Creeper Creative. Powered by Blogger.

Blog Archive

Tags

Subscribe Here

Label

Categories

Recent

Popular

Video

Monday, August 31, 2020

Iemhacker-kali-windows

How it works?
 * Kali Linux with XFCE Desktop Environment in Windows Subsystem for Linux (WSL)
 * VcXsrv X Server for Windows is doing the hard GUI lifting
 * XFCE is started natively in WSL and displayed by VcXsrv

Install Voodoo-Kali:
 1, Enable WSL and install Kali Linux from the Microsoft Store. Read Install Kali Linux desktop on Windows 10 from Microsoft Store

 2, To start Kali Linux in Windows 10, open Command Prompt and enter the command: kali

 3, Enter this commands:
      apt install wget -y 
      wget https://raw.githubusercontent.com/Re4son/WSL-Kali-X/master/install-WSL-Kali-X
      bash ./install-WSL-Kali-X

 4, Download and install VcXsrv Windows X Server from SourceForge

 5, Start VcXsrv, accept change in firewall rules, exit VcXsrv

Run Voodoo-Kali:
   Start kali in Windows as normal user (that's default), and launch Voodoo-Kali:
    * as normal user: ./start-xfce
    * as root: sudo /root/xtart-xfce

Run Kali Desktop in an RDP session:
   In Kali Linux WSL, type: sudo /etc/init.d/xrdp start
   In Windows 10, open Run and enter mstsc.exe and connect to "127.0.0.1:3390"
remote%2Bdesktop

Status: Voodoo-Kali is in its infancy and it is far from being elegant. I'm working on it though and step by step I'll push out improvements. Below a snippet of the To-Do list:
 * Clean up and comment the scripts
 * Make for a cleaner exit
 * Better error handling and dependency checking (get rid of sleep, etc.)
 * Improve stability of Java programs
 * Improve the looks??
 * …

   Any help is truly appreciated, in any shape or form – from tips to pull requests.
   Why don't you join the forums to discuss?

Further Information:
 * Offsec – Kali Linux in the Windows App Store
 * MSDN – Windows Subsystem for Linux Overview

                                       Download Voodoo-Kali
More articles

  1. Hacker Tools Mac
  2. Hack Tools For Games
  3. Hacking Tools Usb
  4. Black Hat Hacker Tools
  5. Pentest Tools Find Subdomains
  6. Pentest Tools Free
  7. Hacker Techniques Tools And Incident Handling
  8. New Hack Tools
  9. Physical Pentest Tools
  10. Growth Hacker Tools
  11. Hacking Tools For Beginners
  12. Underground Hacker Sites
  13. Pentest Tools For Android
  14. Hacker Tools Linux
  15. Hacking Tools For Windows 7
  16. Pentest Tools Url Fuzzer
  17. Hacker Tools Linux
  18. Hacking Tools
  19. Pentest Tools Nmap
  20. Pentest Tools For Android
  21. Pentest Tools Open Source
  22. Hacker Tools For Windows
  23. Pentest Box Tools Download
  24. Hack Tools For Mac
  25. Hacking Tools Windows
  26. Hacking Tools For Mac
  27. Hack Tools
  28. Hacker Tools Linux
  29. Github Hacking Tools
  30. World No 1 Hacker Software
  31. Pentest Tools Kali Linux
  32. Termux Hacking Tools 2019
  33. Pentest Tools Github
  34. Hacker Tools
  35. Free Pentest Tools For Windows
  36. Kik Hack Tools
  37. Hacking Tools Download
  38. Pentest Tools Alternative
  39. Pentest Tools Open Source
  40. Hacking Tools Usb
  41. Hacker Tool Kit
  42. Underground Hacker Sites
  43. Hack Tools For Games
  44. Pentest Tools For Ubuntu
  45. Pentest Tools Alternative
  46. Physical Pentest Tools
  47. Hacks And Tools
  48. Ethical Hacker Tools
  49. Hacking Tools 2020
  50. Hacker Tools 2019
  51. Hacking Tools Pc
  52. Best Hacking Tools 2020

Sunday, August 30, 2020

What is the process of hacking or phases of hacking?
Hacking is broken up into six phases:The more you get close to all phases,the more stealth will be your attack.

1-Reconnaissance-This is the primary phase of hacking where hacker tries to collect as much as information as possible about the target.It includes identifying the target,domain name registration records of the target, mail server records,DNS records.The tools that are widely used in the process is NMAP,Hping,Maltego, and Google Dorks.

2-Scanning-This makes up the base of hacking! This is where planning for attack actually begins! The tools used in this process are Nessus,Nexpose,and NMAP. After reconnaissance the attacker scans the target for services running,open ports,firewall detection,finding out vulnerabilities,operating system detection.

3-Gaining Access-In this process the attacker executes the attack based on vulnerabilities which were identified during scanning!  After the successful, he get access to the target network or enter in to the system.The primary tools that is used in this process is Metasploit.

4-Maintaining Access-It is the process where the hacker has already gained access in to a system. After gaining access the hacker, the hacker installs some backdoors in order to enter in to the system when he needs access in this owned system in future. Metasploit is the preffered toll in this process.

5-Clearning track or Covering track-To avoid getting traced and caught,hacker clears all the tracks by clearing all kinds of logs and deleted the uploaded backdoor and anything in this process related stuff which may later reflect his presence!

6-Reporting-Reporting is the last step of finishing the ethical hacking process.Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used,the success rate,vulnerabilities found,and the exploit process.

More information




The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we've been watching the project since the very early days. They say this new beta is both stable and usable. They've moved towards behaving like an actual distribution: it's based on Debian core, they use Ubuntu software, and they're running their own BackTrack repositories for future updates. There are a lot of new features, but the one we're most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.




More information


Saturday, August 29, 2020


When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material.

What this tool does, is enumerate S3 bucket names using common patterns I have identified during my time bug hunting and pentesting. Permutations are supported on a root domain name using a custom wordlist. I highly recommend the one packaged within AltDNS.

The following information about every bucket found to exist will be returned:
  • List Permission
  • Write Permission
  • Region the Bucket exists in
  • If the bucket has all access disabled

Installation
go get -u github.com/glen-mac/goGetBucket

Usage
goGetBucket -m ~/tools/altdns/words.txt -d <domain> -o <output> -i <wordlist>
Usage of ./goGetBucket:
  -d string
        Supplied domain name (used with mutation flag)
  -f string
        Path to a testfile (default "/tmp/test.file")
  -i string
        Path to input wordlist to enumerate
  -k string
        Keyword list (used with mutation flag)
  -m string
        Path to mutation wordlist (requires domain flag)
  -o string
        Path to output file to store log
  -t int
        Number of concurrent threads (default 100)
Throughout my use of the tool, I have produced the best results when I feed in a list (-i) of subdomains for a root domain I am interested in. E.G:
www.domain.com
mail.domain.com
dev.domain.com
The test file (-f) is a file that the script will attempt to store in the bucket to test write permissions. So maybe store your contact information and a warning message if this is performed during a bounty?
The keyword list (-k) is concatenated with the root domain name (-d) and the domain without the TLD to permutate using the supplied permuation wordlist (-m).
Be sure not to increase the threads too high (-t) - as the AWS has API rate limiting that will kick in and start giving an undesired return code.

More information


Subscribe to: Comments (Atom)
 
Twitter Facebook Dribbble Tumblr Last FM Flickr Behance