password resetting or renewing or account type changing was not affected for Windows 10. So after Windows 10 HDB 15.2 will be expired.
- How to change the administrator password without administrator login ?
- How to create user accounts without administrator permission ?
- And what you should do if you forgot your live account password (If you are using your live account to login to administrator account.) ?
In windows XP, Vista, 7, and some times 8 we could use Hiren's Boot disk to achieve this. But believe me I've tried using Hiren's Boot any of password resetting or renewing or account type changing was not affected for Windows 10. So after Windows 10 HDB 15.2 will be expired.
Tuesday, October 20, 2015
Using WP Scan
As the SQL Map in Kali WP Scan also very valuable tool to find vulnerabilities and hack web sites. It's totally focused on Word Press. Using this we can find the exploits, vulnerabilities of web sites which are hosted in web hosting services, using Word Press.So if you noticed that you are following a website that is use Word Press this tool will be great help.
Open the Kali terminal and type
Find the Exploits for the web site
Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax
wpscan --url <URL of the web site>
Find the User names of Site admins.
The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax
Open the Kali terminal and type
Find the Exploits for the web site
Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax
wpscan --url <URL of the web site>
Find the User names of Site admins.
The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax
Monday, October 19, 2015
SQL Map for sql injection
Kali OS is a must for a pen tester today. Because it has bundled hundreds of hacking tools into one OS. It makes us easier to find the vulnerabilities and make the use of exploits.
Within those hundreds of tools this post will discus about SQL Map tool which is very useful for pen testers to find out the SQL Injection vulnerability.
SQL injections are common in every SQL database system. But in each different manner. We can do manually also a SQL injection attack. But if we tried to do it manually (without using tools) it may take very long time to get the database. Cause we have to try again and again by changing the URL. It's very crucial task. That's why SQL injection tools become more popular such as Havij, SQL ninja, SQL dump.
Note : before you use this tool you should have detected that the web server is vulnerable for SQL injection attacks. How we can get know that ? Simply type a apostrophe(') at the end of the URL(URLs which have "php?id=num" at the end.in this "num" is a numeric char 0-9) and enter. If the web server is vulnerable for SQL injection server will returns a error page which warning that our query is wrong.some times it shows what database is it and version also.
Sunday, August 30, 2015
scapy for hacking
Scapy is a Python based program. It's using for packet building. Actually you can build the complete IP packet using scapy. It's very useful achieve following hacking techniques.
1. IP spooifng.
2. ARP spoofing.
3. SYN flood.
4. Traceroute.
And more more other things can be done using this tool.
First we will start from Traceroute.
Traceroute.
Traceroute is a tool used in Windows to trace the route to a particular destination address. That's means the intermediate hops situated between the destination and source. In Windows cmd simply type tracert <destination> . Then it will gives you a clear image of what are the intermediate hops. But pathping in cmd gives us comprehensive view of what are the hosts between destination and the source and also the packet loss also between each intermediate host.
This tool can be written using scapy module in python. Actually how the traceroute happens. Every IP packet has a field called ttl(time to live). This field define how many hops the packet can go. If ttl equals to 5, that's mean it can only go through 5 hops.When it received to the nearest host it will reduce the ttl value by one. So let's say we put the ttl value of a packet to 2 and we send it as a ICMP packet...Then the replies came are from the 2nd hop from the source. If we look at the received packet's source address we can determine who are the 2nd hop from the source. So following is the code to achieve these things in Python.
#! /usr/bin/python
from scapy.all import IP,UDP,ICMP
packet = IP(dst = destination add. ttl = 5) / ICMP()
reply = sr(packet)
print reply.src
This code will print the 5 hosts between the source and the destination.
IP Spoofing.
Sunday, August 16, 2015
How to make your own Decompression bomb
What is a decompression bomb.
Decompression bomb is a file which is compressed that apparently looks very small file but when it decompressed it becomes a huge file which will eat your disk space and memory to copy. It may be freeze your machine or corrupt files and may be damage to OS.What is the technique behind this.
The technique is compression. ZIP TAR RAR ...etc. These compression tools get the files' bits and match the patterns. For these patterns they adds certain bits to identify at the decompression. Advantage of this use to make a decompression bomb.Let's make it.
I will introduce here you 2 ways to make a Decompression bomb your self.Using Linux
Get terminal and type as follow
dd if=/dev/zero bs=1024 count=1000000 | zip bomb.zip -
/dev/zero is a device file which is null. This will create a 1gig null file and zip it as bomb.zip. bs is for Block Size and as count you can specify the size of the bomb. Remember to put the Dash at the end.
In this method I've tested it created 1Gb file into 1Mb zip.
Using Notepad in windows.
Using notepad also we can create a Decompression bomb. We can write a null file using Alt+255.
Open notepad, turn on num and hold Alt , type 255 with Alt. Then you can see null (zero) block written. Type this for several times , select all , copy it and paste it. Paste several times and select all again and then you can copy a big block. Like that you can create a huge txt file with zeros.
After you've create the txt you can see the size of your file. This may be 500mb or may be few Gbs. Copy the txt and make several copies of this txt in the same folder. Open the cmd in the same directory and type copy /b *.txt bomb.txt
This will be create a one file called bomb.txt including all copies that you created. Make a zip file by this bomb.txt.
In this method i tested it created a 4Gb txt into 8Mb zip
Thursday, August 13, 2015
How to Reset Linux Root password without login
Access Single User Mode (Reset Root Password)
To reset the root password of your server, you will need to boot into single user mode.
Access the Manage section of your server in the customer portal and follow these steps. The option depends on the bootloader version on the machine:
CentOS 6
- Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
- You will see a GRUB boot prompt telling you to press any key - you have only a few seconds to press a key to stop the automated booting process. (If you miss this prompt you will need to restart the VM again)
- At the GRUB prompt, type "a" to append to the boot command.
- Add the text "single" and press enter.
- System will boot and you will see the root prompt. Type "passwd" to change the root-password and then reboot again.
Debian, Ubuntu, CentOS 7
- Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
- As soon as the boot process starts, press ESC to bring up the GRUB boot prompt. You may need to turn the system off from the control panel and then back on to reach the GRUB boot prompt.
- You will see a GRUB boot prompt - press "e" to edit the first boot option. (If you do not see the GRUB prompt, you may need to press any key to bring it up before the machine boots)
- Find the kernel line (starts with "linux /boot/") and add init="/bin/bash" at the end of the line
- Press CTRL-X or F10 to boot.
- System will boot and you will see the root prompt. Type "mount -rw -o remount /" and then "passwd" to change the root password and then reboot again.
Subscribe to:
Posts (Atom)