Tuesday 23 May 2017

PYTHON - Simple Calculator

PYTHON - Simple Calculator

print("RoCk StAr DeViL")
while True:
print("Options:")
print("Enter 'add' to add two numbers")
print("Enter 'subtract' to subtract two numbers")
print("Enter 'multiply' to multiply two numbers")
print("Enter 'divide' to divide two numbers")
print("Enter 'quit' to end the program")
user_input = input(":")
if user_input == "quit":
    break
elif user_input == "add":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 + num2)
    print("The answer is " + result)
elif user_input == "multiply":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 * num2)
    print("The answer is " + result)
elif user_input == "subtract":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 - num2)
    print("The answer is " + result)
elif user_input == "divide":
    num1 = float(input("Enter a number: "))
    num2 = float(input("Enter another number: "))
    result = str(num1 / num2)
    print("The answer is " + result)
elif user_input != "add" or "subtract" or "mulitply" or "divide" or "quit":
    print("Please enter a valid option.")

EXAMPLE -

python - example "for while loop" for addtion and substration

a = 1
s = 0
print('enter number to add to the sum')
print ('enter 0 to quit')

while a != 0:
    print('current sum', s)
    a = float(input('no.?     '))
    s = s + a
    print ('total sum = ' ,s)

Monday 22 May 2017

VMware Workstation 6,7,8,9,10,11,12 Universal License Keys for Win & Linux

universal License Keys for all old versions of VMware Workstation 6.x, 7.x, 8.x, 9.x, 10.x, 11.x and 12.x on Windows & Linux (supports both 32-bit and 64-bit OS) in this one post. If you�re finding the ones for VMware Workstation 12.x, go here.

// 6~12 Universal License Keys List //

Version	License Keys
VMware Workstation 6.x	A0E8R-YUDFV-6AK2F-4GAN2 CRX0D-VWL0V-7CJ6C-46C7A NA8RX-QPNDU-D2LA9-4WAZL 1H4WM-N21FZ-7GK2A-44U5U 6AJ6N-THY2P-42KEF-4WTFG
VMware Workstation 7.x	FU3D8-28X0N-H8DJQ-4GZZX-MY2T8 ZY7M2-8ZX81-0813Y-AWPG9-PP0G6 CC3W8-DTX9M-4853Y-HPQGX-NU8X6 YU15U-6TWDQ-H88RZ-GGNXC-QFATA AF1T0-FMZEL-H88FQ-N5NXG-PZUX0 GC3MU-28W06-M80WQ-R4ZXV-YFK98 UA5J0-0HW13-48EMY-VXQNZ-NFUD2 VF7WU-2GF14-488CP-R4Z7Z-NL2YF
VMware Workstation 8.x	0A494-8U0EM-UZ2A9-0105M-A303M MA406-25387-7ZNW8-F197P-1AL2D 4A4GP-6PLD0-QZTP9-WK0NK-C3UQD 4A2XP-D03DN-7Z6H9-Z2ANM-0C9PFD 0F0G8-FK29Q-AZ529-2J1NP-AC02F
VMware Workstation 9.x	5U63Y-6QL1K-GZ7K0-ZV17M-3CMQ0 JY4TJ-68L9H-8ZQE1-GA1Q2-03K22 MF471-0R007-RZHD9-TLCNK-3204G JF09R-AU34Q-7Z6R8-JKAN0-9C7QJ HY4KG-6KK47-CZCC1-Y8CQ4-13DK1 0U28Q-DP31H-QZL68-8J0QH-AAUK4 0F0PV-AWJ0L-GZLM0-H1874-CA839 0A6H6-4DL4N-KZQX9-Y09QH-9AF3G 0F23V-4D38L-9ZQ38-2K37H-83C50 0F03K-80JEQ-8ZF89-8287H-A2R47 0A22R-400EM-EZ4W8-3K9NK-3AUPL NA64Z-0V054-UZVC0-2L370-837K4
VMware Workstation 10.x	5F211-0MJ82-LZE99-9LCN0-A3A3M 4F4HJ-FDL83-KZVL9-LC17P-22JJG HV0RV-00K4K-GZ8N1-XUAN2-23Z4A MY2A4-DMJ8N-HZUA8-2V2Q6-02EKD NY65G-6238N-PZQ59-1L172-9AT4L 5Y2RY-FK21L-YZZY8-VV1Q4-1A24R JY65Q-43L9J-TZGP8-80AQH-3AG3H 0Z6PT-F0K50-QZXW8-698Q0-3AR69 NF05Z-08346-TZDE0-213NK-C3Q59 1F0ML-FRH97-0ZZA8-1JA74-8AF6X 5F29M-48312-8ZDF9-A8A5K-2AM0Z
VMware Workstation 11.x	VV7XU-F6DDQ-485DZ-X4M7T-PF8ZD ZG75H-FZF83-M8DLZ-4ZW5E-NP0W0 AV518-09FD0-48D1P-EMQEX-Z72C6 GG7W0-DAY5Q-0858Q-6GWZ9-W7RT8 CV512-FAW91-085NP-DMXQX-QLHAF AA7DU-APW15-H848Q-P5ZGZ-PCRC2 VU1N2-6DE5N-M8DLQ-AEMEV-XA2Z4 UV3NR-AMZ17-08EZP-9YQQE-MZAY8 GC75U-21E50-M8D5Q-K6YQX-W28V8 1F04Z-6D111-7Z029-AV0Q4-3AEH8 CZ7E2-2FY5P-08DUP-6XNXG-WPKE8
VMware Workstation 12.x	AG31K-0GD5P-08ERP-TEQZV-WG09A UA7T0-2HF5L-080FP-MMPZ9-PKAC6 VA3RR-4HF4Q-M89DY-G7PG9-PVUY2 ZG1TK-DQE8L-H882Q-PFW7G-ZC0EF YA5N8-DAFD1-085FY-RFZE9-N62U6 GZ1D0-8WZ93-H881Y-WGZGV-ZZ0A2 CY5HR-A0E94-489UZ-TZZX9-NPH9A FZ11A-F3YDK-084WZ-HYWZT-W30A8 5A02H-AU243-TZJ49-GTC7K-3C61N VF5XA-FNDDJ-085GZ-4NXZ9-N20E6 UC5MR-8NE16-H81WY-R7QGV-QG2D8 ZG1WH-ATY96-H80QP-X7PEX-Y30V4 AA3E0-0VDE1-0893Z-KGZ59-QGAVF

// Supported OS //

Windows 32-bit & 64-bit
Linux 32-bit & 64-bit

Sunday 21 May 2017

How was the WannaCry virus stopped?

The Spread:

Spread to host computer through exploits in network infrastructure (since patched).

Hold Drive Hostage:

Encrypt the user's entire drive, display a message to pay up for the encryption key.

Repeat.

So a cyber security analyst who was digging through code the worm uses to spread realized something. There was a website url that is referenced in a few places. He tried to go to the website, but found it didn't exist. So he bought the domain for $10 from a site like godaddy.com and forwarded it to a sinkhole server where it couldn't do damage.
Once he set this up, almost immediately he was getting thousands of connections a second.

What happened?

The code he edited basically (over simplified) said:

Try and connect to the website: qwhnamownflslwff.co
If the website doesn't exist, keep on spreading.
If the website exists, halt spreading of the malware.

It was essentially a kill-switch programmed in he accidentally stumbled upon.
Note: When we say the virus was "stopped", we are only talking about "The Spread"

linux - reverse engineering tool

Examine Browser Malware

Website analysis: Thug, mitmproxy, Network Miner Free Edition, curl, Wget, Burp Proxy Free Edition, Automater, pdnstool, Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py
Flash: xxxswf, SWF Tools, RABCDAsm, extract_swf, Flare
Java: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR
JavaScript: Rhino Debugger, ExtractScripts, SpiderMonkey, V8, JS Beautifier

Examine Document Files

PDF: AnalyzePDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, PDFtk, swf_mastah, qpdf, pdfresurrect
Microsoft Office: officeparser, pyOLEScanner.py, oletools, libolecf, oledump, emldump, MSGConvert, base64dump.py, unicode
Shellcode: sctest, unicode2hex-escaped, unicode2raw, dism-this, shellcode2exe

Extract and Decode Artifacts

Deobfuscate: unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, FLOSS
Extract strings: strdeobj, pestr, strings
Carving: Foremost, Scalpel, bulk_extractor, Hachoir

Handle Network Interactions

Sniffing: Wireshark, ngrep, TCPDump, tcpick
Services: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Inspire IRCd, OpenSSH, accept-all-ips
Miscellaneous network: prettyping.sh, set-static-ip, renew-dhcp, Netcat, EPIC IRC Client, stunnel, Just-Metadata

Process Multiple Samples

Maltrieve, Ragpicker, Viper, MASTIFF, Density Scout

Examine File Properties and Contents

Define signatures: YaraGenerator, IOCextractor, Autorule, Rule Editor, ioc-parser
Scan: Yara, ClamAV, TrID, ExifTool, virustotal-submit, Disitool
Hashes: nsrllookup, Automater, Hash Identifier, totalhash, ssdeep, virustotal-search, VirusTotalApi

Investigate Linux Malware

System: Sysdig, Unhide
Disassemble: Vivisect, Udis86, objdump
Debug: Evan�s Debugger (EDB), GNU Project Debugger (GDB)
Trace: strace, ltrace
Investigate: Radare 2, Pyew, Bokken, m2elf, ELF Parser

Edit and View Files

Text: SciTE, Geany, Vim
Images: feh, ImageMagick
Binary: wxHexEditor, VBinDiff
Documents: Xpdf

Examine Memory Snapshots

Volatility Framework, findaes, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool

Statically Examine PE Files

Unpacking: UPX, Bytehist, Density Scout, PackerID
Disassemble: objdump, Udis86, Vivisect
Find anomalies: Signsrch, pescanner, ExeScan, pev, Peframe, pedump
Investigate: Bokken, RATDecoders, Pyew, readpe.py, PyInstaller Extractor, DC3-MWCP

Investigate Mobile Malware

Androwarn, AndroGuard

Perform Other Tasks

ProcDOT, bashhacks, Docker, vtTool, REMnux Updater, Decompyle++

Install Additional Tools

Metasploit Framework is not installed on REMnux; however, you can run it as a Docker container if the need arises.
WIPSTER offers a web-based interface to several REMnux tools. You can easily install WIPSTER on REMnux by running the command install-wipster.
BinNavi is a tool for statically examining disassembled code. You can install it on REMnux by running the command install-binnavi.

Friday 19 May 2017

python - script count whatever you write there

this script help to check letter, number whatever even space button to write or past in terminal...

bydevilzlinux
byrockstardevil

print "this script made to check number of message you enter it."
print "\nthis script created by ROCK STAR DEVIL devilzlinux.blogspot.com"
print "\nthis script check space button too.."
message = raw_input("enter a message:")

print "\nThe length of the message is: ", len(message)

raw_input("\n\npress the enter key to exit" )

Wednesday 17 May 2017

wifijammer

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.
Requires: python 2.7, python-scapy, a wireless card capable of injection

Usage

Simple

python wifijammer.py

This will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifying all access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through.
Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses.

python wifijammer.py -a 00:0E:DA:DE:24:8E -c 2

Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP�s channel (2 in this case). This would mainly be an access point�s MAC so all clients associated with that AP would be deauthenticated, but you can also put a client MAC here to target that one client and any other devices that communicate with it.

Advanced

python wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d --world

-c, Set the monitor mode interface to only listen and deauth clients or APs on channel 1
-p, Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5 packets to the broadcast address of the AP
-t, Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like �no buffer space�)
-s, Do not deauth the MAC DL:3D:8D:JJ:39:52. Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them.
-d, Do not send deauths to access points� broadcast address; this will speed up the deauths to the clients that are found
--world, Set the max channel to 13. In N. America the max channel standard is 11, but the rest of the world uses 13 channels so use this option if you�re not in N. America

Walking/driving around

python wifijammer.py -m 10

The -m option sets a max number of client/AP combos that the script will attempt to deauth. When the max number is reached, it clears and repopulates its list based on what traffic it sniffs in the area. This allows you to constantly update the deauth list with client/AP combos who have the strongest signal in case you were not stationary. If you want to set a max and not have the deauth list clear itself when the max is hit, just add the -n option like: -m 10 -n
All options:

python wifijammer.py [-a AP MAC] [-c CHANNEL] [-d] [-i INTERFACE] [-m MAXIMUM] [-n] [-p PACKETS] [-s SKIP] [-t TIME INTERVAL]

Download Link: https://github.com/DanMcInerney/wifijammer

Autovpn � Easily connect to a VPN in a country of your choice

Download autovpn

autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate.

Compiling

First clone the repo and cd into the directory:

$ git clone https://github.com/adtac/autovpn
$ cd autovpn

Then run this to generate the executable:

$ go build autovpn.go

It�s Go. What do you expect?

Requirements

This requires openvpn. To install this on a yum-based distro:

$ sudo dnf install openvpn

If you�re on a apt-based distro:

$ sudo apt-get install openvpn

Tested and works on Fedora 23. Dunno about Windows. Patches welcome.

Usage

Simply run:

$ ./autovpn

and you�re done. You�ll be connected to a server in the US. Welcome to the US!
You can give a country if you want. For example, if you want to connect to a server in Japan:

$ ./autovpn JP

You may need superuser privileges. Don�t worry, I�m not running rm -rf --no-preserve-root / underneath. It�s for openvpn.

Contributing

All patches welcome!

Disclaimer

This is completely insecure. Please do not use this for anything important. Get a real and secure VPN. This is mostly a fun tool to get a VPN for a few minutes.

License

    autovpn - simple automatic VPN in a country of your choice
    Copyright (C) 2017  Adhityaa Chandrasekar

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

Scan website for vulnerabilities with Uniscan Kali Linux Tutorial

Scan website for vulnerabilities with Uniscan Kali Linux tut

Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities. To achieve this we will be using a tool called Uniscan.
This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.
Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)
What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.
Installing Uniscan

root@kali:~# apt-get install uniscan

listing usage: You can use command uniscan -h to list help options and display usage.

root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
    -h  help
    -u  <url> example: https://www.example.com/
    -f  <file> list of url's
    -b  Uniscan go to background
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
    -r  Enable Stress checks
    -i  <dork> Bing search
    -o  <dork> Google search
    -g  Web fingerprint
    -j  Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

Uniscan Usage Example
Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.

uniscan.pl -u http://www.example.com/ -qweds

Replace URL with target URL.
In this tutorial I will be running Uniscan using options � qwedsgj

uniscan.pl -u http://www.example.com/ -qwedsgj

What these options do.

    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks  
    -g  Web fingerprint
    -j  Server fingerprint

Uniscan GUI
Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.

uniscan-gui

Rollmac � Bypass Free Wifi Time & Data Restriction

Rollmac

Free networks often impose either a time or data restriction and this can be used quickly. When this happens you can change your mac address and reconnect, but this is annoying, and it takes time. In addition, most networks will ask you to re-accept the terms and conditions of the network in order to continue.

Rollmac � Bypass Free Wifi Time & Data Restriction

Rollmac is designed to automate this process by using the WPAD protocol to discover the login page and automatically re-accept the terms and conditions. It also maintains a watch of the network current usage and/or time limit to ensure it is never reached. This means you can run downloads overnight or while you are away from your computer, automatically rolling mac�s and reconnecting to the free network.
The entire operation usually takes about 10 seconds.
You may need to configure the script slightly to adjust to individual network specifics, however, Rollmac allows you to download massive amounts of data without user input by setting the conf file and leaving it running overnight.
DOWNLOAD ROLLMAC

https://github.com/violentshell/rollmac

The program is controlled by variables inside the conf.json file. Modify these to meet your network/host machine:

Set to network ssid (Must have matching profile in �netsh wlan show profiles�:

ssid = 'Free WiFi'

Set to data limit inMB or 99999999999 for ifinite:

MB_limit = 250

Set to time limit in mins or 99999999999 for infinite:

TIME_limit = 60

Set to your wireless interface name:

interface = 'Wireless Local Area Connection'

Set to the domain of the network you are joining (You can get it from ipconfig /all):

domain = 'freewifi.com'

You may want to change this value to 1 to stop ie/browser opening again on each reconnect:

# 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WPAD\WpadOverride'

then run python script in that file..

brut3k1t � Server Side Bruteforce Module

Brute-force (dictionary attack, jk) attack that supports multiple protocols and services http://ex0dus-0x.github.io

Introduction

brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:

ssh
ftp
smtp
XMPP
instagram
facebook

There will be future implementations of different protocols and services (including Twitter, Facebook, Instagram).

Installation

Installation is simple. brut3k1t requires several dependencies, although they will be installed by the program if you do not have it.

argparse � utilized for parsing command line arguments
paramiko � utilized for working with SSH connections and authentication
ftplib � utilized for working with FTP connections and authentication
smtplib � utilized for working with SMTP (email) connections and authentication
fbchat � utilized for connecting with Facebook
selenium � utilized for web scraping, which is used with Instagram (and later Twitter)
xmppy � utiized for XMPP connections �and more within the future!

Downloading is simple. Simply git clone.

git clone https://github.com/ex0dus-0x/brut3k1t

Change to directory:

cd /path/to/brut3k1t

Usage

Utilizing brut3k1t is a little more complicated than just running a Python file.

Typing python brut3k1t -h shows the help menu:

usage: brut3k1t.py [-h] [-s SERVICE] [-u USERNAME] [-w PASSWORD] [-a ADDRESS]
               [-p PORT] [-d DELAY]

Server-side bruteforce module written in Python

optional arguments:
-h, --help            show this help message and exit
-a ADDRESS, --address ADDRESS
                    Provide host address for specified service. Required
                    for certain protocols
-p PORT, --port PORT  Provide port for host address for specified service.
                    If not specified, will be automatically set
-d DELAY, --delay DELAY
                    Provide the number of seconds the program delays as
                    each password is tried

required arguments:
-s SERVICE, --service SERVICE
                    Provide a service being attacked. Several protocols
                    and services are supported
-u USERNAME, --username USERNAME
                    Provide a valid username for service/protocol being
                    executed
-w PASSWORD, --wordlist PASSWORD
                    Provide a wordlist or directory to a wordlist

Examples of usage:

Cracking SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.

python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt

The program will automatically set the port to 22, but if it is different, specify with -p flag.

Cracking email test@gmail.com with wordlist.txt on port 25 with a 3 second delay. For email it is necessary to use the SMTP server�s address. For e.g Gmail = smtp.gmail.com. You can research this using Google.

python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3

Cracking XMPP test@creep.im with wordlist.txt on default port 5222. XMPP also is similar to SMTP, whereas you will need to provide the address of the XMPP server, in this case creep.im.

python brut3k1t.py -s xmpp -a creep.im -u test -w wordlist.txt

Cracking Facebook is quite a challenge, since you will require the target user ID, not the username.

python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt

Cracking Instagram with username test with wordlist wordlist.txt and a 5 second delay

 python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5

KEY NOTES TO REMEMBER

If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um� web-based.
If you do not supply the delay -d flag, the default delay in seconds will be 1.
Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21. Please keep that in mind.
Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!

DOWNLOAD BRUT3K1T

Creating WordPress Admin Phishing Pages

Creating WordPress Admin Phishing Pages..

Hi welcome back today I will show you how to create WordPress phishing pages. Phishing is the practice of sending emails or fake pages in order to trick targets into unknowingly giving personal information such as passwords and credit and debit card numbers.

Phishing attacks are a Social Engineering method that relies solely on human error and trickery.

Scenario
Lets assume we are doing a Pentest on a popular WordPress website the admin has giving us permission to try and phish information from staff members without breaking into their WordPress or gaining information from the SQLDatabases. The site admin has spent 1000�s of dollar maintaining security of his website and believes it to be quite safe although he can�t be to sure that his staff members will compromise his website through human error.
A lot of people come to the conclusion that a user must be stupid or an idiot to fall for phishing pages. This is not the case with 1000�s of emails per day going to businesses and personal inboxs it can be quite easy to fall into the trap especially in shared inboxs with multiple staff reading and responding to messages. Phishing pages can look identical and very believable. However we don�t blame the targets as most have not had sufficient training. The Admins idea of the Pentest is not to make the staff users feel stupid for falling for the phishing pages but to educate them in order to prevent further attacks in the future.

We could use SEToolkit to clone a login page to the WordPress site but this can be unconventional if running listeners from long periods of time using the output PHP from WP-Phishing-Maker script we can store plain text, MySQL Databases etc. This Phishing method will require a Web server to host the files generated by the script.
Requirements

Linux based operating system
WP-Phishing-Maker

First of all Download WP-Phishing-Maker.

You can download WP-Phishing Maker from the following download location.

https://github.com/4TT4CK3R/WP-Phishing-Maker

First of all we need to navigate to the script directory using cd command (change directory).

For example

cd Desktop/WP-Phishing-Maker

Then we will need to make the WP-Phishing-Maker bash script executable we can do this by using command chmod.

chmod +x WP-Phishin-Master

Now the bash script is ready to run from the same directory run command.

bash WP-Phishing-Maker

Now that WP-Phishing-Maker has loaded use options 1. Start.

The script will then prompt for a output location this can be any directory you would like save the WordPress phishing page generated by WP-Phisher-Maker. I will create a new directory inside root.
Open up a new terminal and create an empty directory using mkdir command.

mkdir /Test

The script will now prompt for a WordPress website to clone as a phishing page.

Choose if target is using HTTP or HTTPS and press Enter when the script has finished generating WordPress phishing page you will see a message telling you that the pages have been completed and ready to use. . .

We can now upload the Php files generated by WP-Phishing-Maker to a Webhost.

We have uploaded the generated Php files from the bash scripts output directory to a shared webhost.
Demo (Don�t enter any personal information into this page.)

You will then be able to gather credentials in plain text and receive them from your FTP directory.
This tutorial is for educational purposes only attack websites you own or have permission to pentest on.
Thanks for supporting rockstardevil

FIX �Could not get lock /var/lib/dpkg/lock � Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

Fix �Could not get lock /var/lib/dpkg/lock � Resource temporarily unavailable) E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

You been installing packages or updating your repositories and you run in an error message from apt. �Could not get lock /var/lib/dpkg/lock� this error can become quite annoying to beginners don�t worry I will show you how to remove the lock from /var/lib/dpkg/lock this will remove the lock and allow us to continue installing software and resources from Kali Linux repositories.

E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

Method 1:
First open up a new terminal and use the following command to remove the lock.

rm /var/lib/dpkg/lock

If the lock does not remove first time repeat the process above. The screen shot below shows the process of removing the lock as you can see the lock did not remove the first time and I had to repeat the process.

Use dpkg �configure -a to force packages to reconfigure.

sudo dpkg --configure -a

Method 2:
Alternatively you could look up the suspected processes using commands below. By using ps and grep together to create a pipeline we can easily look up suspected packages.

ps -A | grep apt

And then killing all processes that can seen in the output in terminal first you will need to look up the processnum it will by listed by the side of the process then use the following commands to kill the processes.

sudo kill -6 processnum
Or we could alternatively use
sudo kill -SIGKILL processnum

I prefer using the first method by removing the Lock directly however use what ever method suits your situation best. Thanks for reading if you are still having trouble after reading the guide don�t hesitate to leave us a comment below.
Thanks for supporting rockstardevil

Saturday 13 May 2017

how to install saavn songs in SD card / extract mp3 from saavn

how to Extract MP3 from Saavn Songs..

steps 1> download saavan mod version from osmdroid from here -: https://osmdroid.net/saavn-pro-apk-cracked-mod-unlocked-hack/

---> steps to install saavan hack version

Instructions :

* Select which type of theme you want. (Original app theme is light)
* Install apk & LOGIN from facebook account ( if facebook login dos'nt work first time than try once again)

fix for "app not install error "

just rename the orginal apk name and again try to install

Extract MP3 from Saavn Songs

There are lot of music streaming apps in app stores now. Gaana, Spotify, Saavn, Wynk etc. Most of them also allows you to download the music so that you can hear it offline. But it can be played only in the app itself. You won't get it as MP3 files. Instead they store it encrypted as app's data. I was using Saavn these days and I found some mistakes they did that would actually allow to get the MP3 of the music. Here is how it is done.

First, they kept all the music files in the data folder in the internal memory which is obviously accessible from any file manager. Instead if they kept it inside the app's own data folder inside root folder it will not be accessible that easily. You will probably require root access to access it.

They may have done this intentionally because this will allow the user to move app data (including offline songs) to SD card so that user will not lose his internal memory for storing the songs.

So the song files are exposed. So can i play it in my favorite music player ? No. Because they have encrypted those files along with their file names. So you cannot identity which file is which song and you cannot directly play it also.

Now here comes the interesting part. When you start playing a downloaded song the app decrypts the file and names it as curr.mp3. Which means the currently playing file, may be.

They might have done this because they can avoid the burden of building their own music player by using the built in music player library of Android. But still the decoding process creates a delay in starting the playback of the song. Bad UX (User eXperience) !

Now i can copy the curr.mp3 to anywhere i want even if it is being used by the app. Thanks to the shadow copy function of linux that allows me to access a file at the same time it is being used in some other application. But you will need to rename the file yourself.

I will show you an example. Lets download Coldplay's Hymn For The Weekend. Let's party !

After downloading completes, play it.
Now open your file manager and goto Internal Memory � Android � data � com.saavn.android � songs.
I have downloaded lot of songs. 68 i think. I love'em all. In the list you can find curr.mp3. Try to play it. Nice and clean.
Okay devs. I think it is time to use some better strategies.
Anyway it is a nice app guys. I could find almost every song i love in that little app. Support them. Yaay !!!
byrockstardevil

Friday 12 May 2017

How to Organize Your Tools by Pentest Stages

In this tut i will give you steps for hacking ... steps how hacking work and how to find everything about victim .. in every steps i have mention soft which we need to used in kali linux ... you can learn about their work from this website or from other....

I like to organize tools based on the phases of a pentest. Then, in each directory, I will symlink to the tool itself (if it's a tool I don't use often), unless I built the tool from source in that directory. With tools installed via Homebrew or from a .pkg, it can help to maintain a copy of the readme file in the directory with the tool named something like $toolname.readme. This will help with more obscure tools, and it can also help by giving you a place to note things about the tool.

Phase 1: Reconnaissance

This is the information gathering stage, and can be either active or passive. The whole purpose of this phase is to learn�the more information you can gather on a target before the actual attack, the better.

Some examples of important information:

What is the target?
How do they operate?
What IP ranges do they have allocated?
What do they do for mail?
What do their DNS records show?
What subdomains do they have?
What's going on in their company?
Who works there?
How do they assign login names?
What's their password policy?
What do their networks look like?
Are any of the people who work there vulnerable to social engineering?
What are there valuable assets?
Where do they store valuable assets?

All of these are important questions, and it's just the tip of the iceberg. The more information you have going into the attack, the better off you are. Of course, the more information you gather, the more time you will have to spend analyzing it�unless you are working with a team, in which case you can divide the efforts. I keep OSINT (open-source intelligence) gathering tools here, as well as active recon tools. Some examples of tools that you might find in my ~/pentest/recon directory are:

theHarvester
birdwatcher
Nmap

Depending on how unwieldy the directory becomes, I might divide the tools into two categories: active and passive. Active recon tools actually send packets to the target, where as passive tools gather information without interacting with the target system(s).

Phase 2: Scanning & Enumeration

If we did Phase 1 properly, we should have a wealth of information, IP addresses, employee names and e-mail addresses, etc. The next phase is to begin scanning.
Not all of the information gathered will be fruitful, so we have to narrow down and hone into certain targets. We examine perimeter and internal network devices looking for weaknesses, and learn more about the systems they have in place, as well as the services those systems are running. We see what ports are open, look for firewalls, locate vulnerabilities, and detect operating systems.

Some examples of tools that fit this category:

Nmap
Nikto
WPScan

You'll notice that I've included Nmap in both Phase 1 and 2�there will be some intersection of tools in these phases.

Phase 3: Gaining Access

In this phase, we put the previous steps' information to use. We will have lots of data on our targets and some ideas on which hosts we'll be focusing on. We've researched out-of-date services and checked for vulnerabilities. We might launch a social engineering campaign and target some known vulnerable services on a host.

Some examples of tools that fit this category:

THC Hydra
Nmap
Armitage
Metasploit
SET (Social Engineering Toolkit)

Once again, Nmap make our list due to its scripting engine; it's a highly flexible tool. I included a brute-force tool even though we don't really want to be brute-forcing due to time constraints. Of course, it doesn't hurt to run brute-force in the background throughout the test, providing you can afford that level of noise on the target system.

Phase 4: Maintaining Access

Once we've compromised something, we want to maintain access to gather even more information. Stealth will play a roll here since we don't want to be discovered acting on the target host(s). This phase involves privilege escalation, RATs (remote access tools), root kits, etc. The goal is to be able to access the system whenever we want.

Some tools that might be in the maintaining access folder:

Metasploit
Shellter
Webshells

Metasploit makes the list again here, though really, it could be included in every phase of this list.

Phase 5: Covering Your Tracks

This can cover a wide variety of tools and actions. We want to alter (possibly corrupt) log files, delete any files we're not using on the system, clear our history, hide our maintaining access tools, etc. We don't want to leave any trace that we were there.

Making mistakes on a contracted pentest is just bad business. If you are accessing a system illegally, it can be even worse. Equation group actually messed up covering their tracks and their custom tools were put up for sale on the web. We'll want to keep our infected hosts to a minimum, use varied malware, and try to stay one step ahead of potential incident responders.
We could use Metasploit or ClearLogs to clear event logs, or we can just delete them with a simple text editor. We could also erase our commands history and shred the history file. For more information, make sure to check out the following guide.

Stay Organized

If we keep our tools organized, it will be easier to conduct a pentest in a reasonable amount of time. It is extremely important to be able to quickly evaluate what we need to use and when. In some cases, when attacks haven't been added to a tool yet, it maybe important to maintain a separate PoC folder, though many of these can be quickly located on the Exploit Database. By keeping our tools associated to phases, we're also able to transition through phases in a smooth fashion.