7 Must have tools for every Hacker

All these tools provided here are free of cost,are tried hands on and are being actively developed by community,and if not,their alternatives are provided.To summarize it up, these are the 7 must have tools for every hacker

HEARTBLEED Bug Explanation

It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal.

Beginners guide to hacking

The Basic And Advanced Steps of Hacking And Will Help You Develop The Hacker Attitude.You Will Learn Various Kinds Of Hacking

Just Fucking Google it .....

This is for people that ask how to hack facebook and how to unzip a file and how to sfix erorrs in kali linux , and how to hack a wep

Hacking Facebook Using Man in the Middle Attack

Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hacking Facebook using MITM(Man in the Middle). This attack usually happen inside a Local Area Network(LAN) in office, internet cafe, apartment, etc.

Friday, May 23, 2014

0

10 Programming Languages You Should Learn in 2014

  12:32 AM  
The tech sector is booming. If you've used a smartphone or logged on to a computer at least once in the last few years, you've probably noticed this.
As a result, coding skills are in high demand, with programming jobs paying significantly more than the average position. Even beyond the tech world, an understanding of at least one programming language makes an impressive addition to any resumé.
The in-vogue languages vary by employment sector. Financial and enterprise systems need to perform complicated functions and remain highly organized, requiring languages like Java and C#. Media- and design-related webpages and software will require dynamic, versatile and functional languages with minimal code, such as Ruby, PHP, JavaScript and Objective-C.
With some help from Lynda.com, we've compiled a list of 10 of the most sought-after programming languages to get you up to speed.

1. Java

Java

What it is: Java is a class-based, object-oriented programming language developed by Sun Microsystems in the 1990s. It's one of the most in-demand programming languages, a standard for enterprise software, web-based content, games and mobile apps, as well as the Android operating system. Java is designed to work across multiple software platforms, meaning a program written on Mac OS X, for example, could also run on Windows.
Where to learn it: UdemyLynda.comOracle.comLearnJavaOnline.org.

2. C Language

C Language

What it is: A general-purpose, imperative programming language developed in the early '70s, C is the oldest and most widely used language, providing the building blocks for other popular languages, such as C#, Java, JavaScript and Python. C is mostly used for implementing operating systems and embedded applications.
Because it provides the foundation for many other languages, it is advisable to learn C (and C++) before moving on to others.

3. C++

C Plus Plus

What it is: C++ is an intermediate-level language with object-oriented programming features, originally designed to enhance the C language. C++ powers major software like Firefox, Winamp and Adobe programs. It's used to develop systems software, application software, high-performance server and client applications and video games.

4. C#

C Sharp

What it is: Pronounced "C-sharp," C# is a multi-paradigm language developed by Microsoft as part of its .NET initiative. Combining principles from C and C++, C# is a general-purpose language used to develop software for Microsoft and Windows platforms.

5. Objective-C

Objective-C

What it is: Objective-C is a general-purpose, object-oriented programming language used by the Apple operating system. It powers Apple's OS X and iOS, as well as its APIs, and can be used to create iPhone apps, which has generated a huge demand for this once-outmoded programming language.

6. PHP

PHP

What it is: PHP (Hypertext Processor) is a free, server-side scripting language designed for dynamic websites and app development. It can be directly embedded into an HTML source document rather than an external file, which has made it a popular programming language for web developers. 

7. Python

Python

What it is: Python is a high-level, server-side scripting language for websites and mobile apps. It's considered a fairly easy language for beginners due to its readability and compact syntax, meaning developers can use fewer lines of code to express a concept than they would in other languages. It powers the web apps for Instagram, Pinterest and Rdio through its associated web framework, Django, and is used by Google, Yahoo! and NASA.
Where to learn it: UdemyCodecademyLynda.comLearnPython.orgPython.org.

8. Ruby

Ruby

What it is: A dynamic, object-oriented scripting language for developing websites and mobile apps, Ruby was designed to be simple and easy to write. It powers the Ruby on Rails (or Rails) framework, which is used on Scribd, GitHub, Groupon and Shopify. Like Python, Ruby is considered a fairly user-friendly language for beginners.
Where to learn it: CodecademyCode SchoolTryRuby.orgRubyMonk.

9. JavaScript

JavaScript

What it is: JavaScript is a client and server-side scripting language developed by Netscape that derives much of its syntax from C. It can be used across multiple web browsers and is considered essential for developing interactive or animated web functions. It is also used in game development and writing desktop applications. JavaScript interpreters are embedded in Google's Chrome extensions, Apple's Safari extensions, Adobe Acrobat and Reader, and Adobe's Creative Suite.
Where to learn it: CodecademyLynda.comCode SchoolTreehouseLearn-JS.org.

10. SQL

SQL

What it is: Structured Query Language (SQL) is a special-purpose language for managing data in relational database management systems. It is most commonly used for its "Query" function, which searches informational databases. SQL was standardized by the American National Standards Institute (ANSI) and the International Organization for Standardization (ISO) in the 1980s.
Read More

Sunday, May 18, 2014

0

How to Use Ravan, JavaScript based Distributed Password cracking ? ? ?

  2:19 AM  ,

You want to crack a hash but your system speed is low?! No need to worry..! Here is solution for you , "Distributed Password Cracking". Let me introduce a new tool called "Ravan" 
About Ravan:
Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.
Ravan now supports MD5,SHA1,SHA256,SHA512 hashes.

How it works?
Ravan has three components:

Master:
The hash, salt, hashing algorithm, position of the salt (before or after salt) and the charset are submitted by the user. These are submitted to the web backend and it returns a ‘hash id’ which is unique to every submitted hash. It also supplies a ‘worker url’ specific to this hash that must be sent to potential workers.
Once the hash is submitted the master creates arrays of slots (each array contains 5 slots), this is submitted to the web backend. Each slot represents a small part of the keyspace, this is how the entire activity is broken down in to multiple tiny tasks. A single slot represents 1 million combinations.
The master constantly polls the web backend to check on the progress of the cracking process. As the existing list of slots is completed by the workers the master allots more slots. When a worker cracks the hash and returns the clear-text value the master confirm this and then signals all workers to stop cracking.

Web Backend:
The web backend acts as a proxy between the master and the workers. It does not perform any actual computation but validates the data submitted by both the parties and passes information between them.

Worker:
The worker performs the actual hard work of cracking the hashes. Each hash has a unique worker URL and this page explicitly asks for the user permission before the cracking process is started. Once the user accepts and clicks ‘Start’ the worker polls the web backend for available slots, the web backend returns an array of slots from its database. The worker cracks each slot and sends the result to the web backend. After completing all the slots it polls the web backend for more slots.

Here is the tool:

Requriments:
Lot of Friends :
Ravan is Distributed password cracking method. So you will need lot of friends who have Pc with Internet connection. The speed of cracking will increase based on the number of pc contribute in thecracking.

How to use Ravan?

Step1:
  • Go to http://www.andlabs.org/tools/ravan.html
  • Enter the value of the hash that must be cracked
  • Enter the value of the salt, if it is not a salted hash then leave it blank
  • Enter the charset. Only these characters will be use in the brute force attack
  • Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
  • Select the position of the salt. (clear-text+salt or salt+clear-text)
  • Hit ‘Submit Hash’
Step 2:
 If hash is successfully submitted, it would return a URL.  Now you just need to send this URL to all your friends and ask them to click the start button.
    The main page manages the cracking so it must not be closed or the cracking would fail.

That is it. Once your friends click start they would be doing pieces of the work and submitting resultsback. 

The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed.

Final Words

Thanks for visiting my blog ! I hope this article helped you !
 If you have any question or suggestion feel free to comment below.
 Also don't forget to like us on Facebook

Read More

Saturday, May 17, 2014

0

Things Need To Know Before Hacking/Pentesting Website

  12:01 AM  
Before attacking(pentesting) a website we must need to gather some important value and then mapping the attack surface. If we don’t understand how the site is working, what is available on the site, what type of input it takes etc then we will not be able to make a good attack(Rarely success without passing gathering information). Many skid exist around us who just start looking for SQL injection or start brute forcing the web form and at least fail .
Gathering information and mapping the site is very very important So i will explain(not very deBlockedls) how to, what looks for etc.
Spidering the web:
Basically i look for links, web form, source code, directory etc.
There are many tools you spider target website. But I prefer a proxy tools such Burp suit,owasp-zap and a downloader wget .
We may find out many important information from spidering the target.
Screen shot of Burp suit:
Burpsuite
burp suite spidering
Burp suite spiderd some important link which we nee for later attack(Directory,login page, password forgotten pages, robots.txt etc) .
Configuring the burp suite for spider the web :
1. Open the burp suite .
2. Configure your browser as proxy for burp suite>> Firefox: preference>>Advance>>Network>>Setting>>Manual proxy configuration and enter host: localhost and port: 8080
Screen shot:
burpsuite proxy setup
3. Now browser your target website. And you will see your target address in the burp suite proxy’s target menu.
4. Now right click on your target host from burp then click on the “Spider this host”
Screen shot:
burpsuite spider
Now it will spider the website.Notelay more with burp suite.
Now we know to configure browser for burp suite and spidering the target host. So let’s continue gathering information.
It is more good thing downloading the entire website using wget or other downloader so that we can browse it offline see the page source code, comment etc. Besides we may need to brute force the web form or anything and creating word list from the target site. So Simply i use wget :
wget -r www.target.com
And it will download the full website. Now browse all pages, see source code, coment etc and see if you i/you get any good information .
Information Gathering with Google:
Google is very powerful search engine and friend for hackers and penetration testers. We can gather many information by google easily. Such as all public information, email, parameter of the site, name, phone etc.
If we search on google with operator ‘site’ then we get many result :
Click on the link and you will see.
I have searched : site:microsoft.com thats why it discovered subdomain. But if we search “site:www.microsoft.com” then we will see result from only www.microsft.com , not for other sub-domains such as login.microsoft.com
More example :
site:www.targets.com filetype:asp
site:www.targets.com inurl:index.php
site:targets.com error
site:targets.com admin
link:targets.com
related:targets.com
You will find many Google dork : http://www.exploit-db.com/google-dorks/
Don’t be lazy if you are serious.
There are some tools for automated search but i always prefer manually.
So suppose you found a url like : www.target.com/index.php?id=2 by search engine. So is not easy for quick check for invalid input on the “id” parameter(such as SQLi)?
Finding hidden file and content,default file:
You should browse all pages manually, review behavior for all pages. Here some point you can follow :
1. Brute force/Dictionary attack for hidden directory. You can use Burp suite or owasp DirBuster(I will post later about all tools tutorial).
2. See if you find any link like : www.target.com/login.php then there may be also logout.php, or if there is a www.taget.com/adduser.php then it may also exist www.target.com/deleteuser.php…. So try.
3. See the comment in the pages source for any interesting information.
4. Find out the login pages(admin+users).
5. Find out all url and save in a file for later uses.
6. Find out default file,content(What about www.target.com/phpinfo.php?).
7. I think you better run nikto against the site . Nikto is powerful tool for discovering default content.
Finding other information:
What is other information ?
1. Email(Social Engineering attack).
2. Phone number(Social Engineering).
3. Users and employee name(Social Engineering).
4. Find out the web server version. What version of apache, iis they are using? Perhaps if it is old then you may be lucky to find out some vulnerability on exploit-db,security focus for known vulnerability against the old software.
5. What type of web software are they using? Joomla, MyBB, PhpBB , Vbulletin or other? Do you know what version ? If these are old then you may search for vulnerability which already discovered before.
I think you got some basic idea how to gather information and why you need to gather information. Without gathering information we can’t map our target. For example , If we don’t know how our victim walk, he knows the kung-fu or not(If he knows kung-fu then we also need to be more powerful than him such as becoming expert Kung-Fu Fighter).
These are not only techniques for gathering information. You need more research about your target, Learn more techniques of information gathering, Use your powerful friend Google. I don’t think so that it is possible to discover some wealth information within a short time. Personally i spend lot of time for familiarizing with my target, spend a long time for gathering information and mapping the target. If you are skid/script kiddies and want to hack just for fun or it is not important for you then sure you have no patient and time for mapping your targets. But a serious hacker will spend lots of time(most of time) for his targets. At least i hope that i explained most of important thing you need.
WITHOUT THESE INFORMATION YOU SHOULD NOT GO AHEAD .
Good Luck

About the Author

Rajat Karmarkar
Karthik Haxor - Is the Founder and CEO of Cyber Haxo. He is an Information Security Analyst, Ethical Hacker and Crypto Currency Expert. He likes to Pentesting Websites and Vulnerability Research.
Read More