First and foremost, it is important for you to understand that 'hacking' is a broad term. There are many aspects to it, most of which require several programming skills, but that shouldn't stop you from using the tools made available by the internet for you to take advantage of. Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also, consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is the fundamental and appropriate language that will kickstart you in the world of computing. So, now that you are set and ready to continue with the quest, allow me to present to you a simplistic and minimalistic reference guide.
Monday, December 21, 2015
Hacking Tutorial released from ANONYMOUS in ghostbin.com
This the hacking tutorial released by Anonymous last week on this link https://ghostbin.com/paste/jrr89#L29
Tuesday, December 8, 2015
Analise RAM dump file
In forensic investigations it's very important thing dump the RAM's data into a file and analyze the processes / tasks that were running on the dumped time. So let's look at how we can dump the RAM's content as a raw file and how we can analyze that file for get further more details.
For this we are going to use MoonSols windows memory toolkit. This toolkit contains with four or more related tools. But for in this case we need only one tool which is "ramdumpit.exe". We can build the raw file of our ram's dump in a particular time using this tool. Just run it and it will ask the ordinary "Are you sure?" question just give yes for it. now you will see the blahblah.raw file has been created which is the dump of our RAM. Now we need our second tool which is going to analyze our dump file.
For this we are going to use MoonSols windows memory toolkit. This toolkit contains with four or more related tools. But for in this case we need only one tool which is "ramdumpit.exe". We can build the raw file of our ram's dump in a particular time using this tool. Just run it and it will ask the ordinary "Are you sure?" question just give yes for it. now you will see the blahblah.raw file has been created which is the dump of our RAM. Now we need our second tool which is going to analyze our dump file.
Thursday, November 12, 2015
How to use C code in Python
Python and C combination is brilliant for programmers specially who writing network tools and exploits. For this purpose there are many ways to use both of them in one code and make the use of both languages. Previous days I was looking for a easy way(not easy actually fast way to approach my object which is make use of c code inside a python code) to do this. I was noticed there are many ways to do this. Some of them are,
There are other ways also to achieve this but I was impressed by using SWIG. It's so easy and simple to wrap the code. So here is the steps.
I'm going to wrap a simple C function called "func" on the C code "hello.c"
1 Step : Create hello.c
following is the code in hello.c
#include <stdio.h>
int func(){
printf("Hello World");
return 0;
}
2nd Step : Create interface file.
To add your C code to your desired language's code you need to create interface file which is input to SWIG. Here is the interface file which is "hello.i".
%module hello
%{
int func();
%}
int func();
As you can see at the first line you have to name the module you are going to create. In this case hello module will create. This is very similar to write C code. After you put brace on second line the block has been started. Inside this block you have to mention all of your headers and functions in your C code. Here I'm using C default header stdio.h so it's no need to mention in here. If you are using custom header with macros you need put it here like #include "example.h". Save the file.
3rd Step : Create setup.py file.
After 2nd step there are numerous ways to build you the shared object (so) file (in windows dll). But here I'm going to demonstrate build the so file using setup.py file. Following is the code for setup.py
#!/usr/bin/env python
from distutils.core import setup, Extension
hello_module = Extension('_hello', sources=['hello_wrap.c', 'hello.c'], )
setup (name = 'anyname',
version = '0.1',
author = "your name",
description = """docs""",
ext_modules = [hello_module],
py_modules = ["hello"], )
4th Step : run SWIG.
swig -python hello.i
5th Step : Run setup.py
To build our so file and make use the c code inside python code lets run setup.py
python setup.py build_ext --inplace
build_ext - this will build extensions
--inplace - build the so file in same directory shell opened.
Now you can import the module that you coded from c like this
import hello
hello.func()
When you run this it will print Hello World.
Note :
Remember this. You can import the module if you are in the same directory that you have created the so file. Other wise it cannot be imported. To import module in python file while you are in different directory you have to copy the .py file, .so file and .pyc file to that directory. Then only you can run the program that you create using the module.
- According to Extending Python with C doc (https://docs.python.org/2/extending/extending.html).
- Some languages has built in combine with features of these two languages such as Pyrex, Cython.
- Using ctype module.
- Using a SWIG (Simple Wrapper Interface Generator)
There are other ways also to achieve this but I was impressed by using SWIG. It's so easy and simple to wrap the code. So here is the steps.
I'm going to wrap a simple C function called "func" on the C code "hello.c"
1 Step : Create hello.c
following is the code in hello.c
#include <stdio.h>
int func(){
printf("Hello World");
return 0;
}
2nd Step : Create interface file.
To add your C code to your desired language's code you need to create interface file which is input to SWIG. Here is the interface file which is "hello.i".
%module hello
%{
int func();
%}
int func();
As you can see at the first line you have to name the module you are going to create. In this case hello module will create. This is very similar to write C code. After you put brace on second line the block has been started. Inside this block you have to mention all of your headers and functions in your C code. Here I'm using C default header stdio.h so it's no need to mention in here. If you are using custom header with macros you need put it here like #include "example.h". Save the file.
3rd Step : Create setup.py file.
After 2nd step there are numerous ways to build you the shared object (so) file (in windows dll). But here I'm going to demonstrate build the so file using setup.py file. Following is the code for setup.py
#!/usr/bin/env python
from distutils.core import setup, Extension
hello_module = Extension('_hello', sources=['hello_wrap.c', 'hello.c'], )
setup (name = 'anyname',
version = '0.1',
author = "your name",
description = """docs""",
ext_modules = [hello_module],
py_modules = ["hello"], )
Be careful about bold items. First bold item type any variable name. In second bold item type "_" as prefix to your c file name. It's important. Third bold item ; when you run swig with hello.i it will generate file called "hello_wrap.c". This file is mentioned here. Forth bold item is your source code to wrap. Inside setup module fifth bold item is the variable that the first bold item. Sixth bold item is important because this module name will use when we importing module.4th Step : run SWIG.
Type the following in shell to get the hello_wrap.c create the so file.
swig -python hello.i
5th Step : Run setup.py
To build our so file and make use the c code inside python code lets run setup.py
python setup.py build_ext --inplace
build_ext - this will build extensions
--inplace - build the so file in same directory shell opened.
Now you can import the module that you coded from c like this
import hello
hello.func()
When you run this it will print Hello World.
Note :
Remember this. You can import the module if you are in the same directory that you have created the so file. Other wise it cannot be imported. To import module in python file while you are in different directory you have to copy the .py file, .so file and .pyc file to that directory. Then only you can run the program that you create using the module.
Tuesday, November 3, 2015
Creating Swap space
Swap space is like virtual memory in Windows. In Linux environment it's very important to manage memory in occasions such as OOM(out of memory). When Large programs run simultaneously this can occur if it's a server the case is worst. So we have to assign additional memory space from our hard disk to avoid OOM. But assign memory in hard disk is not a good practice because reading and writing on hard disk is very slow with compared to RAM. So using swap space or virtual memory is more convenient in SSD. Any way here is how to assign swap space on hard disk
Hack Windows 10
Windows 10 is the Microsoft's latest OS for 2015. It's so attractive and it's better than Windows 8. For me it's great. Any way in this post I'm going to show you how to hack the Windows 10. That means I'm going to tell about following things.
In windows XP, Vista, 7, and some times 8 we could use Hiren's Boot disk to achieve this. But believe me I've tried using Hiren's Boot any of password resetting or renewing or account type changing was not affected for Windows 10. So after Windows 10 HDB 15.2 will be expired.
- How to change the administrator password without administrator login ?
- How to create user accounts without administrator permission ?
- And what you should do if you forgot your live account password (If you are using your live account to login to administrator account.) ?
In windows XP, Vista, 7, and some times 8 we could use Hiren's Boot disk to achieve this. But believe me I've tried using Hiren's Boot any of password resetting or renewing or account type changing was not affected for Windows 10. So after Windows 10 HDB 15.2 will be expired.
Tuesday, October 20, 2015
Using WP Scan
As the SQL Map in Kali WP Scan also very valuable tool to find vulnerabilities and hack web sites. It's totally focused on Word Press. Using this we can find the exploits, vulnerabilities of web sites which are hosted in web hosting services, using Word Press.So if you noticed that you are following a website that is use Word Press this tool will be great help.
Open the Kali terminal and type
Find the Exploits for the web site
Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax
wpscan --url <URL of the web site>
Find the User names of Site admins.
The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax
Open the Kali terminal and type
Find the Exploits for the web site
Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax
wpscan --url <URL of the web site>
Find the User names of Site admins.
The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax
Monday, October 19, 2015
SQL Map for sql injection
Kali OS is a must for a pen tester today. Because it has bundled hundreds of hacking tools into one OS. It makes us easier to find the vulnerabilities and make the use of exploits.
Within those hundreds of tools this post will discus about SQL Map tool which is very useful for pen testers to find out the SQL Injection vulnerability.
SQL injections are common in every SQL database system. But in each different manner. We can do manually also a SQL injection attack. But if we tried to do it manually (without using tools) it may take very long time to get the database. Cause we have to try again and again by changing the URL. It's very crucial task. That's why SQL injection tools become more popular such as Havij, SQL ninja, SQL dump.
Note : before you use this tool you should have detected that the web server is vulnerable for SQL injection attacks. How we can get know that ? Simply type a apostrophe(') at the end of the URL(URLs which have "php?id=num" at the end.in this "num" is a numeric char 0-9) and enter. If the web server is vulnerable for SQL injection server will returns a error page which warning that our query is wrong.some times it shows what database is it and version also.
Subscribe to:
Posts (Atom)